made-with-Go

Find Crlf injection vulnerable endpoints


Installation:

Using Go

▶ go install github.com/ferreiraklet/[email protected]

From git clone

▶ git clone https://github.com/ferreiraklet/Frizz.git
▶ cd Frizz
▶ go build frizz.go
▶ chmod +x Frizz
▶ ./Frizz -h

Usage

Basically, what you need to do is, specify the header value of what you are trying to inject using crlf ->

OBS: The url need protocol, http, https.

Stdin – Single URL and from list

$ echo "http://127.0.0.1:8080/?q=%0d%0aSet-Cookie:crlf=injection" | frizz -payload "crlf=injection"

$ cat targets.txt | frizz -payload "crlf=injection

Adding Headers

$ echo "http://127.0.0.1:8080/?q=%0d%0aSet-Cookie:crlf=injection" | frizz -payload "crlf=injection" -H "Customheader1: value1;cheader2: value2"

Using Proxy

$ cat targets | frizz -payload "crlf=injection" --proxy "http://yourproxy"

$ cat list.txt | frizz -payload "crlf=injection" --only-poc

Check out some of my other programs

Nilo – Checks if URL has status 200

AiriXSS – Looking for xss reflected

Jeeves – Time based blind Injection Scanner

This project is for educational and bug bounty porposes only! I do not support any illegal activities!.

If any error in the program, talk to me immediatly.

GitHub

View Github