Blog | G5 Cyber Security

HTTP Flood Test Tool

G5 Cyber Security

TL;DR

We’ll use hey, a simple command-line tool to simulate an HTTP flood on your website. It’s easy to install and use, even if you don’t have much technical experience.

Steps

  1. Install hey

    2. hey is available for Linux, macOS, and Windows. Here’s how to install it:

sudo apt update && sudo apt install hey
  • macOS (Homebrew):
    • brew install hey
  • Windows (Chocolatey):
    • choco install hey
  • Download Binaries: If you can’t use a package manager, download the appropriate binary from the GitHub releases page and add it to your system’s PATH.
  • Basic Usage – Single Request

    • To send a single GET request to your website, use:

    hey

    Replace with the actual URL of your site (e.g., https://www.example.com).

  • Simulating an HTTP Flood

    • To simulate a flood, you need to send multiple requests concurrently. The -n flag specifies the total number of requests and -c sets the concurrency (number of parallel requests). Start with a small number of concurrent requests.

    hey -n 100 -c 10

    This sends 100 requests with 10 concurrent connections. Monitor your website’s performance while running this command.

  • Increasing the Load (Carefully!)

    • Gradually increase the concurrency (-c) to see how your server handles more load. Be cautious, as excessive traffic can overload your server and potentially cause downtime. Start with small increments (e.g., 20, 50, 100).

    hey -n 1000 -c 50
  • Customising Requests
    • hey -n 10 -c 2 -m 'data=some_post_data'
  • Headers: Add custom headers with the -H flag. You can specify multiple headers. 
    hey -n 10 -c 2 -H "Content-Type: application/json" -H "X-Custom-Header: value"
  • Interpreting the Results

    • hey provides useful statistics, including:

  • Important Considerations
    • Exit mobile version