TestClient
The TestClient is an application for injecting a set of requests that are read from audit-log data as produced by mod_security or the AuditLogger into a web server that might as well be a reverse-proxy in front of a backend server. This can be used to evaluate rulesets with regard to performance or detection-rate issues. A description of such an evaluation of the mod_security core-rules and the gotroot ruleset can be found in my article on the Evaluation of Rulesets.
The application itself is currently in a beta-testing state. If you are interested in trying it/using it for your own evaluations just let me know and I will make it available for you.
Known Bugs
- Handling of multipart/form-data does not work properly
Feature Plans/Ideas
- A small GUI for easy use for non-shell users
- A nice reporting of test-results (performance-results)
- Multi-threading to raise the number of requests sent out
- Distributed coordination-sync to start distributed stress-testing with multiple real-client machines/simulate botnet-attacks