# HTTP Headers

## HTTP Header Issues

### Headi

Headi is an automated HTTP header injection tool that will connect to a web server using various headers and monitor the responses for any potential weaknesses.

* <https://github.com/mlcsec/headi>&#x20;

The following command will check for several header related issues on a URL.

`headi -u URL`

## CRLF Vulnerabilities&#x20;

CRLF injection occurs when it is possible to insert CR and LF characters into a web application using user-supplied input. This may force the server, application, or user into interpreting the CRLF as the end of a response and the beginning of another which may lead to HTTP response splitting.

### CRLFuzz

CRLFuzz is a tool to scan for CRLF vulnerabilities.

* <https://github.com/dwisiswant0/crlfuzz>

The following command will check for CRLF issues on a URL.

`./crlfuzz -u <URL>`