HTTP/2 Single Packet Attack low level library / Tool based on Scapy
HTTP/2 low level library based on Scapy which can be used for Single Packet Attack (Race Condition on H2)
I wrote an article and published it at InfoSec Write-ups:
Some following statements are just ideas and not tested or implemented.
H2SpaceX works with Python 3 (preferred: >=3.10)
pip install h2spacex
You can import the HTTP/2 TLS Connection and set up the connection. After setting up the connection, you can do other things:
from h2spacex import H2OnTlsConnection
h2_conn = H2OnTlsConnection(
hostname='http2.github.io',
port_number=443
)
h2_conn.setup_connection()
...
see more examples in Wiki Page
See examples which contain some Portswigger race condition examples.
I also got some ideas from a previous developed library h2tinker.
Finally, thanks again to James Kettle for directly helping and pointing some other techniques.