- This project is a self-motivated extension of an HTTP client/server project from my computer networks course (CS 3516).
- The HTTP client and server both function on their own, but the goal of this extension (DOS demonstration) was to interrupt this function via HTTP flood and further my understanding of simple network vulnerabilities along the way.
- To achieve this, simple_http_client.c has been modified into dos_attacker.c which will cause HTTP flooding with endless HTTP GET requests.
- This project is made for educational purposes only. Do NOT use it on anything but your own servers.
-
Download the files from this repository (dos_attacker.c, makefile, simple_http_client.c, simple_http_server.c, and TMDG.html)
-
Use the makefile to easily compile using the following command:
make all
-
Similarly, the object files and executables may be cleaned using the following command:
make clean
-
For the makefile commands (make all and make clean) to work properly along with the given TMDG.html file (or any file being read by the server) to be read properly, ensure that the downloaded files are located within the same directory.
-
It is also important to note that the files are meant to be run within a Linux environment (i.e. makefile uses "rm" instead of "del" for "make clean", certain #include statements aren't valid in Windows, etc).
- Ensure you're in the directory with run_dos_attack.sh
- Ensure run_dos_attack.sh is in the directory with all source code files
- Edit run_dos_attack.sh's TARGET variable:
TARGET=your-target-server-dot-com.com - Make the script executable: run
chmod +x run_dos_attack.shin the terminal - Run
./run_dos_attack.shin the terminal - After you're done, stop all processes with
pkill http_server
-
In a terminal, the HTTP server can be started by running a command in the following format:
./http_server <server_port>
Note:
- The <server_port> is the port number the server will be listening on.
- This should preferably be over 5000 to be safe since lower ports may be reserved for other tasks.
-
The server will now be listening for requests on the desired port.
-
With the server now listening for requests, open a second terminal and use the client to send an HTTP GET request for TMDG.html using a command in the following format:
./http_client <-options> <server_url> <server_port>
Note:
- The <-options> space is for the -p flag, which will also display the RTT of connecting to the server in milliseconds.
- The <server_port> space is for the server port number (equivalent to that of the running HTTP server, or 80 for any other HTTP usage).
- My setup is hosted on the private WPI Linux server, which is why my <server_url> will be linux.wpi.edu/TMDG.html.
-
If successful, a new file (index.html) will be created in the current working directory containing the contents of the HTTP response (I requested TMDG.html in this case).
The file is very long, so only the first piece is shown in the above screenshot.
-
The server will also display a message in its terminal.
-
With the server running, a new terminal may be opened for the DOS attacker (three terminals in total with one for the server, one for the client, and now one for the DOS attacker).
-
The DOS attacker can be started in its terminal with the following command:
./dos_client <server_url> <server_port>
Note that <server_url> and <server_port> share the same meaning as with the HTTP client (see above section "Using the Client").
-
The DOS attacker will now endlessly send HTTP GET requests for TMDG.html. The server will be able to keep up with the HTTP flood for a short moment but will freeze soon after.
-
Once the HTTP server is frozen (stops displaying messages), that means the HTTP flood attack is working.
-
In the client's terminal, the steps from the above section "Using the Client" can now be repeated.
-
Notice how this time, the client will not receive a response as the server is under attack (hence denial of service).
- Nicholas Golparvar
- Matvey Shestopalov (implemented forking logic and run_dos_attack.sh)