Slow HTTP DoS attacks rely on the fact that the HTTP protocol, by design, requires requests to be completely received by the server before they are processed. If an HTTP request is not complete, or if the transfer rate is very low, the server keeps its resources busy waiting for the rest of the data. If the server keeps too many resources busy, this creates a denial of service. This tool is sending partial HTTP requests, trying to get denial of service from target HTTP server.
This tool actively tests if it’s possible to acquire enough resources on HTTP server by slowing down requests to get denial of service at application layer.
[cc lang=”bash”]tar -xzvf slowhttptest-1.0.tar.gz
[cc lang=”bash”]./slowhttptest -c 1000 -B -g -o my_server_stats -i 110 -r 200 -s 8192 -t FAKEVERB -u https://myseceureserver/resources/index.html -x 10[/cc]