Skip to content

rudSarkar/crlf-injector

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
LICENSE.md
LICENSE.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
crlf.py
crlf.py
 
 
file.lst
file.lst
 
 
process.png
process.png
 
 

Repository files navigation

CRLF.py

CRLF - Auto CRLF Injector

Author: Rudra Sarkar

Disclaimer: I am not responsible for any damage done using this tool. This tool should only be used for educational purposes and for penetration testing.

Compatibility:

  • Any platform using Python 2.7

Requirements:

  • Python 2.7
  • Modules: requests

Install Requests Modules:

$ pip install requests

Usage:

$ python crlf.py

Use $ python crlf.py [domain_list.ext] [crlf_payload]

e.g $ python crlf.py mail.ru.list /%0aevil-here:malicious_cookie1

Payloads:

/%0aevil-here:malicious_cookie1

/%0d%0aevil-here:malicious_cookie1

Screenshot:

Process:

  Process   Regards!

Rudra Sarkar

About

A CRLF ( Carriage Return Line Feed ) Injection attack occurs when a user manages to submit a CRLF into an application. This is most commonly done by modifying an HTTP parameter or URL.

www.owasp.org/index.php/CRLF_Injection

Topics

python bugbounty toolshacking crlf-injection

Resources

Readme

License

MIT license
Activity

Stars

49 stars

Watchers

0 watching

Forks

17 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages