Skip to content
Reading Course Report
Python
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore
CVE_2016_5699_Report.pdf
README.md
simple-client.py
simple-server.py

README.md

cve-2016-5699-report

Reading Course Report

This repo references an example.

simple-client.py is a Python script to make HTTP requests to the URL passed from a command argument.
simple-server.py uses Flask to construct a simple HTTP server to print the headers of received requests.

Set Up

  • Install virtualenv, pip install virtualenv
  • Get two versions of Python for comparison, one before 2.7.10, the other after 2.7.10. This link might be useful.
  • Create two Python environments with virtualenv. For example:
    • virtualenv -p [path_to_one_Python_version] venv-one-version
    • virtualenv -p [path_to_the_other_Python_version] venv-the-other-version
  • Install flask in both environments. Activate corresponding environment, and pip install flask

Run

  • Choose the version you want to use, activate using source ./venv-one-version/bin/activate
  • To start the server, simply run python simple-server.py
  • To run the client:
    • run python simple-client.py http://127.0.0.1:8000/test-url for healthy URL
    • run python simple-client.py http://127.0.0.1%0d%0aX-injected:%20header%0d%0ax-leftover:%20:8000/test-url for malicious URL

References:

You can’t perform that action at this time.