HTTP Headers
How to exploit HTTP Headers.
HTTP Header Issues
Headi
Headi is an automated HTTP header injection tool that will connect to a web server using various headers and monitor the responses for any potential weaknesses.
The following command will check for several header related issues on a URL.
headi -u URL
CRLF Vulnerabilities
CRLF injection occurs when it is possible to insert CR and LF characters into a web application using user-supplied input. This may force the server, application, or user into interpreting the CRLF as the end of a response and the beginning of another which may lead to HTTP response splitting.
CRLFuzz
CRLFuzz is a tool to scan for CRLF vulnerabilities.
The following command will check for CRLF issues on a URL.
./crlfuzz -u <URL>
Last updated