Project 5x for CNIT 122 - Tor (15 pts.)

What You Need


With PyLoris and Tor, you can make a realistic Incomplete HTTP Headers attack with rapidly changing source addresses, which makes it harder to block.

Legal Warning

Don't attack any site without permission! This thing is quite capable of taking down any Apache server on the Internet that does not have proper defenses, such as CloudFlare.

Downloading and Installing Vidalia

In a Web browser, go to

Scroll down and find the vidalia-bundle- link, as shown below:

Download and install the software with the default options.

Opening the Vidalia Control Panel

Vidalia should open, as shown below:

If it does not open, right-click the little icon in the Notification Area at the lower right of the desktop and click "Control Panel," as shown below:

Setting the Tor Password

In the Vidalia Control Panel, click Settings.

Click the Advanced tab. Clear the "Randomly Generate" box and type in a password of password as shown below:

Click OK.

Instaling Python 2

In a Web browser, go to

Download the "Python 2.7.2 Windows Installer" as shown below:

Install Python with the default options.

Download PyLoris

In a browser, go to

Click the green "Download" button, as shown below:

Save the file, and unzip it. Open the "pyloris-3.2" folder to see the .py files, as shown below:

Launching tor_switcher


Two windows open. One is large and black, titled "C:\Python27\python.exe"--leave that one open but ignore it.

In the "TOR Switcher" window, type password in the password box, and change the Interval to 1, as shown below:

This will change your Tor relays every second.

Preparing the Attack

You will be attacking one of my servers. If too many people bring it down all the time, I may have to take it offline, but hopefully people will leave it up long enough for students to do this project. It doesn't have anything essential on it.

In the "pyloris-3.2" window, double-click

As before, ignore the big black window and leave it open.

In the "PyLoris" window, make these changes:

Your window should look like the image below:

Don';t start the attack yet, because you need to start the server sniffing packets so you can tell that it is working.

Starting Sniffing at the Server

In a browser, go to

A simple page opens, as shown below:

Click the "Sniff HTTP packets to text file" link. This starts the sniffer. It will run for 30 seconds--and during that time the status bar will show "Waiting for", as shown below:

Attacking the Server

If the sniffer has stopped, refresh the Web page.

In the "PyLoris" window, click the Launch button. The attack starts, as shown below:

Wait for 30 seconds, until the sniffer stops running. Then click the "Stop Attack" button.

Viewing the Captured Packets

In the Web browser showing the sniffer, click the "Click here to view captured packets in the browser" link.

You should see at least two different source IP addresses sending packets, as shown below:

Saving the Screen Image

Make sure two different source IP addresses are visible, as shown above.

Save a screen capture with a filename of "Proj 5xa from YOUR NAME".

Observing the Tor Relay

Enter one of the source IP addresses from the capture into the Address field in a browser.

You see a message confirming that the address is a Tor exit router, as shown below:

Saving the Screen Image

Make sure page shows that the IP address from your packet capture is a Tor exit router, as shown above.

Save a screen capture with a filename of "Proj 5xb from YOUR NAME".

Turning In Your Project

Email the images to with a subject of "Project 5x from YOUR NAME".


Thanks to @BreezySeas for telling me about PyLoris!

Last modified 11-23-11 10:30 pm