Skip to content

Support CRLF raw HTTP requests in HTTPTarget#1491

Merged
romanlutz merged 1 commit intomicrosoft:mainfrom
biefan:support-crlf-http-target-requests
Mar 18, 2026
Merged

Support CRLF raw HTTP requests in HTTPTarget#1491
romanlutz merged 1 commit intomicrosoft:mainfrom
biefan:support-crlf-http-target-requests

Conversation

@biefan
Copy link
Copy Markdown
Contributor

@biefan biefan commented Mar 17, 2026

Summary

  • support CRLF-delimited raw HTTP requests in HTTPTarget.parse_raw_http_request()
  • normalize header splitting so copied requests from tools like Burp parse correctly
  • add regression coverage for CRLF raw HTTP request input

Problem

HTTPTarget.parse_raw_http_request() currently splits raw requests on "\n\n" and header lines on "\n".

That works for LF-only input, but raw HTTP requests copied from tools commonly use CRLF line endings. With CRLF input, the current parser fails to split headers and body correctly and leaves carriage returns embedded in header lines.

In practice, valid raw HTTP requests can fail to parse even though the content is otherwise correct.

Testing

  • .venv/bin/pytest tests/unit/target/test_http_target_parsing.py -q

@hannahwestra25 hannahwestra25 self-assigned this Mar 17, 2026
@romanlutz romanlutz merged commit 5ca5ae1 into microsoft:main Mar 18, 2026
38 checks passed
riyosha pushed a commit to riyosha/PyRIT that referenced this pull request Mar 24, 2026
@biefan @riyosha
Support CRLF raw HTTP requests in HTTPTarget (microsoft#1491)
e421751
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@romanlutz romanlutz romanlutz approved these changes

Assignees

@hannahwestra25 hannahwestra25

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@biefan @romanlutz @hannahwestra25