{"id":315,"date":"2018-07-23T20:00:09","date_gmt":"2018-07-23T12:00:09","guid":{"rendered":"http:\/\/note.systw.net\/note\/?p=315"},"modified":"2025-07-27T18:25:48","modified_gmt":"2025-07-27T10:25:48","slug":"315","status":"publish","type":"post","link":"https:\/\/systw.net\/note\/archives\/315","title":{"rendered":"slowhttptest"},"content":{"rendered":"\n

slowhttptest<\/h3>\n

Application Layer DoS attacks tool
\nsupport below
\n\u3000* slowloris, Slow HTTP POST, Slow Read attack (concurrent connections consumption)
\n\u3000* Apache Range Header attack ( memory and CPU consumption, CVE-2011-3192)
\nrefer
\nhttps:\/\/code.google.com\/p\/slowhttptest\/
\nSlow Read DoS attack explained
\nhttp:\/\/www.xlgps.com\/article\/53972.html<\/p>\n

\u00a0<\/p>\n

Download<\/h3>\n

https:\/\/code.google.com\/p\/slowhttptest\/downloads\/list<\/p>\n

Installation<\/h3>\n
$ tar -xzvf slowhttptest-x.x.tar.gz\n$ cd slowhttptest-x.x\n$ .\/configure --prefix=< PREFIX>\n$ make\n$ sudo make install\n<\/code><\/pre>\n
test your tool<\/h3>\n
$< PREFIX>\/bin\/slowhttptest\n<\/code><\/pre>\n
\u00a0<\/p>\n
\n
\u57fa\u672c\u653b\u64ca<\/h2>\n
1.choose attack type<\/h3>\n
-B:<\/strong> enables slow POST test
\n-H:<\/strong> enables slow head test
\n-X:<\/strong> enables slow read test
\n-R:<\/strong> enables range test<\/p>\n
2.choose target<\/h3>\n
-u < URL> :target URL, format is http[s]:\/\/< host [:port] ><\/p>\n
ex:\n-u https:\/\/myseceureserverl\n<\/code><\/pre>\n
3.choose basic paramater<\/h3>\n
-c < number> :<\/strong> number of connections , limited to 65539, default 50
\n-r < number> :<\/strong> connections per second connection rate, default 50
\nps:\u6709\u4e9blinux\u672c\u8eab\u6703\u9650\u52364000\u500b\u9023\u7dda,\u82e5\u5de5\u5177\u8d85\u904e\u6b64\u6578\u503c\u4e00\u6a23\u50c5\u4f7f\u75284000\u9023\u7dda,\u82e5\u975e\u5c07linux\u9650\u5236\u89e3\u9664
\nex: ulimit -n 65535<\/p>\n
refer
\nhttps:\/\/github.com\/shekyan\/slowhttptest\/wiki\/InstallationAndUsage<\/p>\n
\u00a0<\/p>\n
optinoal. paramater for information<\/h3>\n
-p < sec> :<\/strong> seconds timeout to wait for HTTP response on probe connection, after which server is considered inaccessible, default 5<\/p>\n
-g :<\/strong> generate statistics in CSV and HTML formats, pattern is slow_xxx.csv\/html, where xxx is the time and date<\/p>\n
-o < string><\/strong> ex: -o my_body_stats<\/p>\n
-v < level><\/strong>
\nlevel1: default, every 5 seconds showing status of connections
\nlevel4: full traffic dump<\/p>\n
\u00a0<\/p>\n
other paramater<\/h3>\n
-l < sec>:<\/strong> test duration in seconds, default 240
\n-t < custom string>:<\/strong> verb custom verb to use\nex: -t FAKEVERB<\/p>\n
\u4ee3\u7406\u4f3a\u670d\u5668<\/h3>\n
-d < proxy host>:<\/strong> for directing all traffic through web proxy
\n-e < proxy host>:<\/strong> for directing only probe traffic through web proxy<\/p>\n
\u00a0<\/p>\n
\n
\u6307\u5b9a\u9032\u968e\u653b\u64ca post or header attack<\/h2>\n
\u6bcf\u9694\u5e7e\u79d2\u9001\u4e00\u6b21\u8cc7\u6599<\/h4>\n
-i < sec> :<\/strong> interval between follow up data per connection, default 10<\/p>\n
ex:\n-i 100\nInterval between follow up data 100 seconds\n<\/code><\/pre>\n
\u6307\u5b9abody\u4e00\u6b21\u9001\u51fa\u7684\u8cc7\u6599\u91cf<\/h4>\n
-x < byte> :<\/strong> max length of follow up data<\/p>\n
ex:\n-x 1 or -x 2\nTest parameters: follow up data max size: 8\n-x 3\nTest parameters: follow up data max size: 10\n-x 24\nTest parameters: follow up data max size: 52\n<\/code><\/pre>\n
ps:
\nhead\u7522\u751f\u7684\u6700\u5f8c\u503c\u662f\u8f38\u5165\u503c2+4
\npost\u7522\u751f\u7684\u6700\u5f8c\u503c\u662f\u8f38\u5165\u503c<\/em>2+2
\nps:
\n\u6700\u5f8c\u5be6\u969b\u8207\u76ee\u6a19\u5354\u5546\u5f8c\u7684\u503c\u9084\u6703\u8b8a\uff0c\u6b64\u503c\u50c5\u4f9b\u53c3\u8003<\/p>\n
\u00a0<\/p>\n
\u6307\u5b9apost body\u9577\u5ea6<\/h4>\n
-s < byte> :<\/strong> Content-Length header value, default 4096 , if -B specified
\nps: header\u4e0d\u9069\u7528, \u56e0\u70ba\u9810\u8a2d\u6703\u4e00\u76f4\u50b3( \u4e5f\u5c31\u662f\u4e0d\u50b3\u9001\u7d50\u675f\u5b57\u5143\/r\/n)<\/p>\n
\u00a0<\/p>\n
post\u548cheader\u653b\u64ca\u7bc4\u4f8b<\/h4>\n
message body mode (post)\nex:\nslowhttptest -c 1000 -B -i 10 -r 200 -s 8192 -t FAKEVERB -u https:\/\/myseceureserverl -x 10 -p 3\n\nslowloris mode (header)\nex:\nslowhttptest -c 1000 -H -i 10 -r 200 -t GET -u https:\/\/myseceureserver -x 24 -p 3\n<\/code><\/pre>\n
\u00a0<\/p>\n
\n
\u6307\u5b9a\u9032\u968e\u653b\u64ca read attack<\/h2>\n
\u6307\u5b9awindows size\u96a8\u6a5f\u7bc4\u570d<\/p>\n
-w < byte> :<\/strong> bytes start of range the advertised window size would be picked from
\n-y < byte> :<\/strong> bytes end of range the advertised window size would be picked from<\/p>\n
ex:\n-w 10 -y 20 would make below\nreceive window range: 10 - 20\n<\/code><\/pre>\n
ps:\n\u6b64\u503c\u548c\u76ee\u6a19\u5354\u5546\u5f8c\uff0c\u6700\u5f8c\u7684\u503c\u6703\u4e0d\u540c<\/p>\n
-n < sec> :<\/strong> seconds interval between read operations from receive buffer, default=1
\n-z < bytes> :<\/strong> to read from receive buffer with single read() operation, default=5<\/p>\n
ex:  \n-z 32 -n 5 would make below\nread rate from receive buffer: 32 bytes \/ 5 sec\n<\/code><\/pre>\n
-k < number> :<\/strong> pipeline factor number of times to repeat the request in the same connection for slow read test if server supports HTTP pipe-lining.
\nserver\u8981\u5148\u652f\u63f4\u6b64\u529f\u80fd<\/p>\n
ex:\n-k 10\nTest parameters: Pipeline factor 10\n<\/code><\/pre>\n
ps:
\nPipelined Connections : \u5728\u4e00\u500bconnection \u4e2d\u540c\u6b65\u767c\u9001 HTTP requests HTTP 1.1 \u5141\u8a31\u5728 persistent connections\u4f7f\u7528 Pipelining\uff0c\u5728 response \u56de\u4f86\u524d\uff0c\u5c31\u5148\u767c\u9001\u591a\u500brequest\uff0c\u5728 high-latency \u7684\u7db2\u8def\u74b0\u5883\u4e2d\u53ef\u4ee5\u5927\u5927\u6539\u5584\u6548\u80fd\u3002
\nrefer( https:\/\/ihower.tw\/blog\/archives\/1517 )<\/p>\n
\u00a0<\/p>\n
read\u653b\u64ca\u7bc4\u4f8b<\/h4>\n
slow read\nex:\nslowhttptest -c 1000 -X -r 1000 -w 10 -y 20 -n 5 -z 32 -u http:\/\/someserver -p 5 -l 350\n\nslow read mode with probing through proxy\nex:\nslowhttptest -c 1000 -X -r 1000 -w 10 -y 20 -n 5 -z 32 -u http:\/\/someserver -p 5 -l 350 -e x.x.x.x:8080\n<\/code><\/pre>\n
\u00a0<\/p>\n
\n
\u653b\u64ca\u756b\u9762\u5982\u4e0b\uff1a<\/h3>\n
SLOW BODY<\/p>\n
Test parameters\nTest type SLOW BODY\nNumber of connections 6000\nVerb POST\nContent-Length header value 4096\nExtra data max length14\nInterval between follow up data 30 seconds\nConnections per seconds 200\nTimeout for probe connection 3\nTarget test duration240 seconds\nUsing proxy no proxy\n<\/code><\/pre>\n
SLOW HEADERS<\/p>\n
Test parameters\nTest type SLOW HEADERS\nNumber of connections 6000\nVerb GET\nContent-Length header value 4096\nExtra data max length 52\nInterval between follow up data 10 seconds\nConnections per seconds 200\nTimeout for probe connection 3\nTarget test duration 240 seconds\nUsing proxy no proxy\n<\/code><\/pre>\n
SLOW READ<\/p>\n
Test parameters\nTest type SLOW READ\nNumber of connections 6000\nReceive window range 5 - 15\nPipeline factor 1\nRead rate from receive buffer 10 bytes \/ 3 sec\nConnections per seconds 200\nTimeout for probe connection 10\nTarget test duration 240 seconds\nUsing proxy no proxy\n<\/code><\/pre>\n<\/div>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[369],"tags":[3],"class_list":["post-315","post","type-post","status-publish","format-standard","hentry","category-red-team","tag-tool"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/315","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/comments?post=315"}],"version-history":[{"count":1,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/315\/revisions"}],"predecessor-version":[{"id":2418,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/315\/revisions\/2418"}],"wp:attachment":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/media?parent=315"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/categories?post=315"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/tags?post=315"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}