Web Application Analysisdosslowlorisslowhttpapachedenial-of-servicehttp

slowhttptest

SlowHTTPTest is a highly configurable tool that simulates application layer Denial of Service attacks. It implements common low-bandwidth attacks such as Slowloris, Slow HTTP POST, Slow Read, and Apache Range Header attacks.

Description

SlowHTTPTest is designed to test web servers for vulnerabilities to slow HTTP DoS attacks that consume server resources with low bandwidth. These attacks exploit connection pooling and resource management by keeping connections open with minimal data transfer, leading to denial of service without high traffic volumes.

Use cases include security testing of web applications and servers to identify weaknesses against Slowloris (slow headers), Slow HTTP POST (slow body), Slow Read (TCP persist timer exploit), and Apache Range Header attacks that cause excessive memory and CPU usage. It helps administrators harden servers by simulating real-world attack scenarios.

The tool generates detailed statistics on connection states and supports proxy configurations for realistic testing environments.

How It Works

SlowHTTPTest operates at the application layer by establishing multiple concurrent HTTP connections to the target server and sending data slowly or incompletely. In Slowloris mode (-H), it sends partial headers over time to keep connections open. Slow body (-B) sends Content-Length headers followed by data in small intervals. Slow Read (-X) drains response buffers slowly using advertised window sizes and read intervals. Range attack (-R) exploits Range headers to force massive resource consumption. It tracks socket states like pending, connected, error, and closed, reporting service availability.

Installation

bash

sudo apt install slowhttptest

Flags

-Hslow headers a.k.a. Slowloris (default)

-Bslow body a.k.a R-U-Dead-Yet

-Rrange attack a.k.a Apache killer

-Xslow read a.k.a Slow Read

-ggenerate statistics with socket state changes (off)

-o file_prefixsave statistics output in file.html and file.csv (-g required)

-v levelverbosity level 0-4: Fatal, Info, Error, Warning, Debug

-c connectionstarget number of connections (50)

-i secondsinterval between followup data in seconds (10)

-l secondstarget test length in seconds (240)

-r rateconnections per seconds (50)

-s bytesvalue of Content-Length header if needed (4096)

-t verbverb to use in request, default to GET for slow headers and response and to POST for slow body

-u URLabsolute URL of target (http://localhost/)

-d host:portall traffic directed through HTTP proxy at host:port (off)

-e host:portprobe traffic directed through HTTP proxy at host:port (off)

-p secondstimeout to wait for HTTP response on probe connection, after which server is considered inaccessible (5)

-j cookiesvalue of Cookie header (ex.: -j "user_id=1001; timeout=9000")

-a startleft boundary of range in range header (5)

-b byteslimit for range header right boundary values (2000)

-k numnumber of times to repeat same request in the connection (1)

-n secondsinterval between read operations from recv buffer in seconds (1)

-w bytesstart of the range advertised window size would be picked from (1)

-y bytesend of the range advertised window size would be picked from (512)

-z bytesbytes to slow read from receive buffer with single read() call (5)

Examples

Use 1000 connections with Slowloris mode (-H), generate statistics (-g) with output file (slowhttp), 10s interval (-i 10), 200 connections/sec (-r 200), GET requests (-t GET) to target URL, 24 bytes max length (-x 24), 3s timeout (-p 3)

slowhttptest -c 1000 -H -g -o slowhttp -i 10 -r 200 -t GET -u http://192.168.1.202/index.php -x 24 -p 3

Show help and usage information for slowhttptest

slowhttptest -h

Run slow body attack a.k.a R-U-Dead-Yet (default connections and settings)

slowhttptest -B

Run range attack a.k.a Apache killer (default settings)

slowhttptest -R

Run slow read attack (default settings)

slowhttptest -X

Test with 50 connections, 10s interval against target URL using default Slowloris mode

slowhttptest -c 50 -i 10 -u http://example.com

Generate statistics to stats files with debug verbosity level

slowhttptest -g -o stats -v 4

Updated 2026-04-16kali.org ↗