Process: /*** This method will check for CRLF characters is present in the String or * Not @ string is a String to check * * @return the String by removing the CRLF Characters */For more understanding : click
/**
* This method will check for CRLF characters is present in the String or
* Not @ string is a String to check
*
* @return the String by removing the CRLF Characters
*/
public static String filterCRLFErrorFromHttpHeaders(String string) {
String str = string;
if (str != null){
str = str.replaceAll("\n", "");
str = str.replaceAll("\r", "");
str = str.replaceAll("\t", "");
str = str.replaceAll("%0d", "");
str = str.replaceAll("%0a", "");
str = str.replaceAll("%250A", "");
str = str.replaceAll("%250D", "");
}
return str;
}
Example: CRLF Injection attacks and HTTP Response Splitting CRLF injection, or HTTP response splitting, is a type of injection attack that can lead to Cross-site Scripting (XSS) and web cache poisoning among others. CRLF refers to the Carriage Return and Line Feed sequence of special characters. These two special characters represent the End of Line (EOL) marker for many internet protocols, including HTTP. Web applications typically split headers based on where the CRLF character sequence is found. Therefore, if a malicious user is able to inject their own CRLF sequence into an HTTP stream, they gain control over the contents of the HTTP response. Since CRLF characters can be used to split an HTTP response header, it is often also referred to as HTTP Response Splitting. The following example is a crafted request containing CRLF (the %0d%0a characters in the request below) that causes Cross-site Scripting. http://www.yoursite.com/somepage.php?page=%0d%0aContent-Type: text/html%0d%0aHTTP/1.1 200 OK%0d%0aContent-Type: text/html%0d%0a%0d%0a%3Cscript%3Ealert(1)%3C/script%3E The victim will see the following in their browser. <script>alert(1)</script> Variations of this attack can be used to poison proxy or web caches in order to get the cache to serve the attacker’s content to other users. Mitigating CRLF injection Fortunately, CRLF attacks are usually mitigated by many web frameworks automatically, however, even if the vulnerability is not mitigated, it’s a very simple vulnerability to fix — simply strip out any input which contains the %0d%0a URL encoded characters.
Example:
If you find this post helpful, I would really appreciate if you can share it with your friends. Also you can check more questions and analysis here.
I am Kartik Chandra Mandal from Bangalore, India. Working as software engineer in Java technology. Have good knowledge of OWASP and CSRF in security for applications and it's implementation in Java technology.