HTTP Attacks - HTTP Response Splitting

Ensure you are not using the fetch API, it doesn’t work for some reason (try XHR or document.location). Also ensure you are double encoding the \r\n (%250d%250a). Nothing else in the payload needs to be encoded if I recall correctly.

Thanks a lot! The problem was in fetch indeed.

1 Like

How to bypass firewall restrictions for admin? can’t figure out how to get his cookies without using remote resources. Give me a hint please