Note : Every method and tools mentioned here are for educative purpose only, never use it for any evil purpose please.
Always remember Creating is cool, destroying is cowardliness.
Welcome to a short guide on performing low bandwidth HTTP flooding attack using slowloris script by RSanke.
slow loris is a perl script designed to execute low bandwidth HTTP attacks on HTTP servers by identifying time-outs of server.
The advantage of using slowloris is that, it is designed to work using low bandwidth i.e a single PC with multiple instances of scripts can flood the server and the added advantage is that, the server can be resumed back to normal within seconds when the script is stopped. Thus making it a great tool for learning flood attacks.
How to use slowloris script –
1. Make sure you have perl in your system, UNIX/LINUX PC is recommended and Windows has a limit for sockets.
2.To find the time out of a server,
./slowloris.pl -dns www.example.com -port 80 -test
3.Once you find a timeout window, you can tune Slowloris to use certain timeout windows. For instance, if you know that the server has a timeout of 3000 seconds, but the the connection is fairly latent you may want to make the timeout window 2000 seconds and increase the TCP timeout to 5 seconds. The following example uses 500 sockets. Most average Apache servers, for instance, tend to fall down between 400-600 sockets with a default configuration. Some are less than 300. The smaller the timeout the faster you will consume all the available resources as other sockets that are in use become available – this would be solved by threading, but that’s for a future revision. The closer you can get to the exact number of sockets, the better, because that will reduce the amount of tries (and associated bandwidth) that Slowloris will make to be successful.
./slowloris.pl -dns www.example.com -port 80 -timeout 2000 -num 500 -tcpto 5
4.HTTPReady Bypass for server with HTTPReady
HTTPReady only follows certain rules so with a switch Slowloris can bypass HTTPReady by sending the attack as a POST verses a GET or HEAD request with the -httpready switch.
HTTPReady Bypass Example:
./slowloris.pl -dns www.example.com -port 80 -timeout 2000 -num 500 -tcpto 5 -httpready
5. Stealth Host DoS
If you know the server has multiple webservers running on it in virtual hosts, you can send the attack to a seperate virtual host using the -shost variable. This way the logs that are created will go to a different virtual host log file, but only if they are kept separately.
Stealth Host DoS Example:
./slowloris.pl -dns www.example.com -port 80 -timeout 30 -num 500 -tcpto 1 -shost www.virtualhost.com
6. HTTPS DoS
Slowloris does support SSL/TLS on an experimental basis with the -https switch. The usefulness of this particular option has not been thoroughly tested, and in fact has not proved to be particularly effective in the very few tests I performed during the early phases of development. Your mileage may vary.
HTTPS DoS Example:
./slowloris.pl -dns www.example.com -port 443 -timeout 30 -num 500 -https
7. HTTP Cache
Slowloris does support cache avoidance on an experimental basis with the -cache switch. Some caching servers may look at the request path part of the header, but by sending different requests each time you can abuse more resources. The usefulness of this particular option has not been thoroughly tested. Your mileage may vary.
HTTP Cache Example:
./slowloris.pl -dns www.example.com -port 80 -timeout 30 -num 500 -cache
Servers affected (Not limited to):
WebSense “block pages” (unconfirmed)
Trapeze Wireless Web Portal (unconfirmed)
Verizon’s MI424-WR FIOS Cable modem (unconfirmed)
Verizon’s Motorola Set-Top Box (port 8082 and requires auth – unconfirmed)
BeeWare WAF (unconfirmed)
Deny All WAF (unconfirmed)
Server’s not affected :
Cherokee (verified by user community)
Cisco CSS (verified by user community)
You can find more information about slowloris, inside the script.
Download slowloris from here.[display_adsense ad_type=”300×250″]