cve-2023-44487 ddos dos http2 rapid-reset rapid-reset-attack

CVE-2023-44487 (HTTP/2 Rapid Reset)

There are some examples in this repo which are not tested completely to analyse the impact, but I just wanted to perform the concept of this attack (starting many streams and immediately sending RST_STREAM frame to avoid reaching MAX_CONCURRENT_STREAMS).

H2SpaceX

I use H2SpaceX low level HTTP/2 library which I created for exploiting Single Packet Attack

Examples

There are 2 examples:
- Example 1
  - Sending 10000 GET requests and sending RESET STREAM frames after each request immediately
- Example 2
  - Sending 100000 POST requests (with single packet attack technique) which causes server to wait for last byte, and then sending RESET STREAM frame after each request
  - This Example also uses threading to open more H2 connections.

Read & Do More

Do More
- You can read more about using H2SpaceX to send raw frames.
- Quick Start Example for Single Packet Attack
- H2Frames
Read More
- HTTP/2 Rapid Reset Attack by Cloudflare
- Lots of References at cve.org

About

Examples for Implementing cve-2023-44487 ( HTTP/2 Rapid Reset Attack ) Concept

cve-2023-44487 ddos dos http2 rapid-reset rapid-reset-attack

GNU General Public License v3.0

Languages

Language:Python 100.0%