When user input reaches HTTP response headers, redirects, or logs without proper sanitization, this playbook shows you how to exploit CRLF injection to split responses and inject new headers or body content. It covers the classic attacks like session fixation via Set-Cookie injection, XSS through double CRLF body splitting, and cache poisoning on CDNs. The encoding bypass section is solid, covering double encoding, Unicode tricks, and LF-only variants when filters block the standard %0D%0A. It also routes you to the ghost-bits-cast-attack skill for Java services where you can use Unicode characters that decode to CRLF bytes. Honestly, this is one of those underrated vulns that scanners miss but chains beautifully into higher impact exploits.
npx skills add https://github.com/yaklang/hack-skills --skill crlf-injection