HTTP HTTP GET digest # Server-side HTTP/1.1 401 Authorization Required WWW-Authenticate: Digest realm="testrealm%0a%0d", nonce="1053604145" Content-Length: 4 hej HTTP/1.1 200 OK Content-Length: 23 This IS the real page! HTTP/1.1 401 Authorization Required WWW-Authenticate: Digest realm="testrealm%0a%0d", nonce="1053604145" Content-Length: 4 HTTP/1.1 200 OK Content-Length: 23 This IS the real page! # Client-side http !SSPI crypto digest HTTP Digest with CRLF in username http://hello%0a%0d:there@%HOSTIP:%HTTPPORT/ --digest # Verify data after the test has been "shot" GET / HTTP/1.1 Host: %HOSTIP:%HTTPPORT User-Agent: curl/%VERSION Accept: */* GET / HTTP/1.1 Host: %HOSTIP:%HTTPPORT Authorization: Digest username="hello%0A%0D", realm="testrealm%0a%0d", nonce="1053604145", uri="/", response="64e5ae1b90f05309847ac483c1094284" User-Agent: curl/%VERSION Accept: */*