http2-rst-stream

command module

v0.0.0-...-5ddf490 Latest Latest Go to latest Published: Oct 11, 2023 License: Apache-2.0 Imports: 11 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/micrictor/http2-rst-stream

Links

Open Source Insights

README ¶

http2-rst-stream

Sort of like Slowloris, but for HTTP2. A proof of concept for CVE-2023-44487

This package contains a client that sends HTTP2 stream resets (RST_STREAM) to a local server. It does this by misusing a Go HTTP client error handler that sends a reset if the request Body is longer than the request Content-Length.

To run:

go build && ./http2-rst-stream

It intentionally does not allow targeting of remote web servers out of the box. I'm not trying to help people break stuff.

Original inspiration: https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL