2023-10-11 20:58:22 +00:00
|
|
|
# rr-dev
|
|
|
|
|
2023-10-11 23:26:30 +00:00
|
|
|
1. start http/2 enabled nginx server:
|
2023-10-11 20:58:22 +00:00
|
|
|
```
|
|
|
|
cd server
|
|
|
|
docker compose up -d
|
|
|
|
```
|
|
|
|
|
2023-10-11 23:26:30 +00:00
|
|
|
2. start capturing traffic in wireshark
|
|
|
|
|
|
|
|
3. run poc script:
|
|
|
|
```
|
|
|
|
python rr.py
|
2023-10-11 20:58:22 +00:00
|
|
|
```
|
2023-10-11 23:26:30 +00:00
|
|
|
|
|
|
|
4. decode traffic in wireshark using `ssl-keylog.log` as the ssl keyfile
|
2023-10-11 23:29:14 +00:00
|
|
|
5. compare against the cloudflare blog notes (unless you have the pcap which seems to be gone now)
|
2023-10-11 23:26:30 +00:00
|
|
|
|
|
|
|
## notes
|
|
|
|
no clue if this actually works, but it seems to match the same behavior
|
|
|
|
mentioned in the cloudflare blog.
|
|
|
|
|
2023-10-11 23:29:14 +00:00
|
|
|
obviously to weaponize it, it will take some extra effort like multithreading but i sure as fuck
|
|
|
|
am not releasing a weaponized version fo free.
|
|
|
|
|
2023-10-11 23:26:30 +00:00
|
|
|
greets to psyk0, slerig, and all the other juggalols out there
|