HTTP
HTTP GET
dotdot removal
#
# Server-side
HTTP/1.1 200 OK
Content-Length: 6
Connection: close
-foo-
HTTP/1.1 200 OK
Content-Length: 7
Connection: close
-cool-
#
# Client-side
http
HTTP URL with dotdot removal from path
http://%HOSTIP:%HTTPPORT/../../hej/but/who/../1231?stupid=me/../1231#soo/../1231 http://%HOSTIP:%HTTPPORT/../../hej/but/who/../12310001#/../12310001
#
# Verify data after the test has been "shot"
GET /hej/but/1231?stupid=me/../1231 HTTP/1.1
Host: %HOSTIP:%HTTPPORT
User-Agent: curl/%VERSION
Accept: */*
GET /hej/but/12310001 HTTP/1.1
Host: %HOSTIP:%HTTPPORT
User-Agent: curl/%VERSION
Accept: */*