Slow Loris
Slowloris is a utility (originally written in perl) that can be used to exploit a flaw in many webservers (the most vulnerable are listed in the article on ha.ckers.org), allowing you to perform a de facto "SYN flood over HTTP."[1]
Concept[edit]
The ha.ckers.org article that revealed Slowloris explains its function as follows:[2]
Slowloris holds connections open by sending partial HTTP requests. It continues to send subsequent headers at regular intervals to keep the sockets from closing. In this way webservers can be quickly tied up. In particular, servers that have threading will tend to be vulnerable, by virtue of the fact that they attempt to limit the amount of threading they'll allow. Slowloris must wait for all the sockets to become available before it's successful at consuming them, so if it's a high traffic website, it may take a while for the site to free up it's sockets. So while you may be unable to see the website from your vantage point, others may still be able to see it until all sockets are freed by them and consumed by Slowloris. This is because other users of the system must finish their requests before the sockets become available for Slowloris to consume. If others re-initiate their connections in that brief time-period they'll still be able to see the site. So it's a bit of a race condition, but one that Slowloris will eventually always win - and sooner than later.
Utility Downloads[edit]
Slowloris.pl (Original Program)[edit]
Slowloris.pl is the original utility (written in Perl).
USAGE[edit]
A common usage example:
perl slowloris.pl -dns www.president.ir -port 80 -timeout 500 -num 2000
Slowloris.pl can be obtained at the following addresses:
TACTICAL PITFALLS:
- Some marks may have blocked the User Agent that Slowloris.pl uses.
- To remedy this, modify the User-Agent variables to another valid User Agent.
- Usage on Windows is not guaranteed to work, as some versions throttle the use of sockets.
- To avoid and work around this pitfall, either dual-boot a Linux installation or use a virtual operating system (exempli gratia: VirtualBox or VMWare).
QSlowLoris[edit]
QSlowLoris is a C++ program that uses Qt libraries to execute the methods used by Slowloris.pl. TACTICAL ADVANTAGES:
- QSlowLoris' graphical user interface makes this program easy to use by all insurgents.
TACTICAL PITFALLS:
- Usage on Windows is not guaranteed to work, as some versions throttle the use of sockets.
- To avoid and work around this pitfall, either dual-boot a Linux installation or use a virtual operating system (exempli gratia: VirtualBox or VMWare).
To acquire QSlowLoris, visit the proceeding download pages:
PyLoris[edit]
PyLoris is a Python implementation of the Slowloris concept. It allows an insurgent to specify the bandwidth for the connection, as well as how large each request is.
USAGE[edit]
Common usage:
python pyloris-1.7.py -l -r POST -s 500000 -g "/fa/pages/?cid=407" www.gerdab.ir \ -u "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/2.0.172.31 Safari/530.5"
PyLoris can be obtained via the following resources:
TACTICAL PITFALLS:
- Usage on Windows is not guaranteed to work, as some versions throttle the use of sockets.
- To avoid and work around this pitfall, either dual-boot a Linux installation or use a virtual operating system (exempli gratia: VirtualBox or VMWare).
Further Reading[edit]
Documentation[edit]
 |
Slow Loris is part of a series on Tools. |
