diff --git a/hydra-http-form.c b/hydra-http-form.c
index e2d0a8e..9388b26 100644
--- a/hydra-http-form.c
+++ b/hydra-http-form.c
@@ -229,7 +229,7 @@ char *stringify_headers(ptr_header_node * ptr_head) {
   int ttl_size = 0;
 
   for (; cur_ptr; cur_ptr = cur_ptr->next)
-    ttl_size += strlen(cur_ptr->header) + strlen(cur_ptr->value) + 3;
+    ttl_size += strlen(cur_ptr->header) + strlen(cur_ptr->value) + 4;
 
   headers_str = (char *) malloc(ttl_size + 1);
 
@@ -237,7 +237,7 @@ char *stringify_headers(ptr_header_node * ptr_head) {
     memset(headers_str, 0, ttl_size + 1);
     for (cur_ptr = *ptr_head; cur_ptr; cur_ptr = cur_ptr->next) {
       strcat(headers_str, cur_ptr->header);
-      strcat(headers_str, ":");
+      strcat(headers_str, ": ");
       strcat(headers_str, cur_ptr->value);
       strcat(headers_str, "\r\n");
     }
@@ -568,6 +568,9 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc
     }
   }
 
+  if (debug)
+  	hydra_report_debug(stdout, "HTTP request sent:\n%s\n", http_request);
+
   found = analyze_server_response(s);
 
   if (auth_flag) {              // we received a 401 error - user using wrong module
@@ -917,7 +920,11 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) {
     success_cond = 0;
   }
 
-  while ( /*(optional1 = strtok(NULL, ":")) != NULL */ *optional1 != 0) {
+  /*
+   * Parse the user-supplied options.
+   * Beware of the backslashes (\)!
+   */
+  while (*optional1 != 0) {
     switch (optional1[0]) {
     case 'c':                  // fall through
     case 'C':
@@ -931,11 +938,15 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) {
       break;
     case 'h':
       // add a new header at the end
-      ptr = optional1 + 2;
-      while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\'))
-        ptr++;
-      if (*ptr != 0)
-        *ptr++ = 0;
+			ptr = optional1 + 2;
+      while (*ptr != 0 && *ptr != ':')
+      	ptr++;
+			if (*(ptr - 1) == '\\')
+				*(ptr - 1) = 0;
+			if (*ptr != 0){
+				*ptr = 0;
+				ptr += 2;
+			}
       ptr2 = ptr;
       while (*ptr2 != 0 && (*ptr2 != ':' || *(ptr2 - 1) == '\\'))
         ptr2++;
@@ -956,11 +967,15 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) {
       return NULL;
     case 'H':
       // add a new header, or replace an existing one's value
-      ptr = optional1 + 2;
-      while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\'))
-        ptr++;
-      if (*ptr != 0)
-        *ptr++ = 0;
+			ptr = optional1 + 2;
+      while (*ptr != 0 && *ptr != ':')
+      	ptr++;
+			if (*(ptr - 1) == '\\')
+				*(ptr - 1) = 0;
+			if (*ptr != 0){
+				*ptr = 0;
+				ptr += 2;
+			}
       ptr2 = ptr;
       while (*ptr2 != 0 && (*ptr2 != ':' || *(ptr2 - 1) == '\\'))
         ptr2++;
diff --git a/hydra.c b/hydra.c
index 29c3ba6..35f82b4 100644
--- a/hydra.c
+++ b/hydra.c
@@ -563,17 +563,21 @@ void module_usage() {
              " failed string looks like and put it in this parameter!\n"
              "The following parameters are optional:\n"
              " C=/page/uri     to define a different page to gather initial cookies from\n"
-             " (h|H)=My-Hdr: foo   to send a user defined HTTP header with each request\n"
+             " (h|H)=My-Hdr\\: foo   to send a user defined HTTP header with each request\n"
              "                 ^USER^ and ^PASS^ can also be put into these headers!\n"
              "                 Note: 'h' will add the user-defined header at the end\n"
              "                 regardless it's already being sent by Hydra or not.\n"
              "                 'H' will replace the value of that header if it exists, by the\n"
              "                 one supplied by the user, or add the header at the end\n"
+      			 "Note that if you are going to put colons (:) in your headers you should escape them with a backslash (\).\n"
+      			 " All colons that are not option separators should be escaped (see the examples above and below).\n"
+      			 " You can specify a header without escaping the colons, but that way you will not be able to put colons\n"
+      			 " in the header value itself, as they will be interpreted by hydra as option separators.\n"
              "\nExamples:\n"
              " \"/login.php:user=^USER^&pass=^PASS^:incorrect\"\n"
              " \"/login.php:user=^USER^&pass=^PASS^&colon=colon\\:escape:S=authlog=.*success\"\n"
              " \"/login.php:user=^USER^&pass=^PASS^&mid=123:authlog=.*failed\"\n"
-             " \"/:user=^USER&pass=^PASS^:failed:H=Authorization: Basic dT1w:H=Cookie: sessid=aaaa:h=X-User: ^USER^\"\n"
+             " \"/:user=^USER&pass=^PASS^:failed:H=Authorization\\: Basic dT1w:H=Cookie\\: sessid=aaaa:h=X-User\\: ^USER^\"\n"
              " \"/exchweb/bin/auth/owaauth.dll:destination=http%%3A%%2F%%2F<target>%%2Fexchange&flags=0&username=<domain>%%5C^USER^&password=^PASS^&SubmitCreds=x&trusted=0:reason=:C=/exchweb\"\n",
              hydra_options.service);
       find = 1;