关联漏洞
标题:
Apache HTTP/2 资源管理错误漏洞
(CVE-2023-44487)
描述:HTTP/2是超文本传输协议的第二版,主要用于保证客户机与服务器之间的通信。 Apache HTTP/2存在安全漏洞。攻击者利用该漏洞导致系统拒绝服务。以下产品和版本受到影响:.NET 6.0,ASP.NET Core 6.0,.NET 7.0,Microsoft Visual Studio 2022 version 17.2,Microsoft Visual Studio 2022 version 17.4,Microsoft Visual Studio 2022 version 17.6,Micros
介绍
# CVE-2023-44487 - HTTP/2 Rapid Reset Exploit PoC
---
### Descriptions
This main is a Proof of Concept (PoC) for exploiting **CVE-2023-44487**, also known as the **HTTP/2 Rapid Reset Attack**. The vulnerability allows attackers to perform a Denial of Service (DoS) attack by rapidly sending `RST_STREAM` frames over HTTP/2 connections, overwhelming the target server.
---
### Features
- **Single URL Testing**: Test a single URL for vulnerability.
- **Bulk URL Testing**: Test multiple URLs provided in a file.
- **HTTP and HTTPS Support**: Supports both HTTP and HTTPS protocols.
- **Custom Port Selection**: Specify custom ports for testing.
- **Output Options**: Results can be saved in CSV, TXT, or XLSX formats.
- **Progress Bar**: Visual progress bar for bulk operations.
- **Detailed Logging**: Provides detailed results including timestamp, URL, HTTP/2 support status, vulnerability status, and details.
---
### Requirements
- **Python 3.7 or higher**
#### Python Libraries
Install the required Python libraries using the following command:
```bash
pip install -r requirements.txt
```
Alternatively, you can install them individually:
```bash
pip install httpx==0.24.0
pip install h2==4.1.0
pip install tqdm==4.66.1
pip install xlsxwriter==3.1.6
```
---
### Installation
1. **Clone the Repository**
```bash
git clone https://github.com/yourusername/CVE-2023-44487-HTTP-2-Rapid-Reset-Exploit-PoC.git
cd CVE-2023-44487-HTTP-2-Rapid-Reset-Exploit-PoC
```
2. **Set Up a Virtual Environment (Optional but Recommended)**
```bash
python3 -m venv venv
source venv/bin/activate
```
3. **Install Dependencies**
```bash
pip install -r requirements.txt
```
---
### Usage
#### Command-Line Arguments
- `--url`: URL to test (e.g., `https://example.com` or `http://example.com`)
- `--bulk`: File containing a list of URLs to test
- `--port`: Specify port (default is `443` for HTTPS, `80` for HTTP)
- `--output`: Output file to save results (`.csv`, `.txt`, or `.xlsx`)
#### Examples
**Test a Single URL**
```bash
python3 main.py --url https://example.com
```
**Test Multiple URLs from a File**
```bash
python3 main.py --bulk urls.txt
```
**Specify a Custom Port**
```bash
python3 main.py --url http://example.com --port 8080
```
**Save Results to a File**
```bash
python3 main.py --bulk urls.txt --output results.xlsx
```
---
### Sample Output
#### Terminal Output (JSON Format)
```json
[
{
"Timestamp": "2024-12-03 10:00:00",
"URL": "https://example.com",
"HTTP/2 Support": "Yes",
"Vulnerable": "VULNERABLE",
"Details": "RST_STREAM sent successfully"
},
{
"Timestamp": "2024-12-03 10:00:05",
"URL": "http://testsite.com",
"HTTP/2 Support": "No",
"Vulnerable": "SAFE",
"Details": "Downgraded to HTTP/1.1"
}
]
```
#### CSV Output
| Timestamp | URL | HTTP/2 Support | Vulnerable | Details |
|---------------------|---------------------|----------------|------------|------------------------------|
| 2024-12-03 10:00:00 | https://example.com | Yes | VULNERABLE | RST_STREAM sent successfully |
| 2024-12-03 10:00:05 | http://testsite.com | No | SAFE | Downgraded to HTTP/1.1 |
---
### Notes
- **Ethical Usage**: This main is intended for educational purposes and should only be used on servers you own or have permission to test.
- **Accuracy**: A "VULNERABLE" result indicates that the server responded to the `RST_STREAM` frame in a way that suggests it might be vulnerable to CVE-2023-44487. Further manual verification is recommended.
- **Legal Disclaimer**: The author is not responsible for any misuse of this main.
---
### Author
- **Name**: Afif Hidayatullah
- **Organization**: ITSEC Asia
- **Contact**: [Linkedin](https://www.linkedin.com/in/afif-hidayatullah/)
---
### References
- [CVE-2023-44487 Details](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487)
- [HTTP/2 Specification](https://httpwg.org/specs/rfc7540.html)
- [h2 Library Documentation](https://python-hyper.org/projects/h2/en/stable/)
---
## requirements.txt
```plaintext
httpx==0.24.0
h2==4.1.0
tqdm==4.66.1
xlsxwriter==3.1.6
```
---
## Sample Results
Assuming you have a file named `urls.txt` containing:
```
https://example.com
http://testsite.com
https://vulnerable-site.com
```
**Command:**
```bash
python3 main.py --bulk urls.txt --output results.csv
```
**Sample `results.csv`:**
```csv
Timestamp,URL,HTTP/2 Support,Vulnerable,Details
2024-12-03 10:15:00,https://example.com,Yes,VULNERABLE,RST_STREAM sent successfully
2024-12-03 10:15:05,http://testsite.com,No,SAFE,Downgraded to HTTP/1.1
2024-12-03 10:15:10,https://vulnerable-site.com,Yes,VULNERABLE,RST_STREAM sent successfully
```
---
**Note:** Replace `https://vulnerable-site.com` with an actual site you have permission to test.
---
## Important
- Always ensure you have explicit permission to test the target URLs for vulnerabilities.
- Unauthorized testing can be illegal and unethical.
- Use this main responsibly and adhere to all applicable laws and regulations.
---
Let me know if you need further assistance or modifications!
文件快照
[4.0K] /data/pocs/7a97fa3bf9ab3e84b7dea7847580c4a589ac4b6a
├── [6.4K] main.py
├── [5.1K] README.md
└── [ 55] requirements.txt
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。