Skip to content

facesthe/http2_rapid_reset

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
cmd
cmd
 
 
docker
docker
 
 
pkg
pkg
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

http2_rapid_reset

Rapid reset demonstrator

Running locally

Use go versions < 1.20.10 or 1.21.3, as the vulnerabilities are patched out in these versions.

make keys
make build

# start the server in the background, or another terminal
./bin/server &
./bin/localclient -duration 10s -frequency 10000

Running in container

make image
docker compose up
# enter client
docker exec -it client sh
# perform stuff
client -duration 10s -frequency 10000 # rapid reset example
ddosclient -duration 10s -frequency 10000 # normal ddos example

Explanation

The HTTP2 rapid reset attack exploits the behaviour of servers that support HTTP/2.

The client container sends out a predetermined volume of requests to a HTTP2 server, sent as a stream of 100 (default) requests at a time. This stream is terminated by the client before the request completes.

This imparts little computational work client-side, while the server still needs to dedicate resources to processing these cancelled requests.

About

Rapid reset demonstrator

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages