Re: [W3af-develop] BadStatusLine problem

Tue, 24 Jul 2012 09:17:40 -0700 

Taras,

On Tue, Jul 24, 2012 at 1:06 PM, Taras <[email protected]> wrote:
> Hi, all!
>
> Sometime w3af finishes its work with BadStatusLine error.
> Problem is I can't figure out stable steps to reproduce this case.
> What is usually caused it and what we/w3af should do when it get strange
> HTTP response which urllib can't parse?

I've seen this issue a couple of times in w3af, AND also in other
softwares [0][1], maybe the answers in those references can help you
fix the issue. Last time I checked, it was because Apache was actually
omitting the status line for *some* HTTP responses. Two options come
to my mind:

    * If we identify which requests trigger those invalid responses,
and if the requests are specific enough, we can accept not to send
them?
    * Create a special treatment for those invalid, out of protocol, responses

But before doing anything, it would be nice to understand why Apache
sends something like that!

[0] 
http://stufftohelpyouout.blogspot.com.ar/2010/05/how-to-fix-nethttpbadresponse-wrong.html
[1] 
http://stackoverflow.com/questions/8269904/why-do-i-get-wrong-status-line-errors-from-nokogiri

Regards,

>
> --
> Taras
> http://oxdef.info
> GPG: C8D1F510
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> W3af-develop mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/w3af-develop



-- 
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
W3af-develop mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-develop

Reply via email to