/crlf-injector

A CRLF ( Carriage Return Line Feed ) Injection attack occurs when a user manages to submit a CRLF into an application. This is most commonly done by modifying an HTTP parameter or URL.

Primary LanguagePythonMIT LicenseMIT

CRLF.py

CRLF - Auto CRLF Injector

Author: Rudra Sarkar

Disclaimer: I am not responsible for any damage done using this tool. This tool should only be used for educational purposes and for penetration testing.

Compatibility:

  • Any platform using Python 2.7

Requirements:

  • Python 2.7
  • Modules: requests

Install Requests Modules:

$ pip install requests

Usage:

$ python crlf.py

Use $ python crlf.py [domain_list.ext] [crlf_payload]

e.g $ python crlf.py mail.ru.list /%0aevil-here:malicious_cookie1

Payloads:

/%0aevil-here:malicious_cookie1

/%0d%0aevil-here:malicious_cookie1

Screenshot:

Process:

  Process   Regards!

Rudra Sarkar