HTTP/2 low level library based on Scapy which can be used for Single Packet Attack (Race Condition on H2)
I wrote an article and published it at InfoSec Write-ups:
- Single Packet Attack - POST
- implement
- Single Packet Attack - GET
- Content-Length: 1 Method
- POST Request with x-override-method: GET header
- Response Parsing
- implement
- implement threaded response parser
- Body Decompression
- gzip
- br
- deflate
- Proxy
- Socks5 Proxy
Some following statements are just ideas and not tested or implemented.
- More Request in a Single Packet
- Increase MSS (Idea by James Kettle)
- Out of Order TCP Packets (Idea by James Kettle)
- IP Fragmentation
- Proxy the Single Packet Request through SOCKS
- Single Packet Attack on GET Requests
- Content-Length: 1 Method (Idea by James Kettle)
- x-override-method: GET Method (Idea by James Kettle)
- Index HPACK Headers to Make GET Requests Smaller
- HEADERS Frame without END_HEADER Flag
- HEADERS Frame Without Some Pseudo Headers
H2SpaceX works with Python 3 (preferred: >=3.10)
pip install h2spacex
You can import the HTTP/2 TLS Connection and set up the connection. After setting up the connection, you can do other things:
from h2spacex import H2OnTlsConnection
h2_conn = H2OnTlsConnection(
hostname='http2.github.io',
port_number=443
)
h2_conn.setup_connection()
...
see more examples in Wiki Page
See examples which contain some Portswigger race condition examples.
I also got some ideas from a previous developed library h2tinker.
Finally, thanks again to James Kettle for directly helping and pointing some other techniques.