In this task a web proxy is given:

It has a GET parameter “url”:

It prints the headers + _part _of the body. We can easly enter the admin page with:

but since the body isn’t printed we can’t see all the response. After a bit of testing it pointed out that a CRLF injection was possible so we can split the body with Range: header.

Since it wants Host header to be “hackme” lets do it: HTTP/1.0%0D%0AHost:%20hackme%0D%0ARange:%20bytes=88-127%0D%0AConnection: close%0d%0a%0D%0A

Flag: WH0_IS_SnUS_bI1G_F4N