Lesson Plan Title: Http Splitting

Concept / Topic To Teach:

This lesson teaches how to perform HTPP Splitting attacks.

How the attacks works:

The attacker passes malacious code to the web server together with normal input. A victim application will not be checking for CR (carriage return, also given by %0d or \r) and LF (line feed, also given by %0a or \n)characters. These characters not only give attackers control of the remaining headers and body of the response the application intends to send, but also allows them to create additional responses entirely under their control

General Goal(s):

* Enter a language for the system to search by.
* You notice that the application is redirecting your request to another resource on the server.
* You should be able to use the CR (%0d) and LF (%0a) to exploit the attack.
* Your excercise should be to force the server to send a 200 OK. * If the screen changed as an effect to your attack, just go back to the homepage where you will find the lesson completed if you successfully exploited the attack.