-
Notifications
You must be signed in to change notification settings - Fork 3
geuis/node-splat
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
Splat is intended to be a demonstration of the HTTP POST Denial of Service attack described on http://www.acunetix.com/blog/web-security-zone/articles/http-post-denial-service/. This script is not meant for nefarious purposes but rather to educate and for testing. It is intended to demonstrate how opening lots of simultaneous POST connections to a server, specifying a long Content-Length, and feeding data to the server slowly can cause a mis-configured server to be made unresponsive. There's no license on this thing. The author takes no freaking responsibility for what dumbasses decide to do with what is a very basic script that took the author a few minutes to write. Use at your own risk, don't bother the author about it, feel free to fork it, pork it, or whatever you want. USAGE: 1) Customize the "url" variable to a domain. DO NOT USE http:// or https:// 2) Set "max_connections" to how many simultaneous connections you want to open. 125 is recommended or Node might freak out. 3) Set "length" to the total number of bytes that should be sent over time. Each byte is sent once per second. 4) Run it from your terminal in the node-splat directory, "node app.js" 5) If you don't know what Node.js is, go to http://nodejs.org Running more than 125 max_connections tended to make node.js on the dev system crash. You may be able to do more. Run multiple instances (separate terminal windows on a Mac) to achieve the desired effect. On the test system (Mac Pro), Apache on localhost stopped responding with 250 connections. The author's website running on lighttpd handled up to about 1125 simultaneous connections before hanging.
About
simple HTTP POST denial of service example
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published