Hi All!
First, let me assure everyone that I am not a hacker, exactly the opposite,=
but I have a related problem. I am in the process of implementing code tha=
t protects against header manipulation. I created a filter that strips line=
feed and carriage return characters from requests to avoid header splittin=
g. The thing is, I want to test it, and can't recreate the issue with Tomca=
t.=20
When I insert this code in my jsp:
=C2=A0
String attack =3D "name=3DBad Hacker\r\nHTTP/1.1 404 Page not found\r\n..."=
;
response.setHeader("Set-Cookie", attack);=C2=A0=20
=C2=A0
The returned request is returned like this:
=C2=A0
Set-Cookie: author=3DWiley Hacker=C2=A0 HTTP/1.1 404 Page not found=C2=A0 .=
..\r\n
=C2=A0
As you can see all the CRLF have been replaced with whitespaces. I'm assumi=
ng Tomcat is doing this, but I can't find where, even after looking through=
the code and reading the documentation. Does anyone know anything about th=
is? Is there any way to turn this off? I can't test my code when it's in pl=
ace. Alternatively if anyone has any other solution as to how to test it, I=
would be most grateful.
Thanks!
Btw, I'm using Tomcat 6.0.32=20
=C2=A0
|