Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/rudSarkar/crlf-injector

A CRLF ( Carriage Return Line Feed ) Injection attack occurs when a user manages to submit a CRLF into an application. This is most commonly done by modifying an HTTP parameter or URL.
https://github.com/rudSarkar/crlf-injector

bugbounty crlf-injection python toolshacking

Last synced: about 1 month ago
JSON representation

A CRLF ( Carriage Return Line Feed ) Injection attack occurs when a user manages to submit a CRLF into an application. This is most commonly done by modifying an HTTP parameter or URL.

Host: GitHub
URL: https://github.com/rudSarkar/crlf-injector
Owner: rudSarkar
License: mit
Created: 2017-06-22T18:54:21.000Z (about 7 years ago)
Default Branch: master
Last Pushed: 2022-04-08T01:48:53.000Z (over 2 years ago)
Last Synced: 2024-04-11T06:37:42.343Z (5 months ago)
Topics: bugbounty, crlf-injection, python, toolshacking
Language: Python
Homepage: https://www.owasp.org/index.php/CRLF_Injection
Size: 205 KB
Stars: 45
Watchers: 1
Forks: 21
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-rainmana - rudSarkar/crlf-injector - A CRLF ( Carriage Return Line Feed ) Injection attack occurs when a user manages to submit a CRLF into an application. This is most commonly done by modifying an HTTP parameter or URL. (Python)
awesome-hacking-lists - rudSarkar/crlf-injector - A CRLF ( Carriage Return Line Feed ) Injection attack occurs when a user manages to submit a CRLF into an application. This is most commonly done by modifying an HTTP parameter or URL. (Python)

README

# CRLF.py
CRLF - Auto CRLF Injector

Author: [Rudra Sarkar](https://twitter.com/rudr4_sarkar)

Disclaimer: I am not responsible for any damage done using this tool. This tool should only be used for educational purposes and for penetration testing.

### Compatibility:
* Any platform using Python 2.7

### Requirements:
* Python 2.7
* Modules: requests

### Install Requests Modules:
`$ pip install requests`

### Usage:
$ python crlf.py

Use $ python crlf.py [domain_list.ext] [crlf_payload]

e.g $ python crlf.py mail.ru.list /%0aevil-here:malicious_cookie1

# Payloads:
### /%0aevil-here:malicious_cookie1
### /%0d%0aevil-here:malicious_cookie1

# Screenshot:

### Process:

![Process](https://raw.githubusercontent.com/rudSarkar/crlf-injector/master/process.png)

Regards!

[Rudra Sarkar](https://twitter.com/rudr4_sarkar)