back
loading skill details...
>-
SKILL: CRLF Injection — Expert Attack Playbook AI LOAD INSTRUCTION: CRLF injection (HTTP response splitting) techniques. Covers header injection, response body injection via double CRLF, XSS escalation, cache poisoning, and encoding bypass. Often overlooked by scanners but chains into XSS, session fixation, and cache attacks. 0. RELATED ROUTING ghost-bits-cast-attack when the target is a Java service and %0D%0A / \r\n encodings are WAF-blocked — substituting 瘍 (U+760D, low byte \r) and 瘊 (U+760A, low byte \n) injects a real CRLF through Angus Mail / Jakarta Mail SMTP, Apache HttpClient headers, JDK HttpServer responses, and ActiveJ HTTP (re-enables Jira CVE-2025-57733 and JDK CVE-2026-21933 classes) 1. CORE CONCEPT CRLF = \r\n (Carriage Return + Line Feed, %0D%0A). HTTP headers are separated by CRLF. If user input is reflected in a response header without sanitization, injecting CRLF characters creates new headers or even a response body. Normal: Location: /page?url=USER_INPUT Attack: Location: /page?url=%0D%0ASet-Cookie:admin=true Result: Two headers — Location + injected Set-Cookie
don't have the plugin yet? install it then click "run inline in claude" again.