Slow HTTP DoS vulnerability test tool
Posted on 29 August 2011.
Bookmark and Share
Slow HTTP DoS attacks rely on the fact that the HTTP protocol, by design, requires requests to be completely received by the server before they are processed.


If an HTTP request is not complete, or if the transfer rate is very low, the server keeps its resources busy waiting for the rest of the data. If the server keeps too many resources busy, this creates a denial of service.

Slowhttptest is sending partial HTTP requests, trying to get a denial of service from the target HTTP server.

This tool actively tests if it's possible to acquire enough resources on an HTTP server by slowing down requests to get denial of service at the application layer.

Slowhttptest is configurable to allow users to test different types of slow http scenarios. Supported features are:
  • Slowing down either the header or the body section of the request
  • Any HTTP verb can be used in the request
  • Configurable Content-Length header
  • Random size of follow-up chunks, limited by optional value
  • Random header names and values
  • Random message body data
  • Configurable interval between follow-up data chunks
  • Support for SSL
  • Support for hosts names resolved to IPv6
  • Verbosity levels in reporting
  • Connection state change tracking
  • Variable connection rate
  • Detailed statistics available in CSV format and as a chart generated as HTML file using Google Chart Tools.
The author of the project is Sergey Shekyan, Developer Web Application Scanning at Qualys.





Spotlight

Attackers use reflection techniques for larger DDoS attacks

Posted on 17 April 2014.  |  Instead of using a network of zombie computers, newer DDoS toolkits abuse Internet protocols that are available on open or vulnerable servers and devices. This approach can lead to the Internet becoming a ready-to-use botnet for malicious actors.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Apr 18th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //