Share
## https://sploitus.com/exploit?id=A66531EB-3C47-5C56-B8A6-E04B54E9D656
# CVE-2023-44487 - HTTP/2 Rapid Reset Exploit PoC

---

### Descriptions

This main is a Proof of Concept (PoC) for exploiting **CVE-2023-44487**, also known as the **HTTP/2 Rapid Reset Attack**. The vulnerability allows attackers to perform a Denial of Service (DoS) attack by rapidly sending `RST_STREAM` frames over HTTP/2 connections, overwhelming the target server.

---

### Features

- **Single URL Testing**: Test a single URL for vulnerability.
- **Bulk URL Testing**: Test multiple URLs provided in a file.
- **HTTP and HTTPS Support**: Supports both HTTP and HTTPS protocols.
- **Custom Port Selection**: Specify custom ports for testing.
- **Output Options**: Results can be saved in CSV, TXT, or XLSX formats.
- **Progress Bar**: Visual progress bar for bulk operations.
- **Detailed Logging**: Provides detailed results including timestamp, URL, HTTP/2 support status, vulnerability status, and details.

---

### Requirements

- **Python 3.7 or higher**

#### Python Libraries

Install the required Python libraries using the following command:

```bash
pip install -r requirements.txt
```

Alternatively, you can install them individually:

```bash
pip install httpx==0.24.0
pip install h2==4.1.0
pip install tqdm==4.66.1
pip install xlsxwriter==3.1.6
```

---

### Installation

1. **Clone the Repository**

   ```bash
   git clone https://github.com/yourusername/CVE-2023-44487-HTTP-2-Rapid-Reset-Exploit-PoC.git
   cd CVE-2023-44487-HTTP-2-Rapid-Reset-Exploit-PoC
   ```

2. **Set Up a Virtual Environment (Optional but Recommended)**

   ```bash
   python3 -m venv venv
   source venv/bin/activate
   ```

3. **Install Dependencies**

   ```bash
   pip install -r requirements.txt
   ```

---

### Usage

#### Command-Line Arguments

- `--url`: URL to test (e.g., `https://example.com` or `http://example.com`)
- `--bulk`: File containing a list of URLs to test
- `--port`: Specify port (default is `443` for HTTPS, `80` for HTTP)
- `--output`: Output file to save results (`.csv`, `.txt`, or `.xlsx`)

#### Examples

**Test a Single URL**

```bash
python3 main.py --url https://example.com
```

**Test Multiple URLs from a File**

```bash
python3 main.py --bulk urls.txt
```

**Specify a Custom Port**

```bash
python3 main.py --url http://example.com --port 8080
```

**Save Results to a File**

```bash
python3 main.py --bulk urls.txt --output results.xlsx
```

---

### Sample Output

#### Terminal Output (JSON Format)

```json
[
    {
        "Timestamp": "2024-12-03 10:00:00",
        "URL": "https://example.com",
        "HTTP/2 Support": "Yes",
        "Vulnerable": "VULNERABLE",
        "Details": "RST_STREAM sent successfully"
    },
    {
        "Timestamp": "2024-12-03 10:00:05",
        "URL": "http://testsite.com",
        "HTTP/2 Support": "No",
        "Vulnerable": "SAFE",
        "Details": "Downgraded to HTTP/1.1"
    }
]
```

#### CSV Output

| Timestamp           | URL                 | HTTP/2 Support | Vulnerable | Details                      |
|---------------------|---------------------|----------------|------------|------------------------------|
| 2024-12-03 10:00:00 | https://example.com | Yes            | VULNERABLE | RST_STREAM sent successfully |
| 2024-12-03 10:00:05 | http://testsite.com | No             | SAFE       | Downgraded to HTTP/1.1       |

---

### Notes

- **Ethical Usage**: This main is intended for educational purposes and should only be used on servers you own or have permission to test.
- **Accuracy**: A "VULNERABLE" result indicates that the server responded to the `RST_STREAM` frame in a way that suggests it might be vulnerable to CVE-2023-44487. Further manual verification is recommended.
- **Legal Disclaimer**: The author is not responsible for any misuse of this main.

---

### Author

- **Name**: Afif Hidayatullah
- **Organization**: ITSEC Asia
- **Contact**: [Linkedin](https://www.linkedin.com/in/afif-hidayatullah/)

---

### References

- [CVE-2023-44487 Details](https://vulners.com/cve/CVE-2023-44487)
- [HTTP/2 Specification](https://httpwg.org/specs/rfc7540.html)
- [h2 Library Documentation](https://python-hyper.org/projects/h2/en/stable/)

---

## requirements.txt

```plaintext
httpx==0.24.0
h2==4.1.0
tqdm==4.66.1
xlsxwriter==3.1.6
```

---

## Sample Results

Assuming you have a file named `urls.txt` containing:

```
https://example.com
http://testsite.com
https://vulnerable-site.com
```

**Command:**

```bash
python3 main.py --bulk urls.txt --output results.csv
```

**Sample `results.csv`:**

```csv
Timestamp,URL,HTTP/2 Support,Vulnerable,Details
2024-12-03 10:15:00,https://example.com,Yes,VULNERABLE,RST_STREAM sent successfully
2024-12-03 10:15:05,http://testsite.com,No,SAFE,Downgraded to HTTP/1.1
2024-12-03 10:15:10,https://vulnerable-site.com,Yes,VULNERABLE,RST_STREAM sent successfully
```

---

**Note:** Replace `https://vulnerable-site.com` with an actual site you have permission to test.

---

## Important

- Always ensure you have explicit permission to test the target URLs for vulnerabilities.
- Unauthorized testing can be illegal and unethical.
- Use this main responsibly and adhere to all applicable laws and regulations.

---

Let me know if you need further assistance or modifications!