slowhttptest icon indicating copy to clipboard operation
slowhttptest copied to clipboard

Published 20 hours ago verified publisher icon shekyan

Support body data in POST requests

Open fsaintjacques opened this issue 8 years ago • 4 comments

It is quite common to pass data via body in POST requests nowadays, having a -d flag à-la curl would be really useful :). As a remeinder, -d works in 2 ways:

  • direct mode -d'my custom embedded data'
  • file mode -d@path_where_my_data_is.json

fsaintjacques avatar Aug 23 '16 16:08 fsaintjacques

Sure, this is something to consider. Do you expect the data be slowly served as well e.g. for slow POST, or enable this for only slow read type of attacks? I can see it be useful for slow read, where a specific body data can trigger a special handling path, but don't see a benefit of slowly serving specific data. But who knows..

shekyan avatar Aug 23 '16 17:08 shekyan

In our specific case, we want slow read on the response body. The body of the request is used such that the server doesn't answer back a 5xx.

Specifically, we want to see how timeouts configuration in our server behaves with clients that slowly slurp response body.

fsaintjacques avatar Aug 23 '16 17:08 fsaintjacques

Any updates ?

tchelidze avatar Jan 28 '19 12:01 tchelidze

I can see another practical use-case here - if the server has added a WAF mitigation that looks for signs of non-legitimate request bodies and blocking those, then this feature could be used to test around that.

joknoxy avatar Nov 22 '23 10:11 joknoxy