HTTP Headers

How to exploit HTTP Headers.

HTTP Header Issues

Headi

Headi is an automated HTTP header injection tool that will connect to a web server using various headers and monitor the responses for any potential weaknesses.

https://github.com/mlcsec/headi

The following command will check for several header related issues on a URL.

headi -u URL

CRLF Vulnerabilities

CRLF injection occurs when it is possible to insert CR and LF characters into a web application using user-supplied input. This may force the server, application, or user into interpreting the CRLF as the end of a response and the beginning of another which may lead to HTTP response splitting.

CRLFuzz

CRLFuzz is a tool to scan for CRLF vulnerabilities.

https://github.com/dwisiswant0/crlfuzz

The following command will check for CRLF issues on a URL.

./crlfuzz -u <URL>

PreviousCross-Site Scripting NextBypasses

Last updated 1 year ago