1

This link describes my problem better: https://code.google.com/p/webgoat/issues/detail?id=42

I was doing the HTTP Splitting exercise in WebGoat. In this exercise, when you send a malformed URL, you are supposed to get TWO headers back. One header is the original header. The second header must be the attacker's malformed header.

But when I intercept the response, the server only sends back one header, which is not correct. Why is that ?

PS: I have completed the exercise and I understand the basics of this attack.

Scott Pack
  • 15,167
  • 5
  • 61
  • 91
Rash
  • 123
  • 4
  • Hi Rash, welcome to [security.se]. This seems to be very similar to the linked question, if it doesn't answer your specific question, please flag it and will reopen, after you edit the question to clarify the difference. :-) – AviD Dec 18 '13 at 10:11
  • Hi @AviD : I have made changes to the question and have told why it is different from the other question. If it is satisfactory, then can you remove the duplicate flag ?? – Rash Dec 18 '13 at 16:02
  • Hi Rash, still not clear on what is missing from the other question. Is this a bug in webgoat, as according to your link? If so, that link kinda says it all... – AviD Dec 18 '13 at 21:08

0 Answers0