New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Powerful stressers for application/website testing.
As the title, i'm looking for some platform which i can test my websites/applicaitons agains 'Ddosers and stressers'. As much powerful as it can be, i do remember using one a while back ago, though i forgot what it was called.
I do know most of these sites which offer membership for such stressing tools are not that powerful and cloudflare can easily get you covered within it, but i do not use cloudflare and i would like to test my own anti-ddos 'platforms/solutions'. Kind of an expirement.
Thanks in advance.
This discussion has been closed.
Comments
loader.io ?
You can use this program for free:
https://www.de.paessler.com/tools/webstress
Siege
Jmeter
Is loic still a thing?
Lol, yes.
You don't really think i would stress my protected anti-ddos website with my internet connection. Right?
If you're talking about using booters you're talking about funding criminals. LET isn't that sort of place.
The only legit way to do this - assuming you are talking about anything other than layer 7 attacks - is to use a network local to the target that you have permission to use. I would assume there will be more flexibility on layer 7 attacks since they are unlikely to knock your neighbouring customers offline.
For real-world load testing of a site, use SIEGE or Apachebench..
I need to try every possible unlegit way to ddos, crash and stess the fuck out of my project's website/applications, if i want to be sure it won't happen in the future by some random person i'd rather do it now myself and know my 'weaknesses'.
Doing it yourself via those sites would typically result in felony charges at least in the US for each attack launched.
loader.io mentioned above should be fine for actually testing your application under load.
If you use an actual booter you are just funding criminals and are breaking the law yourself.
If you're wondering what the difference is:
@armandorg
For a realistic test you'll need (a) someone (could possibly be yourself) running stresstests from enough machines to really stress your server. A single one will almost always not be sufficient, and (b) someone with relevant knowledge.
(a) because serious attackers will use many systems (think worst case "botnet")
(b) because you need to know what and how to attack.
Apachebench will almost certainly not cut it both for technical reasons (like # of open handles/sockets) and because those tools were built to test a web site/server with different load scenarios within a reasonable range.
One a bit simplistic but still useful (and actually quite realistic) approach would be to have some async Python clients running on a couple of machines on your network.
Btw. keep in mind to not only do load stress tests but also e.g. uncommon and illegal paths, headers, values etc., socket depletion and other games (e.g. timeouts), etc.
Bees with Machine guns
This actually sends HTTP requests, meaning it's more of a load tester and less of a DDOS tool.
Agreed.
I can see the problem... Whatever you're gonna do, the right thing to do would be to ask permission from whatever host/network you'll be testing. They won't appreciate it if you start stressing the network and if you're not careful you'll break the law as well.
Thanks for the recommandations, i will ofcourse let my datacenter know of my intentions and the test that i will proceed. Although there’s no law here regarding this, you can ddos as much as you want even your ‘competition’, nobody will say a thing. Unless you ddos or do anything agains a goverment website or application, than you will have serious troubles.
Must be great, living in 'The Wild West'
It has it’s benefits
Sans sherif.
This very depends on what exactly you wish to do.
The market of stupid kids which scan the whole network for exploits on different servers IoTs and whatever is dead because of IQ < 30 in this market somewhere in 2013 or 2014 by OVH, Voxility, and many other networks.
First of all, check the link below:
https://github.com/denji/awesome-http-benchmark
Next:
If you wish to test with good bench results try Yandex tank:
The second very good software for website testing is https://github.com/codesenberg/bombardier
What about DDoS / L4 attacks, I can't help you with that.
What about DDoS / L7 attacks - I don't know too, but the market always sucks because of using super stupid WordPress/Joomla exploits which make almost very stupid DDoS attacks against sites without any really good bench.
The best thing what you can try to do - is a provocation for DDoS on an anonymous board via exposing your real IP/server/domain name.
Or you can try to provoke via organizing any community-centric software/platform/whatever.
Or you can try to offer for free your services for MMORPG servers. Usually, MMORPG can easily be a target of 500-900Gbit/s attacks (not kidding here, competition market is very dangerous).
Yep, stolen content, stolen/infringing assets, stolen game, and donation begging nonstop while ddosing all the other competitors to get more donations and profiting off stolen content
Your provider must loooooooove you...
You can try scanning for servers with incorrectly set up DNS/NTP/Memcache/CharGEN and use them for AMPing attacks
Then with the lists you just need a server with a spoof-friendly ISP.
IoT can be done if you can develop your own code, but malware like Mirai will kick you off if it detects you.
Just curious, which country are referring to that it does have such law to allow you such things? And or no law for such activities?
It's, complicated. : |
Which is already illegal in most countries. I dont propose to do so, once your provider will notice you will get suspended in no time.
I use the following for quick tests
For HTTP/1.1 benchmarking
For HTTP/2 HTTPS benchmarking
I'm pretty shocked this thread is being allowed to continue. I feel like there are other forums he can use to search for this type of information and it sends the wrong message about what LET is for but maybe that's just me.
Yeah lets censor everything including all the legit info just because one user is feeling bad about the thread. Go **** yourself When has LET (or its users) become this closed minded? Nobody mentioned any illegal booter/stresser services here by name. And people are still contributing to the thread.
Now, that this has been said, I personally suggest loader.io as i've used them before to test my forums against Layer 7 attacks. They also check your identity and wont ruin your host.
Sorry that my feelings about this thread shook something inside you so profoundly that you felt to be abusive towards me but I am entitled to voice my concerns and feelings about any topic I want to.
The below quotes from the OP are why this concerns me.
Not to mention this is in the rules:
Hold on, right there. I mentioned that my country does not care if such thing happens, i never stated i was going to take actions agains any of my competitors.
The thread purpose is to discuss what solution can i use to ddos/crash/take down/test my own network/servers.. etc. So i know what where i should 'invest' in protecting it now from happening in the future by someone else.
These are security measures, no need to cry about it