Slowloris is a free and Open source tool available on Github. We can perform a denial of service attack using this tool. It’s a framework written in python. This tool allows a single machine to take down another machine’s web server it uses perfectly legitimate HTTP traffic. It makes a full TCP connection and then requires only a few hundred requests at long-term and regular intervals. As a result, the tool doesn’t need to spend a lot of traffic to exhaust the available connections on a server.
Uses of Slowloris:
- Slowloris sends multiple requests to the target as a result generates heavy traffic botnets.
- Slowloris can be used to perform DDoS attacks on any webserver.
- It is an open-source tool, so you can download it from GitHub free of cost.
- It uses perfectly legitimate HTTP traffic.
- A denial of service attack can be executed with the help of Slowloris by generating heavy traffic of botnets.
Installation and step-by-step implementation of Slowloris tool:
Step 1: Open your Kali Linux and then Open your Terminal.
Step 2: Create a new Directory on Desktop named Slowloris using the following command.
mkdir Slowloris
Step 3: Move to the directory that you have to create (Slowloris).
cd Slowloris
Step 4: Now you have to clone the Slowloris tool from Github so that you can install it on your Kali Linux machine. For that, you only have to type the following URL in your terminal within the Slowloris directory that you have created.
git clone https://github.com/gkbrk/slowloris.git
You have successfully installed the Slowloris tool in your Kali Linux. Now it’s time to perform a denial of service using the following steps.
Step 5: Now go to the Action bar and click on split terminal vertically then you will see that the two-terminal screen has been open now.
Step 6: Now you have to check the IP address of your machine to do that type of following command.
ifconfig
Step 7: As you can see we got our IP address now it’s time to start the apache server, start the apache server using the following command.
sudo service apache2 start
Step 8: Now we have to check the status of your server whether it is active or not so to check the status of your server run the following command.
service apache2 status
Step 9: We can see that our server is under active status it means is running properly, now come back to the first terminal, and to check permissions run the following command.
ls -l
Step 10: Now it’s time to run the tool using the following command.
python3 slowloris.py (your ip address) -s 500
Step 11: You can see the tool has started attacking that particular IP address which we have given now to check whether its working or not go to your browser and on your URL bar type that IP address, and you will see the site is only loading and loading but not opening this is how Slowloris tool works.
As you can see here the browser is waiting for an IP address because the browser is not able to load the page, this is because the denial of service attack is happening behind the browser using slowloris tool if you want to attack the live website you can attack using the domain name of that website instead of giving the IP address of the system to the slowloris tool. Slowloris tool will start attacking that particular domain however it’s a crime, and we do not promote such type of activity the tutorial was only for education purposes.