search

shekyan / slowhttptest

Application Layer DoS attack simulator
Apache License 2.0
1.5k stars 301 forks source link

Slow HTTP and Slow Post not working as slowloris or rudy #30

Closed Jajkanu closed 8 years ago

Jajkanu commented 8 years ago

Hi,

I am installed slowhttptest,

In link: https://blog.qualys.com/securitylabs/2011/08/25/new-open-source-tool-for-slow-http-attack-vulnerabilities

says slowloris has lost of generated headers, each of headers has time delay before post.

I am watching your script via netcat server, your code only send standart headers not generated headers.

And also slowpost mode only send foo=bar not generated lots of post

Thanks

shekyan commented 8 years ago

I am not sure how are you using netcat. Run slowhttptest with -v 4 to see requests that are going out. Note that slowHTTPTest is first firing a probe connection which is repeated every 5 seconds or whatever is specified in -p argument. For example, with a netcat script I am running: slowHTTPTest with default options: src/slowhttptest -H -v 4 -u http://127.0.0.1:5432 -c 1 sends the following, with a default delay between each header be 10 seconds. 

GET / HTTP/1.1
Host: 127.0.0.1:5432
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.152 Safari/537.36Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.75.14 (KHTML, like Gecko) Version/7.0.3 Safari/537.75.14
Referer: https://github.com/shekyan/slowhttptest/
X-V2YBaUHjo3JlKb: TumnSvur1uzhYYi56b0rdVlsWSM
X-aOzKuvl: jEkKH9Jhd
X-ABD6HiQBD9dDTUzsDdYhCrnoYDX3B: c1Ywy5X1s51l1mXzEH8
X-MfNz2t8FSg0HylbaKQfMKo5RgFmtMd: OmT9SM6cRiHTI2iQcMxuanZdCdI
X-oMVag5a: ab2J
X-JqcJpgKV2C6MF4kRbp9c96l7AULVg: MRKoedgxPbrKjlI1gwU8k2qp4
X-i9hVpHmcJQXePI9eWaJetA15e: YYM8DAR6O9tK4doxMaPXPzlGSvJZtl
X-OnwF: awT8BpYwW0xvac
X-78RlKPJG2EcLMTcNSvzuUvhl: LjM38aoi0AtGrMBtez
X-WcuQvQGpjzPmYMUKIUxb02KaUoN: Xe8B

looks pretty random to me.

As about slowPOST, it sends as much data as you want. With default settings, it sends a chunk of data separated by & into the POST body every 10 seconds:

POST / HTTP/1.1
Host: 127.0.0.1:5432
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoAppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Referer: https://github.com/shekyan/slowhttptest/
Content-Length: 4096
Content-Type: application/x-www-form-urlencoded
Accept: text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Connection: close

foo=bar&Ebidd1Dst9kKifO5DCleUxu4Y=35D5Dsdu8WGj&QRHnvpWSnjfaiFawuN3OcBAHLdx=YZXk4DF043KeJLAszibXx6g&gjTbO8j105ixCCLAQ1VZ120J=kEPRVWiJ6K0Qs3OweYP30sZ2E0&O=8GD5ydzFtxoH86EUUAfaPL

You can run netcat in this or similar way to accept more than one connetction:

nc -kl 127.0.0.1 5432 -c 'echo -e "HTTP/1.1 200 OK\r\n$(date)\r\n\r\n";echo "<p>ssap?</p>"'