HTTP/2 Single Packet Attack low level library based on Scapy

Navigation

Verified details  (What is this?)

These details have been verified by PyPI
Maintainers
Avatar for nxenon from gravatar.com nxenon

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: GNU General Public License v3 (GPLv3) (GPL-3.0)
  • Author: nxenon
  • Tags race-condition, http2, single-packet-attack
  • Requires: Python >=3.10
Classifiers

Project description

H2SpaceX   H2SpaceX

pypi: 1.1.0 Python: 3.10 License: GPL v3

HTTP/2 low level library based on Scapy which can be used for Single Packet Attack (Race Condition on H2)

Dive into Single Packet Attack Article

I wrote an article and published it at InfoSec Write-ups:

TODO

More Research

Some following statements are just ideas and not tested or implemented.

  • More Request in a Single Packet
    • Increase MSS (Idea by James Kettle)
    • Out of Order TCP Packets (Idea by James Kettle)
    • IP Fragmentation
  • Proxy the Single Packet Request through SOCKS
  • Single Packet Attack on GET Requests
    • Content-Length: 1 Method (Idea by James Kettle)
    • x-override-method: GET Method (Idea by James Kettle)
    • Index HPACK Headers to Make GET Requests Smaller
    • HEADERS Frame without END_HEADER Flag
    • HEADERS Frame Without Some Pseudo Headers

Installation

H2SpaceX works with Python 3 (preferred: >=3.10)

pip install h2spacex

Error in Installation

if you get errors of scapy:

pip install --upgrade scapy

Quick Start

You can import the HTTP/2 TLS Connection and set up the connection. After setting up the connection, you can do other things:

from h2spacex import H2OnTlsConnection

h2_conn = H2OnTlsConnection(
    hostname='http2.github.io',
    port_number=443
)

h2_conn.setup_connection()
...

see more examples in Wiki Page

Examples

See examples which contain some Portswigger race condition examples.

Examples Page

Enhanced Single Packet Attack Method (Black Hat 2024) for Timing Attacks

James Kettle introduced an improved version of Single Packet Attack in Black Hat 2024 for timing attacks:

Impvoved Version Image

You can implement this method easily using send_ping_frame() method.

See this Wiki and Parse Response (Threaded) + Response Times for Timing Attacks part:

Improved Version of SPA Sample Exploit

Reference of Improved Method:

References & Resources

I also got some ideas from a previous developed library h2tinker.

Finally, thanks again to James Kettle for directly helping and pointing some other techniques.

Project details

Verified details  (What is this?)

These details have been verified by PyPI
Maintainers
Avatar for nxenon from gravatar.com nxenon

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: GNU General Public License v3 (GPLv3) (GPL-3.0)
  • Author: nxenon
  • Tags race-condition, http2, single-packet-attack
  • Requires: Python >=3.10
Classifiers

Release history Release notifications | RSS feed

This version

1.1.0

1.0.3

1.0.2

1.0.1

0.1.17

0.1.16

0.1.15

0.1.14

0.1.13

0.1.12

0.1.11

0.1.9

0.1.8.1

0.1.8

0.1.7

0.1.6

0.1.5

0.1.4

0.1.3

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

h2spacex-1.1.0.tar.gz (25.0 kB view hashes)

Uploaded Source

Built Distribution

h2spacex-1.1.0-py3-none-any.whl (24.3 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page