HTTP-SMART stress test

A fingerprint-accurate HTTP stress that imitates real Chrome, Firefox, Edge, and Safari clients across HTTP/1, 2, and 3 to test fingerprint-based bot detection.

Run HTTP-SMART test → All methods

50-125k rq/s

request rate

How it works

This method replays authentic browser fingerprints, the TLS ClientHello, HTTP/2 SETTINGS, and QUIC parameters, for Chrome, Firefox, Edge, and Safari, and can switch protocol versions per the target. Because the requests look indistinguishable from real browsers at the fingerprint level, they test whether your bot management can still separate automation from genuine clients when the easy signals are gone. Run it to validate fingerprint scoring, behavioral analysis, and adaptive rate limiting against traffic that defeats naive user-agent filtering.

Parameters

browser_profileChrome/Firefox/Edge/SafariWhich real browser fingerprint to imitate end to end.

http_version1 / 2 / 3Protocol version negotiated for the session.

rate50-125k rq/sRequests per second per worker.

streams1-50Concurrent streams or connections per worker.

Run it from the CLI

retro-cli

$ retro run http-smart --target https://example.com --rps 800 --duration 120

HTTP-SMART FAQ

What makes this harder to detect than a normal HTTP flood?+

It reproduces real browser fingerprints down to the TLS ClientHello and HTTP/2 SETTINGS, so defenses that filter on user-agent or simple heuristics will not catch it. Only fingerprint and behavior aware systems will.