crlf-injection
CommunityDetect and exploit CRLF injection safely
Legal & Compliance#http response splitting#crlf injection#log injection#open redirect#cache poisoning#header injection#set-cookie
Authorok-helloworld
Version1.0.0
Installs0
System Documentation
What problem does it solve?
CRLF injection playbooks help you identify and validate whether user-controlled input can break HTTP header boundaries to inject new headers, response bodies, or cached content.
Core Features & Use Cases
- Header injection & response splitting: Probe for
%0D%0A-style payloads that create additional headers via redirect parameters, header-reflection points, or cookie construction. - Double-CRLF body injection: Use header/body boundary termination to test for injected HTML/JS in contexts where the server reflects the payload.
- Attack chaining checks: Evaluate follow-on impact such as XSS escalation, session fixation via
Set-Cookie, cache poisoning, redirect hijacking, and log injection. - Filter bypass guidance: Apply targeted encoding strategies like double-encoding and LF-only variations to confirm robustness of input handling.
Quick Start
Provide the target URL and the parameter (or header reflection point) where input reaches a redirect, header, cookie, or log field, then ask for a step-by-step CRLF injection validation plan including bypass attempts.
Dependency Matrix
Required Modules
None requiredComponents
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: crlf-injection Download link: https://github.com/ok-helloworld/vibe-pentest/archive/main.zip#crlf-injection Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.