Vulnerability testing with Google slowhttptest

While chrome developer tools allow you to test for many http post vulnerabilities relating to invalid post data, testing for a slow post vulnerability needs Googles slowhttptest tool.
https://github.com/shekyan/slowhttptest

The installation in very straight forward
https://code.google.com/p/slowhttptest/wiki/InstallationAndUsage

As the docs say, you'll need lib-ssldev. When missing you'll get:

configure: error: OpenSSL-devel is missing

My LMDE does not have this out of the box, though Synaptic delivered.

 

After the make, running slowhttptest hits up localhost by default. Nothing interesting without a local test server.

Shekyan also includes the syntax to launch an example of the SLOWORIS attach to test on your own servers.

./slowhttptest -c 1000 -H -g -o my_header_stats -i 10 -r 200 -t GET -u https://localhost/index.html -x 24 -p 3

 

Leave a Reply

Your email address will not be published. Required fields are marked *