## https://sploitus.com/exploit?id=A66531EB-3C47-5C56-B8A6-E04B54E9D656
# CVE-2023-44487 - HTTP/2 Rapid Reset Exploit PoC
---
### Descriptions
This main is a Proof of Concept (PoC) for exploiting **CVE-2023-44487**, also known as the **HTTP/2 Rapid Reset Attack**. The vulnerability allows attackers to perform a Denial of Service (DoS) attack by rapidly sending `RST_STREAM` frames over HTTP/2 connections, overwhelming the target server.
---
### Features
- **Single URL Testing**: Test a single URL for vulnerability.
- **Bulk URL Testing**: Test multiple URLs provided in a file.
- **HTTP and HTTPS Support**: Supports both HTTP and HTTPS protocols.
- **Custom Port Selection**: Specify custom ports for testing.
- **Output Options**: Results can be saved in CSV, TXT, or XLSX formats.
- **Progress Bar**: Visual progress bar for bulk operations.
- **Detailed Logging**: Provides detailed results including timestamp, URL, HTTP/2 support status, vulnerability status, and details.
---
### Requirements
- **Python 3.7 or higher**
#### Python Libraries
Install the required Python libraries using the following command:
```bash
pip install -r requirements.txt
```
Alternatively, you can install them individually:
```bash
pip install httpx==0.24.0
pip install h2==4.1.0
pip install tqdm==4.66.1
pip install xlsxwriter==3.1.6
```
---
### Installation
1. **Clone the Repository**
```bash
git clone https://github.com/yourusername/CVE-2023-44487-HTTP-2-Rapid-Reset-Exploit-PoC.git
cd CVE-2023-44487-HTTP-2-Rapid-Reset-Exploit-PoC
```
2. **Set Up a Virtual Environment (Optional but Recommended)**
```bash
python3 -m venv venv
source venv/bin/activate
```
3. **Install Dependencies**
```bash
pip install -r requirements.txt
```
---
### Usage
#### Command-Line Arguments
- `--url`: URL to test (e.g., `https://example.com` or `http://example.com`)
- `--bulk`: File containing a list of URLs to test
- `--port`: Specify port (default is `443` for HTTPS, `80` for HTTP)
- `--output`: Output file to save results (`.csv`, `.txt`, or `.xlsx`)
#### Examples
**Test a Single URL**
```bash
python3 main.py --url https://example.com
```
**Test Multiple URLs from a File**
```bash
python3 main.py --bulk urls.txt
```
**Specify a Custom Port**
```bash
python3 main.py --url http://example.com --port 8080
```
**Save Results to a File**
```bash
python3 main.py --bulk urls.txt --output results.xlsx
```
---
### Sample Output
#### Terminal Output (JSON Format)
```json
[
{
"Timestamp": "2024-12-03 10:00:00",
"URL": "https://example.com",
"HTTP/2 Support": "Yes",
"Vulnerable": "VULNERABLE",
"Details": "RST_STREAM sent successfully"
},
{
"Timestamp": "2024-12-03 10:00:05",
"URL": "http://testsite.com",
"HTTP/2 Support": "No",
"Vulnerable": "SAFE",
"Details": "Downgraded to HTTP/1.1"
}
]
```
#### CSV Output
| Timestamp | URL | HTTP/2 Support | Vulnerable | Details |
|---------------------|---------------------|----------------|------------|------------------------------|
| 2024-12-03 10:00:00 | https://example.com | Yes | VULNERABLE | RST_STREAM sent successfully |
| 2024-12-03 10:00:05 | http://testsite.com | No | SAFE | Downgraded to HTTP/1.1 |
---
### Notes
- **Ethical Usage**: This main is intended for educational purposes and should only be used on servers you own or have permission to test.
- **Accuracy**: A "VULNERABLE" result indicates that the server responded to the `RST_STREAM` frame in a way that suggests it might be vulnerable to CVE-2023-44487. Further manual verification is recommended.
- **Legal Disclaimer**: The author is not responsible for any misuse of this main.
---
### Author
- **Name**: Afif Hidayatullah
- **Organization**: ITSEC Asia
- **Contact**: [Linkedin](https://www.linkedin.com/in/afif-hidayatullah/)
---
### References
- [CVE-2023-44487 Details](https://vulners.com/cve/CVE-2023-44487)
- [HTTP/2 Specification](https://httpwg.org/specs/rfc7540.html)
- [h2 Library Documentation](https://python-hyper.org/projects/h2/en/stable/)
---
## requirements.txt
```plaintext
httpx==0.24.0
h2==4.1.0
tqdm==4.66.1
xlsxwriter==3.1.6
```
---
## Sample Results
Assuming you have a file named `urls.txt` containing:
```
https://example.com
http://testsite.com
https://vulnerable-site.com
```
**Command:**
```bash
python3 main.py --bulk urls.txt --output results.csv
```
**Sample `results.csv`:**
```csv
Timestamp,URL,HTTP/2 Support,Vulnerable,Details
2024-12-03 10:15:00,https://example.com,Yes,VULNERABLE,RST_STREAM sent successfully
2024-12-03 10:15:05,http://testsite.com,No,SAFE,Downgraded to HTTP/1.1
2024-12-03 10:15:10,https://vulnerable-site.com,Yes,VULNERABLE,RST_STREAM sent successfully
```
---
**Note:** Replace `https://vulnerable-site.com` with an actual site you have permission to test.
---
## Important
- Always ensure you have explicit permission to test the target URLs for vulnerabilities.
- Unauthorized testing can be illegal and unethical.
- Use this main responsibly and adhere to all applicable laws and regulations.
---
Let me know if you need further assistance or modifications!