Force cURL send invalid HTTP header

Question

Force cURL send invalid HTTP header

How can I get cURL to send an invalid HTTP header like below:

curl -k 'https://192.168.1.1/' -H 'Host: 192.168.1.1' -H 'blah' -H 'Accept-Encoding: gzip, deflate, br' -H 'Accept-Language: en-US,en;q=0.8'

When I try the above, cURL helps to exclude the invalid header.

+3

http curl

J. Doe 13 jul. 17 at 17:30

source to share

1 answer

Daniel Stenberg · Accepted Answer · 2017-07-13T21:58:33+0000

You can, but its a little more confusing than that. curl will check that you are using a colon and avoid hitting headers that do not have colons. But you can trick the colon dithering check by passing a header with an inline CRLF, which then creates two header lines, and one of them can be without a colon.

For example, for example:

curl -H "`printf "Foo: bar\r\nblah"`" -v localhost

(- v of course lets you see how the actual query is being used)

Force cURL send invalid HTTP header

More articles: