Forget the post for a minute, let's begin with what this title is about! This is a web security-based article which will get into the basics about how HTTP works. We'll also look at a simple attack which exploits the way the HTTP protocol works.

暫時忘掉這個帖子，讓我們從這個標題開始吧！ 這是一篇基于Web安全的文章，將深入介紹HTTP的工作原理。 我們還將研究一種利用HTTP協議工作方式的簡單攻擊。

什么是HTTP？ (What is HTTP?)

HTTP, HyperText Transfer Protocol, is the protocol used by the web for communication. Your device, when you use a browser, uses this particular protocol to send requests to remote servers to request data from them.

HTTP，超文本傳輸??協議，是網絡用于通信的協議。 您的設備在使用瀏覽器時，會使用此特定協議將請求發送到遠程服務器，以從它們請求數據。

It's basically like you saying to your mom, "Hey mom, I need to eat the item in the fridge present at shelf 2, could you give it to me?"

基本上就像您對媽媽說：“嘿，媽媽，我需要把食物放在架子2上的冰箱里吃，能給我嗎？”

And your mom says, "Sure, here you go", and sends you that item. Now, HTTP is the way you were able to communicate this information to your mom, more like the language you used for communication.

然后你媽媽說：“可以，你走了”，然后把那個東西寄給你。 現在，HTTP是您能夠向媽媽傳達此信息的方式，更像是您用于交流的語言。

HTTP如何工作 (How HTTP Works)

Here's a TL;DR video if you're a video person. Otherwise, proceed with the article:

如果您是視頻人，這是TL; DR視頻。 否則，請繼續閱讀本文：

HTTP (Layer 7) is built on the top of TCP protocol (Layer 4). We can use nc (netcat) utility to open a raw TCP socket to any website running on HTTP (usually port 80). See the following example on how we connect to HTTP port 80 for google.com using netcat:

HTTP(第7層)建立在TCP協議(第4層)的頂部。 我們可以使用nc (netcat)實用程序打開原始HTTP套接字，以打開任何在HTTP(通常為端口80)上運行的網站。 請參閱以下示例，了解我們如何使用netcat連接到google.com的HTTP端口80：

See the data we sent:

查看我們發送的數據：

GET / HTTP/1.1
Host: google.com
X-header-1: somemoredata
X-header-2: somemoredata
<empty line>

Ignore the extra X-header-* headers, they're just random headers you can send with your request. The important header to include in HTTP/1.1 spec is the Host header.

忽略多余的X-header-*標頭，它們只是您可以隨請求發送的隨機標頭。 要包含在HTTP / 1.1規范中的重要標頭是Host標頭。

And the response we got:

我們得到的回應是：

HTTP/1.1 301 Moved Permanently
Location: http://www.google.com/
Content-Type: text/html; charset=UTF-8
Date: Tue, 01 Oct 2019 23:24:13 GMT
Expires: Thu, 31 Oct 2019 23:24:13 GMT
Cache-Control: public, max-age=2592000
Server: gws
Content-Length: 219
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Accept-Ranges: none
Via: HTTP/1.1 forward.http.proxy:3128
Connection: keep-alive<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.
</BODY></HTML>

Thus, HTTP is a plaintext protocol consisting of the request information sent by the client and the response as shown above.

因此，HTTP是一個純文本協議，由客戶端發送的請求信息和響應組成，如上所述。

懶猴攻擊 (Slow Loris Attack)

A Slow Loris attack exploits the fact that I could make an HTTP request very very slowly. In other words, I can initiate an HTTP request to the server and keep sending data to the server very slowly in order to keep that connection alive. And at the same time, it never ends that connection and opens multiple such connections to exhaust the connection pool of the server.

Slow Loris攻擊利用了我可以非常非常緩慢地發出HTTP請求的事實。 換句話說，我可以向服務器發起HTTP請求，并保持非常緩慢的速度向服務器發送數據，以保持連接狀態。 同時，它永遠不會終止該連接并打開多個此類連接以耗盡服務器的連接池。

Disclaimer - Penetration testing any online/offline service not owned by you without prior written permission is illegal and I'm not responsible for any damage caused. Use this content for educational purposes only.

免責聲明 -未經事先書面許可，滲透測試不屬于您的任何在線/離線服務是非法的 ，對于由此造成的任何損失，我不承擔任何責任。 將此內容僅用于教育目的。

慢勞里斯示范： (Slow Loris Demonstration:)

This means, I could keep on sending additional data to the server in the form of headers. Now, I'll start a simple PHP development server on my machine:

這意味著，我可以繼續以標頭的形式向服務器發送其他數據。 現在，我將在計算機上啟動一個簡單PHP開發服務器：

And I use a simple Node script to perform what we discussed above on my local server:

我使用一個簡單的Node腳本在本地服務器上執行我們上面討論的內容：

You can find the Node script used here.

您可以在此處找到使用的Node腳本。

After some time, you'll see that our PHP server actually crashes!

一段時間后，您會看到我們PHP服務器實際上崩潰了！

This is because there are way too many open connections and PHP cannot handle any more open connections (due to memory/hardware limits).

這是因為存在太多的打開連接，而PHP無法處理任何更多的打開連接(由于內存/硬件限制)。

Now, of course this works flawlessly on a local development server. But if you're able to find a server which does not implement protections against slow loris attacks, it is a big problem for them.

現在，這當然可以在本地開發服務器上完美運行。 但是，如果您能夠找到未對慢loris攻擊實施保護的服務器，那么這對他們來說就是一個大問題。

防止Loris慢速攻擊 (Protections against a Slow Loris attack)

• Use solutions like Cloudflare in front of your servers to prevent DoS/DDoS

  在服務器前使用諸如Cloudflare之類的解決方案來防止DoS / DDoS

  Quoting from Cloudflare's site:

  從Cloudflare網站引用：

Cloudflare buffers incoming requests before starting to send anything to the origin server. As a result, “low and slow” attack traffic like Slowloris attacks never reach the intended target. Learn more about how Cloudflare's DDoS protection stops slowloris attacks.

Cloudflare在開始將任何內容發送到原始服務器之前會緩沖傳入的請求 。 結果，像Slowloris攻擊這樣的“低速和慢速”攻擊流量永遠不會達到預期的目標。 詳細了解Cloudflare的DDoS保護如何阻止慢速龍網攻擊。

• Rate limit number of simultaneous connections open by a particular IP address to a small number. This could be achieved using simple frontend reverse proxy servers like nginx using their leaky bucket algorithm implementation. How that works, is something for another day!
  通過特定IP地址打開的并發連接的速率限制數目很小。 這可以通過使用像nginx這樣的簡單前端反向代理服務器并使用其泄漏存儲桶算法實現來實現。 如何運作，又是另一回事！
• Increasing the server capacity - Now this might mitigate small attacks, but honestly attacker can and would scale/amplify the original attack quite easily due to the less bandwidth required to carry out such an attack.
  增加服務器容量-現在這可以緩解小型攻擊，但老實地說，由于執行此類攻擊所需的帶寬較小，攻擊者可以并且很容易擴展/放大原始攻擊。

結論 (Conclusion)

A lot of servers (nginx/apache2 new versions) come with slow loris attack protections by default. But for a lot of internal services, servers might be vulnerable to this simple attack.

默認情況下，許多服務器(新版nginx / apache2)都具有慢loris攻擊保護功能。 但是對于許多內部服務而言，服務器可能容易受到這種簡單攻擊的攻擊。

You might want to check your services and implement the fixes. Web security is an exciting area, and I plan to do a web series on it on codedamn. You can connect with me on twitter for updates too. Till then, be safe!

您可能需要檢查服務并實施修補程序。 網絡安全是一個令人興奮的領域，我計劃在codedamn上進行網絡系列開發 。 您也可以在Twitter上與我聯系以獲取更新。 到那時，要安全！

翻譯自: https://www.freecodecamp.org/news/slow-loris-attack-using-javascript-on-php-server/