Carlos, On Fri, Jun 26, 2009 at 6:17 PM, Carlos perez<[email protected]> wrote: > Slowloris is part of the architecture of apache not a bug so the only way to > check if an admin took preventive measures for his specific environent would > be to check the apache.conf file
But if the admin took preventive measures, can't I test it using black box? > Sent from my iPhone > > On Jun 26, 2009, at 3:25 PM, Andres Riancho <[email protected]> > wrote: > >> List, >> >> Does anyone know if it's possible to test for the ""slowris >> vulnerability"" [0] without DoS'ing the web server? I was thinking >> that if that was possible, we could add it to w3af. Someone already >> did something in python [1], so it shouldn't be hard to add it to >> w3af. >> >> [0] http://ha.ckers.org/slowloris/ >> [1] http://motomastyle.com/pyloris-a-python-implementation-of-slowloris/ >> >> Cheers, >> -- >> Andrés Riancho >> Founder, Bonsai - Information Security >> http://www.bonsai-sec.com/ >> http://w3af.sf.net/ >> >> >> ------------------------------------------------------------------------------ >> _______________________________________________ >> W3af-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/w3af-users > -- Andrés Riancho Founder, Bonsai - Information Security http://www.bonsai-sec.com/ http://w3af.sf.net/ ------------------------------------------------------------------------------ _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
