-
Notifications
You must be signed in to change notification settings - Fork 302
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Slow Body Problem #49
Comments
Can you please paste the arguments you use for the test? |
Thanks for your reply...I'm very worried about this problem because I used it in my final project design.So can you please help me fix this problem?? The command I used is as followed: |
You see GET verb in probe connections (and it is legitimate complete request with final CRLF), which tries to request the page to see if it is still available. |
I opened access_log for apache and found this : I remembered 400 means Bad Request...Is there a problem? |
You need to setup your server to handle post requests at /index.html . Slow POST is generally effective when server expects an upload of something big, or at least a form submission. |
Thanks for reply.
The code for server.php is: header("Content-Type: text/html; charset=UTF-8"); if (isset($_POST["name"])) if (isset($_POST["psw"])) ?> ` It works well on my web server and I can access the web page via my kali attacker virtual machine. |
You should point slowhttptest to your POST accepting endpoint, e.g. |
I'm seeing the same issue, but only (mostly) when using the proxy option. When not using the proxy, it 'almost' works as expected with one GET request being sent before the POST request, ie: I also noticed the tool works fine with/without proxy settings with arbitrary methods, but still sends a single GET request before the arbitrary method, ie: It's easy to reproduce, I setup a local webserver with 'python -m SimpleHTTPServer 8888', so the proxy traffic (Burp) or wireshark files are not needed. I've also tried both with "-t POST" and without, which has no bearing given the '-B' parameter. I'm using the latest v1.7 on High Sierra (macOS) |
i have the same problem, i can't capture POST package with wireshark ,and i have tried with the command i used as followed: i think i have pointed slowhttptest to my POST accepting endpoint by and when i checked 69.254.227.182 - - [27/Dec/2018:06:52:43 -0500] "POST / HTTP/1.1" 408 488 "https://github.com/shekyan/slowhttptest/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:5.0.1) msnbot-131-253-46-102.search.msn.com"
::1 - - [27/Dec/2018:06:52:54 -0500] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.34 (Debian) (internal dummy connection)" And the POST attack does work, except i can't capture POST package . and i don't know why? |
I was puzzled too however worked it out. Wireshark decodes RFC-compliant HTTP requests as Protocol:HTTP and shows the HTTP request (or response) line 1 in the 'Info' column in Packet List, however as the POST requests were not complete, Wireshark does not show them as http but instead as Protocol:TCP ([PSH, ACK]). If you click on such a packet you will see the POST in the TCP payload. To find these packets easily use Ctrl-F, change 'Display Filter' to 'String' and 'Packet List' to 'Packet Bytes' then enter POST in the text box then select 'Find'. |
Hi,
When I tried to launch slow body attack and used wireshark to capture data package, I just found protocol in HTTP request is GET, not POST, is there any problem??
The text was updated successfully, but these errors were encountered: