Using PyLoris

2009-06-19 by Motoma

Using PyLoris is simple. In its most basic form, PyLoris merely needs a copy of Python 2.6 or 3.x.

On a Linux machine, one must simply invoke the script in a terminal, stating a site to test:

motoma@rocksalt:/home/motoma$ python pyloris-2.0.py motomastyle.com

On Mac OS X, one invokes PyLoris the same way. Using the Terminal Application:

hotdog:/Users/Motoma/ motoma$ python pyloris-2.0.py motomastyle.com

Using PyLoris in Windows is a little different. One will need to know the location of the Python installation, and be in the proper directory. Load up a command prompt:

C:\Users\Motoma\Desktop\pyloris-2.0>C:\Python31\python.exe pyloris-2.0.py motomastyle.com

Advanced Options

Invoking PyLoris by using the commands above start a limited to 50 threads, each with 10 connections, for a total of 500 potential connectiions. Each connection will send a minimal amount of data at 1 byte per second and await until the connection is forced shut by the server. While this behavior will bog down an Apache server with the default settings, it is not a very thorough test. The following are some additionall options that will allow one to customize the way PyLoris works:

--count or -c

Adjusting the --count flag can drastically change how well PyLoris performs. The --count flag directly controls the number of threads started, and therefore changes the potential number of connections started.

--attacks or -a

Adjusting the --attacks flag can drastically change how well PyLoris performs. The --attacks flag directly controls the number of connections per thread, and therefore changes the potential total connections started. By multiplying the --count value and the --attacks value, one gets the total number of connection attempts that will be made.

--size or -s

The --size flag allows one to increase the size of the request made. Increasing the size will in turn increase the duration of connections, leading to a longer sustained test. In situations where servers or firewalls are set to terminate unfinished connections, this can extend the length of the test drastically. This can also be used to test a web server's capability to handle multiple large requests and benchmark memory usage. The additional data is filled in the Cookie-Data field.

--wait or -w

Setting the --wait flag will adjust the amount of time between threads spawning. One can increase this number to make the test ramp up over time, or decrease it (with numbers between 0 and 1) to make a more rapid DoS attack.

--throttle or -t

Setting the --throttle flag will adjust the bandwidth usage of each connection, as well as tweak the speed at which new connections are established. A setting of 1 will make each connection send at 1 byte per second, and make each thread create 1 new connection each second. Higher numbers will make for faster connections, while lower numbers will slow the test down significantly.

--loop or -l

Setting the --loop flag will nullify the --count flag. The loop flag will remove all limits on the number of concurrent threads running. Threads will start and stop with the limits of the operating system that PyLoris is running on.

HTTP Customization Options

--size or -s

--request or -r

Setting the --request flag will change the HTTP method used. Available options are GET, HEAD, POST, PUT, DELETE, OPTIONS, and TRACE. Certain proxies and load balancers will filter out certain types of requests, and hold them until the requests are complete. POST requests are commonly passed through due to their large size, therefore this may cause different behavior.

--port or -p

PyLoris will connect on port 80 by default. Specifying the --port flag will change this behavior.

--keepalive or -k

Using the --keepalive flag will add the Connection: Keep-Alive header to the HTTP request. On vulnerable servers, this will increase the duration of connections considerably.

--finish or -f

Specifying the --finish flag will cause PyLoris to finish and close connections upon the completion of the request. This will prompt servers to send full responses to the HTTP requests that are made.

--quit or -q

Specifying the --quit flag will cause PyLoris to close connections before any data has been received.

--useragent or -u

By default, PyLoris advertizes itself in the User-Agent header. The --useragent flag allows one to override this and masquerade as other web browsers. Useful because some sites will render different pages for different web browsers.

--get or -g

By default, PyLoris will make HTTP requests for "/". Setting the --get flag will allow one to control the page that PyLoris requests.

--ssl

Specifying the --ssl flag will allow PyLoris to connect to HTTPS servers. If the server supports encrypted connections, this will get requests through firewalls and load balancers without being analysed for completion.

--gzip or -z

Specifying the --gzip flag will allow instruct PyLoris to send an "Accept-Encoding: gzip" header. When combined with the --quit and --finish flags, this can test for the CEV-2009-1891 DoS vulnerability. Also leads to larger CPU usage and smaller bandwidth usage.

Proxy Options

As of version 1.9, PyLoris is able to connect through SOCKS4 and SOCKS5 proxies. This allows PyLoris to run through SSH tunnels, as well as TOR. Utilizing TOR should essentially eliminate the mitigating effects of ipchains, mod_antiloris, and mod_noloris.

--socksversion

Setting the --socksversion flag tells PyLoris to connect through a SOCKS proxy.

--sockshost

Set the --sockshost flag to the address of the SOCKS proxy when --socksversion is set. If this is not set, PyLoris will default to 127.0.0.1.

--socksport

Set the --socksport flag to the port number of the SOCKS proxy when --socksversion is set.

--socksuser and --sockspass

Optionally, one may set a username and password for the SOCKS proxy using these two flags.