Slowloris is part of the architecture of apache not a bug so the only way to check if an admin took preventive measures for his specific environent would be to check the apache.conf file
Sent from my iPhone On Jun 26, 2009, at 3:25 PM, Andres Riancho <[email protected]> wrote: > List, > > Does anyone know if it's possible to test for the ""slowris > vulnerability"" [0] without DoS'ing the web server? I was thinking > that if that was possible, we could add it to w3af. Someone already > did something in python [1], so it shouldn't be hard to add it to > w3af. > > [0] http://ha.ckers.org/slowloris/ > [1] http://motomastyle.com/pyloris-a-python-implementation-of-slowloris/ > > Cheers, > -- > Andrés Riancho > Founder, Bonsai - Information Security > http://www.bonsai-sec.com/ > http://w3af.sf.net/ > > --- > --- > --- > --------------------------------------------------------------------- > _______________________________________________ > W3af-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/w3af-users ------------------------------------------------------------------------------ _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
