Denial of service attacks is still effective and powerful attack against a web server.Even though we have plenty of tools available, most of them are not safe and can track any attacker but, “Torshammer” an awesome piece of python script can solve that problem. This script use the tor anonymity service to mask the user thus its comparatively safe. Dos attacks can be of various types based on the protocol or target. Here we are using a slow poisoning method that can target apache servers and old IIS servers. The script send classic HTTP POST request to the server that last for 1000 – 30,000 seconds. The request won’t exceed the server limit but use multiple connections that simulate a massive DDOS. This can knock out any apache server within no time. Unlike slowloris here it can use switch over tor network and stay anonymous.
Download the script from here. This script generate random characters and send it to server as post request. I have modified the script a little bit, instead of sending single char it sends a random string. Some servers behave different with a lengthy request and this can be effective. Im not guaranteeing that this is effective on all servers. you can check it by yourself download the mod script from here and replace it with torshammer.py.
The most important thing is tor bundle, If its not installed use this command
When you have the script and tor bundle installed move to the next step.
Open terminal and type this command
You can also run tor as a daemon service.Here this will enable tor service and shows log in the command window so that you can find the error in network fi any. Don’t close it.
Since Torshammer is sending legitimate POST request and simulate a browser still some firewalls can detect and stop the attack. This would work on all normal small scale websites in less than a minute. This simple script can make 256 connection at a time and stress the server. Check my blog on dos attack with slowloris.