SlowHTTPTest是模拟一些应用层拒绝服务攻击的高度可配置的工具。它适用于绝大多数的Linux平台,OSX和Cygwin - 一个类Unix环境和命令行界面的Microsoft Windows。 它通过引起非常显著内存实现了最常见的低带宽应用层DoS攻击,如slowloris,慢速HTTP POST,慢读的攻击(基于TCP坚持定时漏洞)通过排泄并发连接池,以及Apache的范围头攻击CPU使用率在服务器上。 Slowloris和慢速的HTTP POST DoS攻击依赖这样的事实:在HTTP协议,在设计上,需要被完全由服务器接收处理之前的请求。如果HTTP请求是不完整的,或者,如果传送速率是很低的,服务器保持其资源忙等待数据的其余部分。如果服务器保持太多的资源忙,这造成拒绝服务。该工具发送部分的HTTP请求,试图从目标HTTP服务器拒绝服务。 资料来源:

SlowHTTPTest首页 | 卡利SlowHTTPTest回购

  • 作者:shekyan
  • 许可:Apache 2.0的

    0x01 包含在slowhttptest包工具

    slowhttptest - 一个工具来测试缓慢的HTTP拒绝服务漏洞

    :~# slowhttptest -h
    slowhttptest, a tool to test for slow HTTP DoS vulnerabilities - version 1.6
    Usage: slowhttptest [options ...]
    Test modes:
    -H               slow headers a.k.a. Slowloris (default)
    -B               slow body a.k.a R-U-Dead-Yet
    -R               range attack a.k.a Apache killer
    -X               slow read a.k.a Slow Read
    Reporting options:
    -g               generate statistics with socket state changes (off)
    -o file_prefix   save statistics output in file.html and file.csv (-g required)
    -v level         verbosity level 0-4: Fatal, Info, Error, Warning, Debug
    General options:
    -c connections   target number of connections (50)
    -i seconds       interval between followup data in seconds (10)
    -l seconds       target test length in seconds (240)
    -r rate          connections per seconds (50)
    -s bytes         value of Content-Length header if needed (4096)
    -t verb          verb to use in request, default to GET for
                     slow headers and response and to POST for slow body
    -u URL           absolute URL of target (http://localhost/)
    -x bytes         max length of each randomized name/value pair of
                     followup data per tick, e.g. -x 2 generates
                     X-xx: xx for header or &xx=xx for body, where x
                     is random character (32)
    Probe/Proxy options:
    -d host:port     all traffic directed through HTTP proxy at host:port (off)
    -e host:port     probe traffic directed through HTTP proxy at host:port (off)
    -p seconds       timeout to wait for HTTP response on probe connection,
                     after which server is considered inaccessible (5)
    Range attack specific options:
    -a start        left boundary of range in range header (5)
    -b bytes        limit for range header right boundary values (2000)
    Slow read specific options:
    -k num          number of times to repeat same request in the connection. Use to
                    multiply response size if server supports persistent connections (1)
    -n seconds      interval between read operations from recv buffer in seconds (1)
    -w bytes        start of the range advertised window size would be picked from (1)
    -y bytes        end of the range advertised window size would be picked from (512)
    -z bytes        bytes to slow read from receive buffer with single read() call (5)

    0x02 slowhttptest用法示例

    使用1000连接 (-c 1000) 与Slowloris模式 (H), 并生成 统计(-g> 与输出文件名 ​​(-o slowhttp), 用10秒的等待数据 (-i 10),200 连接 (-R 200)GET 请求 (-t GET) 针对目标 URL(-u 用最多为24 字节 (-x 24)和 3秒的时间长度的出 (-p 3):

 :~# slowhttptest -c 1000 -H -g -o slowhttp -i 10 -r 200 -t GET -u -x 24 -p 3
Sat May 17 10:45:26 2014:
Sat May 17 10:45:26 2014:
    slowhttptest version 1.6
 - -
test type:                        SLOW HEADERS
number of connections:            1000
verb:                             GET
Content-Length header value:      4096
follow up data max size:          52
interval between follow up data:  10 seconds
connections per seconds:          200
probe connection timeout:         3 seconds
test duration:                    240 seconds
using proxy:                      no proxy 
Sat May 17 10:45:26 2014:
slow HTTP test status on 0th second:
initializing:        0
pending:             1
connected:           0
error:               0
closed:              0
service available:   YES


results matching ""

    No results matching ""