Force cURL send invalid HTTP header
How can I get cURL to send an invalid HTTP header like below:
curl -k 'https://192.168.1.1/' -H 'Host: 192.168.1.1' -H 'blah' -H 'Accept-Encoding: gzip, deflate, br' -H 'Accept-Language: en-US,en;q=0.8'
When I try the above, cURL helps to exclude the invalid header.
+3
J. Doe
source
to share
1 answer
You can, but its a little more confusing than that. curl will check that you are using a colon and avoid hitting headers that do not have colons. But you can trick the colon dithering check by passing a header with an inline CRLF, which then creates two header lines, and one of them can be without a colon.
For example, for example:
curl -H "`printf "Foo: bar\r\nblah"`" -v localhost
(- v of course lets you see how the actual query is being used)
+3
Daniel Stenberg
source
to share