Skip to content

A Rust implementation of slow HTTP DoS techniques

Notifications You must be signed in to change notification settings

NoraCodes/rloris

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

rloris

rloris is an implementation of RSnake's SlowLoris attack in Rust, with other attacks on the way.

You can either build rloris yourself with cargo or download a working binary for Linux x64 from the releases directory. As of 0.6.0, rloris no longer requires native SSL libraries and uses rustls to perform all TLS connection in pure Rust.

Attacks

  • SlowLoris GET, based on RSnake's original attack, simply opens a lot of connections asking to GET resources and then takes its time sending the other headers and the final double \r\n.
  • SlowLoris POST, similar to the above but using POST requests. Activate with rloris post <target> --post.

Functionality

Optional functionality is available by giving flags to the rloris binary. Currently, rloris supports SSL (-ssl), setting custom timeouts for SlowLoris (--timeout=<timeout>) and SlowLoris cycle counts (--cycle=<cycles>), multithreading (--thread=<threads>), and infinite repetition (--repeat).

WARNING: using --repeat can create a real honest to goodness DoS condition on the target!

Advice

The more threads you can get away with, the higher the impact on the target. To see what your server can handle, keep raising the number of threads until you get "Connection reset by peer" errors; at that point, your server is dropping connections due to over-load. Note that a DoS condition probably will arise before this happens.

rloris uses env_logger to log messages to the console; set the environment variable RUST_LOG to info for additional data about your attacks, or debug if you're hacking on the code.

Examples

  • Perform an attack against localhost, port 8000, using the POST verb: rloris post localhost --port=8000
  • Perform an SSL attack against example.com, port 443: rloris get example.com --ssl
  • Perform an SSL attack against 127.0.0.1, with domain name example.com: rloris get 127.0.0.1 --ssl --domain=example.com --repeat

About

A Rust implementation of slow HTTP DoS techniques

Topics

Resources

Stars

Watchers

Forks

Packages

No packages published

Languages