SLOW HTTP TEST

Service Attacker

SlowHTTPTest is a tool that simulates Application Layer Denial of Service attacks by prolonging HTTP connections in different ways. It is highly configurable and can be used to test your web server for DoS vulnerabilities or to determine how many concurrent connections it can handle. SlowHTTPTest works on various platforms such as Linux, macOS, and Cygwin.

DOWNLOADS

No Official Website

SYSTEM REQUIREMENTS

RAM : Minimum 1 GB is required, (4 GB or more is recommended for stability).

Storage : Minimum 100 MB (more storage is required for scans and updates).

OS : Compatible with Linux, macOS, and Windows (via Cygwin or Docker).

Architecture : Supports both 32-bit and 64-bit systems.

Available On : PC


ADDITIONAL INFORMATION

Published By

Sergey Shekyan.

Release Date

2011.

Approximate Size

89 KB of binaries

Publisher Info

Sergey Shekyan Known for contributions to security tools and DoS testing.

Supported Languages

English

Last Update

2022, Version 1.9.0

Programming Language

Written in C++.

Operating System

Cross-platform

License

Open Source under the Apache License 2.0.

  • Slowing down either the header or the body section of the request
  • Any HTTP verb can be used in the request
  • Configurable Content-Length header
  • Random size of follow-up chunks, limited by optional value
  • Random header names and values
  • Random message body data
  • Configurable interval between follow-up data chunks
  • Support for SSL
  • Support for hosts names resolved to IPv6
  • Verbosity levels in reporting
  • Connection state change tracking
  • Variable connection rate
  • Detailed statistics available in CSV format and as a chart generated as HTML file using Google Chart Tools

  1. Installation : Install the tool from source or use the Docker image provided by the author. You can find the installation guide on the GitHub repository’s Wiki page.
  2. Usage : After installation, you can run the tool with various options to simulate different types of DoS attacks. The tool supports different types of attacks, including:
    • Slow header attack : Sends an incomplete HTTP header, keeping the connection open and consuming server resources.
    • Slow body attack : Sends an incomplete HTTP request body, keeping the connection open and consuming server resources.
    • Slow headers+body attack : Combines the slow header and slow body attacks.
    • Chunked transfer encoding attack : Sends an HTTP request with an incomplete chunked transfer encoding header, keeping the connection open and consuming server resources.

  1. Slowloris Mode : This is the default mode, identified by the option “-H”. It simulates a Slowloris attack, where the tool sends unfinished HTTP requests to keep as many connections as possible open to the target server, eventually overwhelming it.
  2. Apache Range Header Attack : This attack, identified by the option “-R”, sends malicious Range Request header data, also known as the “Apache Range Header” or “Range Header mode”. It is designed to exploit vulnerabilities in Apache web servers.
  3. Slow Http Post : This mode sends unfinished HTTP POST requests to the target server, emulating a Slow POST attack.
  4. Slow Reader : This mode simulates a Slow Reader attack, where the tool sends an HTTP response header but does not read the server’s response, eventually causing the server to consume all available memory.

SlowHTTPTest is a tool designed to simulate application-layer Denial of Service (DoS) attacks by exploiting HTTP protocol vulnerabilities. Here are some examples of its usage :

Basic Examples
  1. Slowloris Attack :

    2. $ slowhttptest -c 1000 -H -g -o slowloris -i 10 -r 200 -t GET -u http://example.com

    Simulates a Slowloris attack by sending incomplete HTTP headers to the target server (http://example.com)

  2. Slow POST Attack :

    3. $ slowhttptest -c 500 -B -g -o slowpost -i 10 -r 100 -t POST -u http://example.com

    Simulates a Slow POST attack by sending HTTP POST requests with a very slow data transfer rate.

  3. Slow Read Attack :

    4. $ slowhttptest -c 300 -X -g -o slowread -i 10 -r 50 -t GET -u http://example.com

    Simulates a Slow Read attack by sending legitimate HTTP requests and reading the server's response very slowly.

  4. Apache Range Header Attack :

    5. $ slowhttptest -c 200 -R -g -o rangeattack -i 10 -r 20 -t GET -u http://example.com

    Exploits the Apache Range Header vulnerability to consume server resources.

Advanced Examples
  1. Custom Timeout and Connection Rate :

    2. $ slowhttptest -c 1000 -H -g -o customtest -i 5 -r 300 -t GET -u http://example.com

    Adjusts the timeout interval (-i) and connection rate (-r) for a more aggressive test.

  2. Generate Statistics :

    3. $ slowhttptest -c 1000 -H -g -o stats -i 10 -r 200 -t GET -u http://example.com

    Generates detailed statistics in HTML and CSV formats for analysis.

  3. Proxy Support :

    4. $ slowhttptest -c 500 -H -g -o proxytest -i 10 -r 100 -t GET -u http://example.com --proxy http://proxyserver:port

    Routes the attack through a specified proxy server.

Practical Applications
  • Server Stress Testing : Evaluate how a server handles low-bandwidth DoS attacks.
  • Vulnerability Assessment : Identify weaknesses in HTTP protocol handling.
  • Security Training : Demonstrate the impact of application-layer DoS attacks.

  • libc6
  • libgcc-s1
  • libssl3
  • libstdc++6

Terminal Installation Commands ...

$ sudo apt-get update

$ sudo apt install slowhttptest

GUI Installation Steps ...
Linux

You can install SlowHTTPTest using different package management tools like apt-get, apt, and aptitude :

  1. Using apt-get :

    2. $ sudo apt-get update

    $ sudo apt-get -y install slowhttptest
  2. Using apt :

    3. $ sudo apt update

    $ sudo apt -y install slowhttptest
  3. Using aptitude (if not installed, install it first) :

    4. $ sudo aptitude update

    $ sudo aptitude -y install slowhttptest

Alternatively, you can install SlowHTTPTest manually by downloading the latest tarball, extracting, configuring, compiling, and installing :

$ tar -xzvf slowhttptest-x.x.tar.gz

$ cd slowhttptest-x.x

$ ./configure --prefix=/usr/local

$ make

$ sudo make install

Make sure you have libssl-dev installed before compiling.

Windows
  1. Using Cygwin (a Unix-like environment for Windows) :
    • Download and install Cygwin.
    • During installation, ensure you select the required packages like gcc, make, and openssl-devel.
    • Download the SlowHTTPTest source code from its GitHub repository.
    • Open the Cygwin terminal and run the following commands :

      • $ tar -xzvf slowhttptest-x.x.tar.gz

      $ cd slowhttptest-x.x

      $ ./configure --prefix=/usr/local

      $ make

      $ make install
    • Replace x.x with the version number of the downloaded file.
  2. Using Docker :
    • Install Docker on your Windows system.
    • Use the Dockerfile provided in the SlowHTTPTest repository to build and run the tool in a containerized environment.
MacOS
  1. Using Homebrew :
    • Open the Terminal and run :

      • $ brew update

      $ brew install slowhttptest
    • This is the simplest way to install SlowHTTPTest on macOS.
  2. Using MacPorts :
    • Install MacPorts if you haven’t already.
    • Open the Terminal and run : sudo port install slowhttptest
    • This method is also effective.
  3. Manual Installation :
    • Download the latest tarball from the SlowHTTPTest GitHub repository.
    • Extract the tarball and navigate to the extracted directory :

      • $ tar -xzvf slowhttptest-x.x.tar.gz

      $ cd slowhttptest-x.x
    • Configure, compile, and install :

      • $ ./configure --prefix=/usr/local

      $ make

      $ sudo make install
    • Replace x.x with the version number of the downloaded file.

Terminal Uninstallation Commands ...

$ sudo apt remove slowhttptest

$ sudo apt autoclean && apt autoremove

GUI Uninstallation Steps ...
Linux
  1. Remove the package : sudo apt-get remove slowhttptest
  2. Remove the package along with unused dependencies : sudo apt-get -y autoremove slowhttptest
  3. Remove configurations and data : sudo apt-get -y purge slowhttptest
  4. Remove configurations, data, and dependencies : sudo apt-get -y autoremove --purge slowhttptest
Windows
  1. If installed via Cygwin :
    • Open the Cygwin terminal and navigate to the directory where SlowHTTPTest was installed.
    • Run : make uninstall
    • Alternatively, manually delete the installed files.
  2. If installed via Docker :
    • Remove the Docker container and image :

      • $ docker rm <container_id>

      $ docker rmi slowhttptest:latest
MacOS
  1. Using Homebrew :
    • Run : brew uninstall slowhttptest
  2. Using MacPorts :
    • Run : sudo port uninstall slowhttptest
  3. Manual Uninstallation :
    • Navigate to the directory where SlowHTTPTest was installed and run : make uninstall
    • Alternatively, manually delete the installed files.

Copyright © 2025 HACKERSPOT

All original content, including tools, software, and other information, is protected by copyright and remains the property of its respective owners.

Subscribe for more Information
HACKERSPOT

HackerSpot is an informational platform that offers resources such as tools, software, courses, internships, and various other materials aimed at supporting individuals passionate about CyberSecurity and IT.

About Us
Docs / Links

Documentation

Tools

Softwares

Operating Systems

Learning

Courses

Internships

Virtual Labs

Colleges

Youtube Channels

Resources

Devices & Hardware

Browsers

Cyber Threat Maps

Other Resources

Contacts

Bapatla, Andhrapradesh, India 237101

bablunannam@gmail.com

+91 7995819235