2016-11-10 16:47:39 +00:00
|
|
|
# slowloris.py - Simple slowloris in Python
|
2015-05-30 09:21:22 +00:00
|
|
|
|
2016-11-10 16:47:39 +00:00
|
|
|
## What is Slowloris?
|
2015-05-30 09:21:22 +00:00
|
|
|
Slowloris is basically an HTTP Denial of Service attack that affects threaded servers. It works like this:
|
|
|
|
|
|
|
|
|
|
1. We start making lots of HTTP requests.
|
|
|
|
|
2. We send headers periodically (every ~15 seconds) to keep the connections open.
|
|
|
|
|
3. We never close the connection unless the server does so. If the server closes a connection, we create a new one keep doing the same thing.
|
|
|
|
|
|
|
|
|
|
This exhausts the servers thread pool and the server can't reply to other people.
|
|
|
|
|
|
2016-11-10 16:47:39 +00:00
|
|
|
## How to install and run?
|
2015-05-30 09:21:22 +00:00
|
|
|
|
|
|
|
|
You can clone the git repo or install using **pip**. Here's how you run it.
|
|
|
|
|
|
|
|
|
|
* `sudo pip3 install slowloris`
|
2016-11-10 16:47:39 +00:00
|
|
|
* `slowloris example.com`
|
2015-05-30 09:21:22 +00:00
|
|
|
|
|
|
|
|
That's all it takes to install and run slowloris.py.
|
|
|
|
|
|
|
|
|
|
If you want to clone using git instead of pip, here's how you do it.
|
|
|
|
|
|
|
|
|
|
* `git clone https://github.com/gkbrk/slowloris.git`
|
|
|
|
|
* `cd slowloris`
|
2016-11-10 16:47:39 +00:00
|
|
|
* `python3 slowloris.py example.com`
|
2015-05-30 09:21:22 +00:00
|
|
|
|
2016-11-10 16:47:39 +00:00
|
|
|
## Configuration options
|
|
|
|
|
It is possible to modify the behaviour of slowloris with command-line arguments.
|
2015-05-30 09:21:22 +00:00
|
|
|
|
2016-11-10 16:47:39 +00:00
|
|
|
## License
|
2015-05-30 09:21:22 +00:00
|
|
|
The code is licensed under the MIT License.
|
