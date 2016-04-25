OWASP SwitchBlade (formerly known as HTTP Post/DoS Tool) is an open source program that allows you to perform Denial of Service attacks on web applications. If you are a web app developer, then it is a great tool for you, you can use it to test the stability of your web applications against HTTP Post, Slowloris, and SSL renegotiation attacks.



Let's talk about the attacks...



HTTP POST Attack When an HTTP client (ex: web browser) communicates with a server, it sends an HTTP request: GET request or a POST request.



GET requests are used to retrieve standard, static contents (ex: images), and POST requests are used to access dynamically generated resources.



And you probably know that the DoS attacks are most effective when it forces the server or the application to allocate the maximum resources possible in response to each single request, and the POST requests are capable of doing that - it allows you to include parameters that can trigger complex server-side processing. That is the main reason why attackers choose HTTP POST attacks instead of HTTP GET attacks.



HTTP GET based DoS attacks are good only if you have a botnet or a large network.



Does not work on IIS web servers or web servers with timeout limits for HTTP headers.

Easily defensible using popular load balancers, such as F5 and Cisco, reverse proxies and certain Apache modules, such as mod_antiloris.

Anti-DDOS systems may use delayed binding or TCP Splicing to defend against HTTP GET attacks.