--- meta: author: "Christian S.J. Peron" enabled: true name: "921150.yaml" description: "Tests for protocol based attacks" tests: - test_title: 921150-1 desc: "HTTP Header Injection Attack via payload" stages: - stage: input: dest_addr: "127.0.0.1" method: "GET" port: 80 headers: Host: "localhost" User-agent: "user agent" uri: "/script.jsp?variableX=bar&variable2=Y&%0d%0restofdata" output: log_contains: "id \"921150\""