Admin: /* slowhttptest */

2016-08-29T04:46:11Z

slowhttptest

← Older revision		Revision as of 04:46, 29 August 2016
Line 23:		Line 23:
	This is a Python script that implements the SlowLoris attack with a fixed number of threads opening connections with the web server. This will completely swamp, e.g., an Apache server on a single machine.		This is a Python script that implements the SlowLoris attack with a fixed number of threads opening connections with the web server. This will completely swamp, e.g., an Apache server on a single machine.

	==slowhttptest==		NOTE: there is another tool called slowhttptest capable of performing this style of attack. Nicer frontend, more options. slowdeath is a simple get-it-done PoC Python script.

	~~See the section below about slowhttptest for a nicer~~ frontend ~~with~~ more options. ~~What~~ is ~~covered below is some~~ simple ~~and straightforward~~ Python.

	==Before==		==Before==

Admin: /* DoS */

2016-08-29T04:43:36Z

DoS

← Older revision		Revision as of 04:43, 29 August 2016
Line 60:		Line 60:

	==DoS==		==DoS==

			{{HTTPDoSFlag}}

	{{DoSFlag}}		{{DoSFlag}}

Admin: Created page with "The SlowLoris attack is a Denial of Service DoS attack on HTTP servers. =SlowLoris DoS Attack= SlowLoris that opens a (large) fixed number of connections to send a paylo..."

2016-08-29T04:41:30Z

Created page with "The SlowLoris attack is a Denial of Service DoS attack on HTTP servers. =SlowLoris DoS Attack= SlowLoris that opens a (large) fixed number of connections to send a paylo..."

New page

The SlowLoris attack is a Denial of Service [[DoS]] attack on HTTP servers.

=SlowLoris DoS Attack=

SlowLoris that opens a (large) fixed number of connections to send a payload of a specified size, then proceeds to twiddle its thumbs.

Slowloris is basically an HTTP Denial of Service attack that affects threaded servers.

We start making lots of HTTP requests.

We send headers periodically (every ~15 seconds) to keep the connections open.

We never close the connection unless the server does so. If the server closes a connection, we create a new one keep doing the same thing.

This exhausts the servers thread pool and the server can't reply to other people.

This is the computer networking equivalent of when you go to the bank, and just before you get to the teller window, a little old lady with a giant sack of pennies says "I'd like to deposit $573 in pennies. 1... 2... 3... 4... 5..." Except, an army of old ladies showing up in front of every teller window.

==Slow Death Script==

https://github.com/evert/slowdeath

This is a Python script that implements the SlowLoris attack with a fixed number of threads opening connections with the web server. This will completely swamp, e.g., an Apache server on a single machine.

==slowhttptest==

See the section below about slowhttptest for a nicer frontend with more options. What is covered below is some simple and straightforward Python.

==Before==

Here's what you should see before the attack when you punch in the IP address of the Metasploitable machine:

[[Image:SlowDeath_PreAttack.png|500px]]

(Note that here the machine is at 192.168.56.101 - a set up that corresponds to creating a host-only network adapter for the VirutalBox. That means we'll be creating a network and only virtual machines on the host computer will be able to see the network.)

==Running==

To use slowdeath:

<pre>
# python slowdeath.py -t 200 http://192.168.56.101
</pre>

This will open 200 simultaneous connections and send data very, very slowly over those 200 connections.

==During/After==

This swamps the server temporarily, and anyone visiting 192.168.56.101 in the browser will experience a denial of service:

[[Image:SlowDeath_DOS.png|500px]]

This will continue to open new connections as existing connections die:

[[Image:SlowDeath_Reopen.png|500px]]

Once the attack is killed, everything is back to normal.

=Flags=

==DoS==

{{DoSFlag}}

SlowLoris - Revision history

Admin: /* slowhttptest */

Admin: /* DoS */

Admin: Created page with "The SlowLoris attack is a Denial of Service DoS attack on HTTP servers. =SlowLoris DoS Attack= SlowLoris that opens a (large) fixed number of connections to send a paylo..."