Learn how to use HTTP Flooder Cannon to perform stress tests, load tests, botnet simulation, DoS/DDoS tests and fuzzing on the HTTP protocol. You'll also learn how to use it to do GET floods, POST floods, slow POSTs, and hash DOS.
- [Voiceover] Home users and many business users are connected to their networks via a wireless access point. This form of access is very easy to attack, to cause a temporary denial-of-service. I'll open up a terminal window and use airmon to check my wireless card's interface. I can see that it's wlan0. I'll now put the wireless card into monitoring mode so that it can detect the networks and hosts being used in the local area. This shows that the monitoring device is now enabled as wlan0mon.
I'll start it listening to the wireless traffic and see what's active. This display shows me the networks at the top and the clients at the bottom. In the top part, the BSSID is the hardware address of the access point and the service set identification or ESSID is an alphanumeric key up to 32 characters long which identifies the wireless local area network. In the bottom part, the station is the MAC address of the client.
I've got a remote connection open to my Windows 10 system, and I'm running the performance monitor to generate some traffic across the air. I'll open a command shell and look at the detailed network interface information. This shows me the physical address of the wireless card. I can see that it's 94-A1-A2- 22-B1-C3.
Let's go back to Kali. I can see that my network TPG-83NJ is running on channel eight, so I'll set the wireless card to that channel also. I can see the Windows 10 system with its station starting with 94 running in the bottom section. I'll now rely on replay to deauthenticate this device which will disconnect it from the network. To do this, I'll specify the access point via SSID with the a option and the station physical address using the c option.
I'll use the -0 option for a deauthentication attack with 100 packet streams to the target. Okay, we can see the streams are being sent. When we check the remote access, we can see that the Windows 10 system is no longer responding. If the host is configured to automatically recover a lost network connection, the disruption may be minor. However, where the host requires manual reconnection, it will be off the air until someone notices and recovers it.
Note: Our Ethical Hacking series will map to the 18 parts of the EC-Council's certification exam. This course maps to the 09 Denial of Service domain.
- What is denial of service?
- SYN flooding
- Smurf and URL flooding
- Deauthenticating a wireless host
- Flooding HTTP
- Using BlackEnergy
- Flooding SIP
- Detecting DoS with PeerShark
- Defeating DoS attacks