[New Tool] SlowHTTPTest v1.6 – DoS Attacks Released
SlowHTTPTest is a highly configurable tool that simulates some Application Layer Denial of Service attacks. It works on majority of Linux platforms, OSX and Cygwin – a Unix-like environment and command-line interface for Microsoft Windows.
It implements most common low-bandwidth Application Layer DoS attacks, such as slowloris, Slow HTTP POST, Slow Read attack (based on TCP persist timer exploit) by draining concurrent connections pool, as well as Apache Range Header attack by causing very significant memory and CPU usage on the server.
Slowloris and Slow HTTP POST DoS attacks rely on the fact that the HTTP protocol, by design, requires requests to be completely received by the server before they are processed. If an HTTP request is not complete, or if the transfer rate is very low, the server keeps its resources busy waiting for the rest of the data. If the server keeps too many resources busy, this creates a denial of service. This tool is sending partial HTTP requests, trying to get denial of service from target HTTP server.
SlowHTTPTest version1.6 includes all the small bug fixes that were sitting in SVN for over a year, usability improvements and better reporting.
Changelog v1.6
- CLI got funny colors and less scrolling for better perception
- HTML reports look prettier
- Help screen is finally readable
Full Changelog: here
More Information:
Thanks to our friend Sergey Shekyan, for sharing this tool with us.