Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Implemented passing of headers to "attack" using a -H argument. Fix for issue #32 #47

Closed
wants to merge 5 commits into from

3 participants

@b2mdevelopment

Implemented passing of headers to the bees when attacking.

The format for a single header is as follows:
bees attack -H "key:value" ...

Multiple headers can be ";" seperated, e.g.
bees attack -H "key1:value1;key2:value2" ...

Regards,
@roylines and @jamesbloomer

@cosmin
Collaborator

Can you rebase this pull request on top of master to get rid of the spurious merge commits?

@cosmin
Collaborator

I ended up cherry picking the relevant commits to keep the history clean.

@cosmin cosmin closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
This page is out of date. Refresh to see the latest.
Showing with 17 additions and 4 deletions.
  1. +13 −3 beeswithmachineguns/bees.py
  2. +4 −1 beeswithmachineguns/main.py
View
16 beeswithmachineguns/bees.py
@@ -191,7 +191,12 @@ def _attack(params):
print 'Bee %i is firing his machine gun. Bang bang!' % params['i']
- stdin, stdout, stderr = client.exec_command('ab -r -n %(num_requests)s -c %(concurrent_requests)s -C "sessionid=NotARealSessionID" "%(url)s"' % params)
+ params['header_string'] = '';
+ if params['headers'] is not '':
+ for h in params['headers'].split(';'):
+ params['header_string'] += ' -H ' + h
+
+ stdin, stdout, stderr = client.exec_command('ab -r -n %(num_requests)s -c %(concurrent_requests)s -C "sessionid=NotARealSessionID" %(header_string)s "%(url)s"' % params)
response = {}
@@ -275,7 +280,7 @@ def _print_results(results):
else:
print 'Mission Assessment: Swarm annihilated target.'
-def attack(url, n, c):
+def attack(url, n, c, headers):
"""
Test the root url of this site.
"""
@@ -324,12 +329,17 @@ def attack(url, n, c):
'num_requests': requests_per_instance,
'username': username,
'key_name': key_name,
+ 'headers': headers,
})
print 'Stinging URL so it will be cached for the attack.'
# Ping url so it will be cached for testing
- urllib2.urlopen(url)
+ dict_headers = {}
+ if headers is not '':
+ dict_headers = headers = dict(h.split(':') for h in headers.split(';'))
+ request = urllib2.Request(url, headers=dict_headers)
+ urllib2.urlopen(request).read()
print 'Organizing the swarm.'
View
5 beeswithmachineguns/main.py
@@ -91,6 +91,9 @@ def parse_options():
attack_group.add_option('-c', '--concurrent', metavar="CONCURRENT", nargs=1,
action='store', dest='concurrent', type='int', default=100,
help="The number of concurrent connections to make to the target (default: 100).")
+ attack_group.add_option('-H', '--headers', metavar="HEADERS", nargs=1,
+ action='store', dest='headers', type='string', default='',
+ help="HTTP headers to send to the target to attack. Multiple headers should be separated by semi-colons, e.g header1:value1;header2:value2")
parser.add_option_group(attack_group)
@@ -120,7 +123,7 @@ def parse_options():
if not parsed.path:
parser.error('It appears your URL lacks a trailing slash, this will disorient the bees. Please try again with a trailing slash.')
- bees.attack(options.url, options.number, options.concurrent)
+ bees.attack(options.url, options.number, options.concurrent, options.headers)
elif command == 'down':
bees.down()
elif command == 'report':
Something went wrong with that request. Please try again.