【实验】cc攻击原理：

cc攻击原理

CC(ChallengeCollapsar，挑战黑洞)攻击是DDoS攻击的一种类型，使用代理服务器向受害服务器
发送大量貌似合法的请求。CC根据其工具命名，攻击者使用代理机制，利用众多广泛可用的免费代
理服务器发动DDoS攻击。许多免费代理服务器支持匿名模式，这使追踪变得非常困难。
CC攻击的原理就是攻击者控制某些主机不停地发大量数据包给对方服务器造成服务器资源耗尽，一
直到宕机崩溃。CC主要是用来攻击页面的，每个人都有这样的体验：当一个网页访问的人数特别多
的时候，打开网页就慢了，CC就是模拟多个用户（多少线程就是多少用户）不停地进行访问那些需
要大量数据操作（就是需要大量CPU时间）的页面，造成服务器资源的浪费，CPU长时间处于
100%，永远都有处理不完的连接直至就网络拥塞，正常的访问被中止。

攻击步骤

kali操作系统的ab命令（ Apache Benchmark简称AB ）

┌──(kali㉿kali)-[~]
└─$ ab -h
Usage: ab [options] [http[s]😕/]hostname[:port]/path
Options are:
-n requests Number of requests to perform
-c concurrency Number of multiple requests to make at a time
-t timelimit Seconds to max. to spend on benchmarking This implies -n 50000
-s timeout Seconds to max. wait for each response Default is 30 seconds
-b windowsize Size of TCP send/receive buffer, in bytes
-B address Address to bind to when making outgoing connections
-p postfile File containing data to POST. Remember also to set -T
-u putfile File containing data to PUT. Remember also to set -T
-T content-type Content-type header to use for POST/PUT data, eg.
‘application/x-www-form-urlencoded’
Default is ‘text/plain’
-v verbosity How much troubleshooting info to print
-w Print out results in HTML tables
-i Use HEAD instead of GET
-x attributes String to insert as table attributes
-y attributes String to insert as tr attributes
-z attributes String to insert as td or th attributes
-C attribute Add cookie, eg. ‘Apache=1234’. (repeatable)
-H attribute Add Arbitrary header line, eg. ‘Accept-Encoding: gzip’
Inserted after all normal header lines. (repeatable)
-A attribute Add Basic WWW Authentication, the attributes
are a colon separated username and password.
-P attribute Add Basic Proxy Authentication, the attributes
are a colon separated username and password.
-X proxy:port Proxyserver and port number to use
-V Print version number and exit
-k Use HTTP KeepAlive feature
-d Do not show percentiles served table.
-S Do not show confidence estimators and warnings.
-q Do not show progress when doing more than 150 requests
-l Accept variable document length (use this for dynamic
pages)
-g filename Output collected data to gnuplot format file.
-e filename Output CSV file with percentages served
-r Don’t exit on socket receive errors.
-m method Method name
-h Display usage information (this message)
-I Disable TLS Server Name Indication (SNI) extension
-Z ciphersuite Specify SSL/TLS cipher suite (See openssl ciphers)
-f protocol Specify SSL/TLS protocol
(SSL2, TLS1, TLS1.1, TLS1.2, TLS1.3 or ALL)
-E certfile Specify optional client certificate chain and private
key
ab -n 请求数 -c 单次请求数 网站链接

其它方式

yum install -y httpd-tools
ab -n 请求数 -c 单次请求数 网站链接
参考链接：https://blog.csdn.net/Aluxian_/article/details/128823436

其它工具

Siege是一款开源的压力测试工具，设计用于评估WEB应用在压力下的承受能力。可以根据配置对一个 WEB站点进行多用户的并发访问，记录每个用户所有请求过程的·相应时间，并在一定数量的并发访问下重复进行。siege可以从您选择的预置列表中请求随机的URL。

下载

[root@redis-120-20 opt]# git clone https://github.com/JoeDog/siege.git

yum安装

[root@redis-120-20 opt]# apt install siege
说明
$ siege -h
SIEGE 4.0.2
Usage: siege [options]
siege [options] URL
siege -g URL
Options:
-V, --version VERSION, prints the version number.
-h, --help HELP, prints this section.
-C, --config CONFIGURATION, show the current config.
-v, --verbose VERBOSE, prints notification to screen.
-q, --quiet QUIET turns verbose off and suppresses output.
-g, --get GET, pull down HTTP headers and display the
transaction. Great for application debugging.
-c, --concurrent=NUM CONCURRENT users, default is 10
-r, --reps=NUM REPS, number of times to run the test.
-t, --time=NUMm TIMED testing where “m” is modifier S, M, or H
ex: --time=1H, one hour test.
-d, --delay=NUM Time DELAY, random delay before each requst
-b, --benchmark BENCHMARK: no delays between requests.
-i, --internet INTERNET user simulation, hits URLs randomly.
-f, --file=FILE FILE, select a specific URLS FILE.
-R, --rc=FILE RC, specify an siegerc file
-l, --log[=FILE] LOG to FILE. If FILE is not specified, the
default is used: PREFIX/var/siege.log
-m, --mark=“text” MARK, mark the log file with a string.
between .001 and NUM. (NOT COUNTED IN STATS)
-H, --header=“text” Add a header to request (can be many)
-A, --user-agent=“text” Sets User-Agent in request
-T, --content-type=“text” Sets Content-Type in request

** siege -c 并发数目 -r 测试次数 目标网站
好小子，离成功又近一步！！！