PyLoris: SlowLoris in Python

June 26, 2009 1:02 am · 1 comment

by Black

in Open Source,Security tools

If you know about SlowLoris, this would not sound new to you at all. PyLoris is an implementation of SlowLoris in Python.

Now, as you all know, SlowLoris has been programmed by a famed security researcher – RSnake. PyLoris has been written by a programmer named Motoma. SlowLoris works by holding connections – to the HTTP server only - open by sending partial HTTP requests. It then continues to send subsequent headers at regular intervals to keep the sockets from closing, leading the webservers to be tied up. Now, a very good thing about this type of an attack is that all other services remain intact but the webserver itself is completely inaccessible. This is because, Slowloris never completes a request, and because the popular webservers limit the number of concurrent requests allowed, this will eventually fill all usable connections to the server.

PyLoris is written entirely in Python, utilizes only standard modules, is OS and platform independent, and is less than 100 lines of code. It runs a little differently than Slowloris, in that it throttles the entire request, allows users to specify the bandwidth for the connection as well as how large the request is. Unfortunately, the brevity of the code does not leave room for SSL/TLS handling, so only HTTP is supported for the time being. PyLoris runs on Linux, Windows, and Mac OS X. Additionally, it should work on any platform capable of running Python with Threads.

Here is a malicious use example:

$ ./pyloris www.yourtargetwebsite.org -l -s 600000 -g "/index/index.htm"-u "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0" -w 0.1 -t 25

This idea, which was concieved in 2007, was actually put into code just recently.

You can find this information & more at the SlowLoris website: http://ha.ckers.org/slowloris/

If you are interested in PyLoris, go here, alternatively, you can view the authors page here.

Related External Links

Searches leading to this post:
slowloris python, python slowloris

If you enjoyed this article, you might also like:

  • April 20, 2010 -- xdos.c: A Simple HTTP DoS Tool!
    A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an ...
  • April 8, 2010 -- UPDATE: PyLoris 3.0!
    We have been waiting a long time for Motoma to release this version! Finally, he has released PyLori...
  • September 14, 2009 -- NKiller2: The Asynchronous TCP Stress Tester
    Stress testing a server can let you know a lot about it! Right from its availability to its behaviou...
  • July 14, 2009 -- Update: PyLoris 2.3
    In under a week, a newer version of PyLoris has been released by Motoma! This version has the follow...
  • July 7, 2009 -- Update: PyLoris 2.0!
    So, once again in less than 10 days, PyLoris is updated! Good news is - it now supports SOCKS, SSL, ...
  • July 3, 2009 -- Update: PyLoris 1.8
    We had originally mentioned about PyLoris. Now, we see that changes have been happening and PyLoris ...
  • August 1, 2010 -- UPDATE: PyLoris 3.1!
    Again it took long time for Motoma to release this version! PyLoris goes GUI! Finally, he has releas...
  • February 10, 2010 -- legitStress: A server stress tester!
    You must be aware of our "List of Web Application Stress Testers". On the same lines, we have a serv...

Tagged as: ,

{ 1 comment }

Motoma June 27, 2009 at 12:56 am

That’s not exactly how PyLoris works. PyLoris makes a continuous request at a very low bandwidth (1 B/s by default) , rather than sending one header at a time. The difference is that with the latter an IPS could fingerprint one particular header and build a policy around it (Ahem, Fortinet), while the latter requires actual analysis of behavior to detect it as a DoS.

Comments on this entry are closed.

Previous post:

Next post: