%timeout 6

%test HTTP Request Smuggling 1
###################################
%status 501
%event 950012
%request
GET / HTTP/1.0
Host: local
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Transfer-Encoding: utf-8
Transfer-Encoding: utf-8


%test HTTP Request Smuggling 2
###################################
%status 413
%event 950012
%request
POST / HTTP/1.0
Host: local
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Content-Length: 3
Content-Length: 3

abc


%test HTTP response splitting
###################################
%event 950910|950911
%output 950910|950911
%request
GET /?lang=foobar%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aContent-Length:%2019%0d%0a%0d%0a<html>Shazam</html> HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */*
Referer: http://www.mummy.com/index.html
Accept-Language: zh-sg
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: www.mummy.com
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache


%test XML Support
###################################
%event 950908
%output 950908
%request
POST / HTTP/1.0
User-Agent: SQLData Client/3.02
Host: www.soapclient.com:80
Connection: Close
Accept: */*
Content-Length: $CONTENT_LENGTH
SOAPAction: ""
Content-Type: text/xml; charset="utf-8"

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
  <SOAP-ENV:Body>
      <xkms:StatusRequest xmlns:xkms="http://www.w3.org/2002/03/xkms#" Id="_6ee48478-fdd6-4d7d-b1bf-e7b4c3254659" ResponseId="_c1c36b3f-f962-4aea-bfbd-07ed58468c9b" Service="http://www.soapclient.com/xml/xkms2">
      <xkms:ResponseMechanism>http://www.w3.org/2002/03/xkms#Pending</xkms:ResponseMechanism>
      <xkms:RespondWith>http://www.w3.org/2002/03/xkms#KeyName</xkms:RespondWith>
      <xkms:RespondWith>http://www.w3.org/2002/03/xkms#KeyValue</xkms:RespondWith>
      <xkms:RespondWith>http://www.w3.org/2002/03/xkms#X509Cert</xkms:RespondWith>
      <xkms:RespondWith>root@</xkms:RespondWith>
      </xkms:StatusRequest>
  </SOAP-ENV:Body>
</SOAP-ENV:Envelope>


%test email injection
###################################
%event 950019
%output 950019
%request
POST / HTTP/1.1
Host: local
User-Agent:  Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7
Content-Length:$CONTENT_LENGTH
Content-Type: application/x-www-form-urlencoded
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.

sender=haxor@attack.xxx%0ASubject:Ooops%0ABcc:target@nothappy.xxx%0AContent-Type:multipart/mixed;%20boundary=frog;%0A--frog%0AContent-Type:text/html%0A%0AHTML%20Message.%0A%0A--frog%0AContent-Type:text/html;name=Nastycode.html;%0AContent-Transfer-Encoding:8bit%0AContent-Disposition:attachment%0A%0AHTML%20File%0A%0A--frog--%0A

%endtest