HTTP/2 Single Packet Attack low level library based on Scapy
Project description
H2SpaceX
HTTP/2 low level library based on Scapy which can be used for Single Packet Attack (Race Condition on H2)
Dive into Single Packet Attack Article
I wrote an article and published it at InfoSec Write-ups:
TODO
- Single Packet Attack - POST
- implement
- Single Packet Attack - GET
- Content-Length: 1 Method
- POST Request with x-override-method: GET header
- Response Parsing
- implement
- implement threaded response parser
- Body Decompression
- gzip
- br
- deflate
- Proxy
- Socks5 Proxy
More Research
Some following statements are just ideas and not tested or implemented.
- More Request in a Single Packet
- Increase MSS (Idea by James Kettle)
- Out of Order TCP Packets (Idea by James Kettle)
- IP Fragmentation
- Proxy the Single Packet Request through SOCKS
- Single Packet Attack on GET Requests
- Content-Length: 1 Method (Idea by James Kettle)
- x-override-method: GET Method (Idea by James Kettle)
- Index HPACK Headers to Make GET Requests Smaller
- HEADERS Frame without END_HEADER Flag
- HEADERS Frame Without Some Pseudo Headers
Installation
H2SpaceX works with Python 3 (preferred: >=3.10)
pip install h2spacex
Quick Start
You can import the HTTP/2 TLS Connection and set up the connection. After setting up the connection, you can do other things:
from h2spacex import H2OnTlsConnection
h2_conn = H2OnTlsConnection(
hostname='http2.github.io',
port_number=443
)
h2_conn.setup_connection()
...
see more examples in Wiki Page
Examples
See examples which contain some Portswigger race condition examples.
References & Resources
I also got some ideas from a previous developed library h2tinker.
Finally, thanks again to James Kettle for directly helping and pointing some other techniques.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distributions
Hashes for h2spacex-0.1.17-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | ed88da90eaa860912b0c0f7d63ad4083099a179aafa0b7efab0b6d333586b8fc |
|
MD5 | 56688cfe9179cc757d5ee211b1f9a19d |
|
BLAKE2b-256 | 19dac05d5eded55cff337de1ba2bb6e04e97eda116197cf13e86aa2b3084c10c |
Hashes for h2spacex-0.1.17-py2-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | fccba051107d406b0bdaec97ab3e24e4fa00b4ec17123179b5909b0b6cc0061d |
|
MD5 | f984c2cd84a7819c135ec06963b6f429 |
|
BLAKE2b-256 | 4def140159727c892793228354644a216bceb01df841eb8758a02551470a9c8a |