If you know about SlowLoris, this would not sound new to you at all. PyLoris is an implementation of SlowLoris in Python.
Now, as you all know, SlowLoris has been programmed by a famed security researcher – RSnake. PyLoris has been written by a programmer named Motoma. SlowLoris works by holding connections – to the HTTP server only - open by sending partial HTTP requests. It then continues to send subsequent headers at regular intervals to keep the sockets from closing, leading the webservers to be tied up. Now, a very good thing about this type of an attack is that all other services remain intact but the webserver itself is completely inaccessible. This is because, Slowloris never completes a request, and because the popular webservers limit the number of concurrent requests allowed, this will eventually fill all usable connections to the server.
PyLoris is written entirely in Python, utilizes only standard modules, is OS and platform independent, and is less than 100 lines of code. It runs a little differently than Slowloris, in that it throttles the entire request, allows users to specify the bandwidth for the connection as well as how large the request is. Unfortunately, the brevity of the code does not leave room for SSL/TLS handling, so only HTTP is supported for the time being. PyLoris runs on Linux, Windows, and Mac OS X. Additionally, it should work on any platform capable of running Python with Threads.
Here is a malicious use example:
$ ./pyloris www.yourtargetwebsite.org -l -s 600000 -g "/index/index.htm"-u "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0" -w 0.1 -t 25
This idea, which was concieved in 2007, was actually put into code just recently.
You can find this information & more at the SlowLoris website: http://ha.ckers.org/slowloris/
If you are interested in PyLoris, go here, alternatively, you can view the authors page here.
Related External Links
Searches leading to this post:pentestit pyloris, pyloris vs slowloris dos, pyloris works, slowloris fortinet
{ 1 comment… read it below or add one }
That’s not exactly how PyLoris works. PyLoris makes a continuous request at a very low bandwidth (1 B/s by default) , rather than sending one header at a time. The difference is that with the latter an IPS could fingerprint one particular header and build a policy around it (Ahem, Fortinet), while the latter requires actual analysis of behavior to detect it as a DoS.
You must log in to post a comment.