Find Crlf injection vulnerable endpoints

---

Contents:

• Installation
• Usage
  • Adding Headers
  • Using Proxy

Installation:

Using Go

▶ go install github.com/ferreiraklet/Frizz@latest

From git clone

▶ git clone https://github.com/ferreiraklet/Frizz.git
▶ cd Frizz
▶ go build frizz.go
▶ chmod +x Frizz
▶ ./Frizz -h

Usage

Basically, what you need to do is, specify the header value of what you are trying to inject using crlf ->

OBS: The url need protocol, http, https.

Stdin - Single URL and from list

$ echo "http://127.0.0.1:8080/?q=%0d%0aSet-Cookie:crlf=injection" | frizz -payload "crlf=injection"

$ cat targets.txt | frizz -payload "crlf=injection

Adding Headers

$ echo "http://127.0.0.1:8080/?q=%0d%0aSet-Cookie:crlf=injection" | frizz -payload "crlf=injection" -H "Customheader1: value1;cheader2: value2"

Using Proxy

$ cat targets | frizz -payload "crlf=injection" --proxy "http://yourproxy"

$ cat list.txt | frizz -payload "crlf=injection" --only-poc

---

Check out some of my other programs

Nilo - Checks if URL has status 200

AiriXSS - Looking for xss reflected

Jeeves - Time based blind Injection Scanner

This project is for educational and bug bounty porposes only! I do not support any illegal activities!.

If any error in the program, talk to me immediatly.