SlowHTTPTest is a highly configurable tool that can simulate application layer denial of service attacks by prolonging HTTP connections in different ways.

It can simulate Slowloris, Slow HTTP POST, Slow Read attack, and the Apache Range Header attack.

Slowloris and Slow HTTP POST attacks rely on the fact that the HTTP protocol, by design, requires requests to be completely received by the server before they are processed. If an HTTP request is not complete, or if the transfer rate is very low, the server keeps its resources busy waiting for the rest of the data. If the server keeps too many resources busy, this creates a denial of service. This tool is sending partial HTTP requests, trying to get denial of service from target HTTP server.

Slow Read attack aims the same resources as slowloris and slow POST, but instead of prolonging the request, it sends legitimate HTTP request and reads the response slowly.

Apache Range Header attack relay on a vulnerability in the Apache HTTPD server (prior to version 2.2.20). With a modest number of requests, the attack can cause very significant memory and CPU usage on the server.

SlowHTTPTest works on a majority of Linux platforms, OS X and Cygwin.