What are good tools for finding CRLF injection vulnerabilities?
Asked
Active
Viewed 902 times
3
![](../../users/profiles/414.webp)
Gilles 'SO- stop being evil'
- 50,912
- 13
- 120
- 179
![](../../users/profiles/10608.webp)
Daniel
- 1,422
- 3
- 21
- 32
-
2What's CRLF? a linebreak? – CodesInChaos Apr 11 '13 at 20:49
-
this http://www.acunetix.com/websitesecurity/crlf-injection/ – Daniel Apr 11 '13 at 21:00
-
As above @user1203028 has linked, the Acunetix WVS detects them as well. – NULLZ Apr 12 '13 at 00:09
-
@user1203028 - I see you have a few closed questions in a row. Have you had a good read of the [faq] and the about pages? They will help you structure your questions in a way that fits better here. – Rory Alsop Apr 12 '13 at 10:43
1 Answers
1
CRLF injection can be used in IMAP/SMTP command injection and in HTTP Response Splitting. In both cases BURP is the tool of choice.
Wapiti is a FOSS vulnerability scanner that can detect http response splitting. The vast majority vulnerability scanners should be able to detect this attack.
![](../../users/profiles/975.webp)
rook
- 46,916
- 10
- 92
- 181