Forget the post for a minute, let's begin with what this title is about! This is a web security-based article which will get into the basics about how HTTP works. We'll also look at a simple attack which exploits the way the HTTP protocol works.

暂时忘掉这个帖子，让我们从这个标题开始吧！ 这是一篇基于Web安全的文章，将深入介绍HTTP的工作原理。 我们还将研究一种利用HTTP协议工作方式的简单攻击。

什么是HTTP？ (What is HTTP?)

HTTP, HyperText Transfer Protocol, is the protocol used by the web for communication. Your device, when you use a browser, uses this particular protocol to send requests to remote servers to request data from them.

HTTP，超文本传输​​协议，是网络用于通信的协议。 您的设备在使用浏览器时，会使用此特定协议将请求发送到远程服务器，以从它们请求数据。

It's basically like you saying to your mom, "Hey mom, I need to eat the item in the fridge present at shelf 2, could you give it to me?"

基本上就像您对妈妈说：“嘿，妈妈，我需要把食物放在架子2上的冰箱里吃，能给我吗？”

And your mom says, "Sure, here you go", and sends you that item. Now, HTTP is the way you were able to communicate this information to your mom, more like the language you used for communication.

然后你妈妈说：“可以，你走了”，然后把那个东西寄给你。 现在，HTTP是您能够向妈妈传达此信息的方式，更像是您用于交流的语言。

HTTP如何工作 (How HTTP Works)

Here's a TL;DR video if you're a video person. Otherwise, proceed with the article:

如果您是视频人，这是TL; DR视频。 否则，请继续阅读本文：

HTTP (Layer 7) is built on the top of TCP protocol (Layer 4). We can use nc (netcat) utility to open a raw TCP socket to any website running on HTTP (usually port 80). See the following example on how we connect to HTTP port 80 for google.com using netcat:

HTTP(第7层)建立在TCP协议(第4层)的顶部。 我们可以使用nc (netcat)实用程序打开原始HTTP套接字，以打开任何在HTTP(通常为端口80)上运行的网站。 请参阅以下示例，了解我们如何使用netcat连接到google.com的HTTP端口80：

See the data we sent:

查看我们发送的数据：

GET / HTTP/1.1
Host: google.com
X-header-1: somemoredata
X-header-2: somemoredata
<empty line>

Ignore the extra X-header-* headers, they're just random headers you can send with your request. The important header to include in HTTP/1.1 spec is the Host header.

忽略多余的X-header-*标头，它们只是您可以随请求发送的随机标头。 要包含在HTTP / 1.1规范中的重要标头是Host标头。

And the response we got:

我们得到的回应是：

HTTP/1.1 301 Moved Permanently
Location: http://www.google.com/
Content-Type: text/html; charset=UTF-8
Date: Tue, 01 Oct 2019 23:24:13 GMT
Expires: Thu, 31 Oct 2019 23:24:13 GMT
Cache-Control: public, max-age=2592000
Server: gws
Content-Length: 219
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Accept-Ranges: none
Via: HTTP/1.1 forward.http.proxy:3128
Connection: keep-alive<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.
</BODY></HTML>

Thus, HTTP is a plaintext protocol consisting of the request information sent by the client and the response as shown above.

因此，HTTP是一个纯文本协议，由客户端发送的请求信息和响应组成，如上所述。

懒猴攻击 (Slow Loris Attack)

A Slow Loris attack exploits the fact that I could make an HTTP request very very slowly. In other words, I can initiate an HTTP request to the server and keep sending data to the server very slowly in order to keep that connection alive. And at the same time, it never ends that connection and opens multiple such connections to exhaust the connection pool of the server.

Slow Loris攻击利用了我可以非常非常缓慢地发出HTTP请求的事实。 换句话说，我可以向服务器发起HTTP请求，并保持非常缓慢的速度向服务器发送数据，以保持连接状态。 同时，它永远不会终止该连接并打开多个此类连接以耗尽服务器的连接池。

Disclaimer - Penetration testing any online/offline service not owned by you without prior written permission is illegal and I'm not responsible for any damage caused. Use this content for educational purposes only.

免责声明 -未经事先书面许可，渗透测试不属于您的任何在线/离线服务是非法的 ，对于由此造成的任何损失，我不承担任何责任。 将此内容仅用于教育目的。

慢劳里斯示范： (Slow Loris Demonstration:)

This means, I could keep on sending additional data to the server in the form of headers. Now, I'll start a simple PHP development server on my machine:

这意味着，我可以继续以标头的形式向服务器发送其他数据。 现在，我将在计算机上启动一个简单PHP开发服务器：

And I use a simple Node script to perform what we discussed above on my local server:

我使用一个简单的Node脚本在本地服务器上执行我们上面讨论的内容：

You can find the Node script used here.

您可以在此处找到使用的Node脚本。

After some time, you'll see that our PHP server actually crashes!

一段时间后，您会看到我们PHP服务器实际上崩溃了！

This is because there are way too many open connections and PHP cannot handle any more open connections (due to memory/hardware limits).

这是因为存在太多的打开连接，而PHP无法处理任何更多的打开连接(由于内存/硬件限制)。

Now, of course this works flawlessly on a local development server. But if you're able to find a server which does not implement protections against slow loris attacks, it is a big problem for them.

现在，这当然可以在本地开发服务器上完美运行。 但是，如果您能够找到未对慢loris攻击实施保护的服务器，那么这对他们来说就是一个大问题。

防止Loris慢速攻击 (Protections against a Slow Loris attack)

• Use solutions like Cloudflare in front of your servers to prevent DoS/DDoS

  在服务器前使用诸如Cloudflare之类的解决方案来防止DoS / DDoS

  Quoting from Cloudflare's site:

  从Cloudflare网站引用：

Cloudflare buffers incoming requests before starting to send anything to the origin server. As a result, “low and slow” attack traffic like Slowloris attacks never reach the intended target. Learn more about how Cloudflare's DDoS protection stops slowloris attacks.

Cloudflare在开始将任何内容发送到原始服务器之前会缓冲传入的请求 。 结果，像Slowloris攻击这样的“低速和慢速”攻击流量永远不会达到预期的目标。 详细了解Cloudflare的DDoS保护如何阻止慢速龙网攻击。

• Rate limit number of simultaneous connections open by a particular IP address to a small number. This could be achieved using simple frontend reverse proxy servers like nginx using their leaky bucket algorithm implementation. How that works, is something for another day!
  通过特定IP地址打开的并发连接的速率限制数目很小。 这可以通过使用像nginx这样的简单前端反向代理服务器并使用其泄漏存储桶算法实现来实现。 如何运作，又是另一回事！
• Increasing the server capacity - Now this might mitigate small attacks, but honestly attacker can and would scale/amplify the original attack quite easily due to the less bandwidth required to carry out such an attack.
  增加服务器容量-现在这可以缓解小型攻击，但老实地说，由于执行此类攻击所需的带宽较小，攻击者可以并且很容易扩展/放大原始攻击。

结论 (Conclusion)

A lot of servers (nginx/apache2 new versions) come with slow loris attack protections by default. But for a lot of internal services, servers might be vulnerable to this simple attack.

默认情况下，许多服务器(新版nginx / apache2)都具有慢loris攻击保护功能。 但是对于许多内部服务而言，服务器可能容易受到这种简单攻击的攻击。

You might want to check your services and implement the fixes. Web security is an exciting area, and I plan to do a web series on it on codedamn. You can connect with me on twitter for updates too. Till then, be safe!

您可能需要检查服务并实施修补程序。 网络安全是一个令人兴奋的领域，我计划在codedamn上进行网络系列开发 。 您也可以在Twitter上与我联系以获取更新。 到那时，要安全！

翻译自: https://www.freecodecamp.org/news/slow-loris-attack-using-javascript-on-php-server/