HTTP/2.0 Rapid Reset reproducer

Reproducer for CVE-2023-44487 HTTP/2.0 rapid rest vulnerability built on top of Helidon.io HTTP/2 toolset.

Usage of the tool is meant only for testing and at one's own responsibility.

Build

Build Java artefact
```
make
```
Build native image binary(don't forget set graal as your SDK sdk use java 21-graal)
```
make native-image
```
Copy the binary to /usr/bin
```
make install
```

Usage

Server is either expected to be overwhelmed or the connection gets cut off when server is immune to the attack (floating window counting).

By default, reproducer sends 100M requests with HEADERS frame followed immediately by RST frame to http://localhost:8080.

Reproducer uses only single connection as it is meant for testing.

rapid-reset [uri [number-of-requests]]

Java archive (JRE 21 or higher required)

java -jar rapid-reset-1.0-SNAPSHOT.jar https://localhost:8080

Native binary

rapid-reset https://localhost:8080

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
src/main/java/cz/kec/test/rapidreset		src/main/java/cz/kec/test/rapidreset
.gitignore		.gitignore
Makefile		Makefile
README.md		README.md
pom.xml		pom.xml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

src/main/java/cz/kec/test/rapidreset

src/main/java/cz/kec/test/rapidreset

.gitignore

.gitignore

Makefile

Makefile

README.md

README.md

pom.xml

pom.xml

Repository files navigation

HTTP/2.0 Rapid Reset reproducer

Build

Usage

Java archive (JRE 21 or higher required)

Native binary

About

Releases 1

Packages

Languages

danielkec/rapid-reset

Folders and files

Latest commit

History

Repository files navigation

HTTP/2.0 Rapid Reset reproducer

Build

Usage

Java archive (JRE 21 or higher required)

Native binary

About

Resources

Stars

Watchers

Forks

Languages