version 1.0.1

Author: nxenon

README.md

@@ -1,6 +1,6 @@
 # <img src="https://github.com/nxenon/h2spacex/assets/61124903/fd6387bf-15e8-4a5d-816b-cf5e079e07cc" width="20%" valign="middle" alt="H2SpaceX" />&nbsp;&nbsp; H2SpaceX
 
-[![pypi: 0.1.17](https://img.shields.io/badge/pypi-0.1.17-8c34eb.svg)](https://pypi.org/project/h2spacex/)
+[![pypi: 1.0.1](https://img.shields.io/badge/pypi-1.0.1-8c34eb.svg)](https://pypi.org/project/h2spacex/)
 [![Python: 3.10](https://img.shields.io/badge/Python->=3.10-blue.svg)](https://www.python.org)
 [![License: GPL v3](https://img.shields.io/badge/License-GPL%20v3-006112.svg)](https://github.com/nxenon/h2spacex/blob/main/LICENSE)
 
@@ -46,6 +46,14 @@ H2SpaceX works with Python 3 (preferred: >=3.10)
 
     pip install h2spacex
 
+
+## Error in Installation
+if you get errors of scapy:
+
+
+    pip install --upgrade scapy
+
+
 # Quick Start
 You can import the HTTP/2 TLS Connection and set up the connection. After setting up the connection, you can do other things:
 
@@ -67,6 +75,17 @@ See examples which contain some Portswigger race condition examples.
 
 [Examples Page](./examples)
 
+# Improved Single Packet Attack Method (Black Hat 2024)
+James Kettle introduced a improved version of Single Packet Attack in Black Hat 2024:
+
+![Impvoved Version Image](https://github.com/user-attachments/assets/bf7bf88c-937a-4a95-899b-990bc6fc6a23)
+
+You can implement this method easily using `send_ping_frame()` method.
+
+[Improved Version of SPA Sample Exploit](./examples/improved-spa-method.py)
+## Reference of Improved Method:
+- [Listen to the whispers: web timing attacks that actually work](https://portswigger.net/research/listen-to-the-whispers-web-timing-attacks-that-actually-work)
+
 # References & Resources
 
 - [James Kettle DEF CON 31 Presentation](https://youtu.be/tKJzsaB1ZvI?si=6uAuzOt3wjnEGYP6)

examples/improved-spa-method.py

@@ -0,0 +1,70 @@
+from h2spacex import H2OnTlsConnection
+from time import sleep
+from h2spacex import h2_frames
+
+h2_conn = H2OnTlsConnection(
+    hostname='http2.github.io',
+    port_number=443
+)
+
+headers = """accept: */*
+content-type: application/x-www-form-urlencoded
+...
+"""
+
+body = """BODY
+DATA...
+...
+"""
+stream_ids_list = h2_conn.generate_stream_ids(number_of_streams=5)
+
+all_headers_frames = []  # all headers frame + data frames which have not the last byte
+all_data_frames = []  # all data frames which contain the last byte
+
+for s_id in stream_ids_list:
+    header_frames_without_last_byte, last_data_frame_with_last_byte = h2_conn.create_single_packet_http2_post_request_frames(
+        method='POST',
+        headers_string=headers,
+        scheme='https',
+        stream_id=s_id,
+        authority="http2.github.io",
+        body=body,
+        path='/somePath'
+    )
+
+    all_headers_frames.append(header_frames_without_last_byte)
+    all_data_frames.append(last_data_frame_with_last_byte)
+
+# concatenate all headers bytes
+temp_headers_bytes = b''
+for h in all_headers_frames:
+    temp_headers_bytes += bytes(h)
+
+# concatenate all data frames which have last byte
+temp_data_bytes = b''
+for d in all_data_frames:
+    temp_data_bytes += bytes(d)
+
+h2_conn.setup_connection()
+h2_conn.send_ping_frame()  # important line (in improved version of single packet attack)
+
+# send header frames
+h2_conn.send_frames(temp_headers_bytes)
+
+# wait some time
+sleep(0.1)
+
+# send ping frame to warm up connection
+h2_conn.send_ping_frame()
+
+# send remaining data frames
+h2_conn.send_frames(temp_data_bytes)
+
+# parse response frames
+resp = h2_conn.read_response_from_socket(_timeout=3)
+frame_parser = h2_frames.FrameParser(h2_connection=h2_conn)
+frame_parser.add_frames(resp)
+frame_parser.show_response_of_sent_requests()
+
+# close the connection to stop response parsing and exit the script
+h2_conn.close_connection()

pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "h2spacex"
-version = "0.1.17"
+version = "1.0.1"
 authors = [
   { name="nxenon", email="[email protected]" },
 ]

setup.py

@@ -5,7 +5,7 @@
 
 setup(
     name='h2spacex',
-    version='0.1.17',
+    version='1.0.1',
     description='HTTP/2 Single Packet Attack low level library based on Scapy',
     package_dir={"": "src"},
     packages=find_packages(where="src"),

src/h2spacex/h2_connection.py

@@ -7,6 +7,8 @@
 from scapy.all import hex_bytes
 from . import h2_frames, utils
 import socks
+from .modules.logger import Logger
+logger = Logger()
 
 
 class H2Connection:
@@ -89,7 +91,7 @@ def _create_socks_socket(self):
         sock.connect((self.hostname, self.port_number))
         self.raw_socket = sock
         sock_addr = sock.getsockname()
-        print(f'+ Connected through Proxy: {self.hostname}:{self.port_number} --> {sock_addr[0]}:{sock_addr[1]}')
+        logger.logger_print(f'+ Connected through Proxy: {self.hostname}:{self.port_number} --> {sock_addr[0]}:{sock_addr[1]}')
 
     def _create_raw_socket(self):
         """
@@ -108,11 +110,11 @@ def _create_raw_socket(self):
 
         self.raw_socket = raw_socket
         sock_addr = raw_socket.getsockname()
-        print(f'+ Connected to: {self.hostname}:{self.port_number} --> {sock_addr[0]}:{sock_addr[1]}')
+        logger.logger_print(f'+ Connected to: {self.hostname}:{self.port_number} --> {sock_addr[0]}:{sock_addr[1]}')
 
     def _send_h2_connection_preface(self):
         self.send_bytes(self.H2_PREFACE)
-        print('+ H2 connection preface sent')
+        logger.logger_print('+ H2 connection preface sent')
 
     def get_using_socket(self):
         """
@@ -131,7 +133,7 @@ def send_bytes(self, bytes_data: bytes):
         try:
             using_socket.send(bytes_data)
         except Exception as e:
-            print('# Error in sending bytes: ' + str(e))
+            logger.logger_print('# Error in sending bytes: ' + str(e))
 
     def send_frames(self, frames):
         """
@@ -221,10 +223,10 @@ def _send_client_initial_settings_frame(self):
         client_initial_settings_frame = h2_frames.create_settings_frame(settings=settings_list)
 
         self.send_bytes(bytes(client_initial_settings_frame))
-        print('+ Client initial SETTINGS frame sent: ')
-        print('// Client SETTINGS //')
-        print(self.DEFAULT_SETTINGS)
-        print()
+        logger.logger_print('+ Client initial SETTINGS frame sent: ')
+        logger.logger_print('// Client SETTINGS //')
+        logger.logger_print(self.DEFAULT_SETTINGS)
+        logger.logger_print()
 
     def generate_stream_ids(self, number_of_streams):
         """
@@ -441,4 +443,4 @@ def send_simple_http2_request(
 {body}
 +----- END Request Info -----+
 """
-        print(more_info_msg)
+        logger.logger_print(more_info_msg)

src/h2spacex/h2_frames.py

@@ -3,6 +3,8 @@
 import gzip
 import brotli
 import zlib
+from .modules.logger import Logger
+logger = Logger()
 
 
 def decompress_gzip_data(gzip_data: bytes):
@@ -11,7 +13,7 @@ def decompress_gzip_data(gzip_data: bytes):
         decompressed_content = gzip.decompress(gzip_data)
         decoded_content = decompressed_content.decode('utf-8')
     except Exception as e:
-        print('# Error in decompressing gzip encoded body : ' + str(e))
+        logger.logger_print('# Error in decompressing gzip encoded body : ' + str(e))
         return gzip_data
 
     return decoded_content
@@ -23,7 +25,7 @@ def decompress_br_data(br_data: bytes):
         decompressed_content = brotli.decompress(br_data)
         decoded_content = decompressed_content.decode('utf-8')
     except Exception as e:
-        print('# Error in decompressing br encoded body : ' + str(e))
+        logger.logger_print('# Error in decompressing br encoded body : ' + str(e))
         return br_data
 
     return decoded_content
@@ -35,7 +37,7 @@ def decompress_deflate_data(deflate_data: bytes):
         decompressed_content = zlib.decompress(deflate_data, -zlib.MAX_WBITS)
         decoded_content = decompressed_content.decode('utf-8')
     except Exception as e:
-        print('# Error in decompressing deflate encoded body : ' + str(e))
+        logger.logger_print('# Error in decompressing deflate encoded body : ' + str(e))
         return deflate_data
 
     return decoded_content
@@ -78,7 +80,7 @@ def add_frames(self, frames_bytes: bytes, is_verbose=False):
 
             for f in parsed_frames:
                 if is_verbose:
-                    print(f.show())
+                    logger.logger_print(f.show())
 
                 if isinstance(f.payload, h2.H2HeadersFrame):
                     self.parse_header_frame(f)
@@ -103,33 +105,33 @@ def add_frames(self, frames_bytes: bytes, is_verbose=False):
                     self.parse_reset_frame(f)
 
                 else:
-                    print('--frame--')
-                    print('Frame Type: ' + str(type(f.payload)) + ' / Type ID: ' + str(f.type))
+                    logger.logger_print('--frame--')
+                    logger.logger_print('Frame Type: ' + str(type(f.payload)) + ' / Type ID: ' + str(f.type))
                     f.show()
-                    print('##frame##')
+                    logger.logger_print('##frame##')
 
     def parse_settings_frame(self, settings_frame):
         if 'A' in settings_frame.flags:
-            print('* Server sent ACK for client SETTINGS frame')
+            logger.logger_print('* Server sent ACK for client SETTINGS frame')
 
         else:
-            print('* Server sent Settings frame with following values:')
-            print('// Server SETTINGS //')
-            print(settings_frame.settings)
-            print()
+            logger.logger_print('* Server sent Settings frame with following values:')
+            logger.logger_print('// Server SETTINGS //')
+            logger.logger_print(settings_frame.settings)
+            logger.logger_print()
             ack_settings_frame = create_settings_frame(is_ack=1)
             self.send_frame(ack_settings_frame)
-            print('+ Client sent ACK for server SETTINGS frame')
+            logger.logger_print('+ Client sent ACK for server SETTINGS frame')
 
     def parse_window_update_frame(self, windows_update_frame):
-        print('* Server sent WINDOW UPDATE frame with win_increase_size of: ' + str(windows_update_frame.win_size_incr))
+        logger.logger_print('* Server sent WINDOW UPDATE frame with win_increase_size of: ' + str(windows_update_frame.win_size_incr))
 
     def parse_ping_frame(self, ping_frame):
         if 'A' in ping_frame.flags:
-            print('* Server sent ACK for PING frame')
+            logger.logger_print('* Server sent ACK for PING frame')
 
     def parse_reset_frame(self, reset_frame):
-        print(f'# Server sent RESET frame for Stream ID: {reset_frame.stream_id}, with Err_Code: {reset_frame.error}')
+        logger.logger_print(f'# Server sent RESET frame for Stream ID: {reset_frame.stream_id}, with Err_Code: {reset_frame.error}')
 
     def parse_header_frame(self, header_frame):
         headers_string = self.get_headers_string_from_headers_frame(header_frame)
@@ -259,56 +261,56 @@ def parse_response_frames_bytes(
 
     raw_frame_bytes = frames_bytes
     if raw_frame_bytes:
-        print('+--------- START Response Frames ---------+')
+        logger.logger_print('+--------- START Response Frames ---------+')
         parsed_frames = h2.H2Seq(raw_frame_bytes).frames
         # print(parsed_frames)
 
         for f in parsed_frames:
             if is_verbose:
-                print(f.show())
+                logger.logger_print(f.show())
 
             if isinstance(f.payload, h2.H2HeadersFrame):
                 headers_string = _get_headers_string_from_headers_frame(f)
-                print(f'------ Headers Stream ID: {f.stream_id} ------')
-                print(headers_string)
+                logger.logger_print(f'------ Headers Stream ID: {f.stream_id} ------')
+                logger.logger_print(headers_string)
 
             elif isinstance(f.payload, h2.H2DataFrame):
-                print(f'------ Data Stream ID: {f.stream_id} ------')
+                logger.logger_print(f'------ Data Stream ID: {f.stream_id} ------')
                 with gzip.GzipFile(fileobj=gzip.io.BytesIO(f.data), mode='rb') as decompressed_file:
                     # Read the decompressed data
                     decompressed_content = decompressed_file.read()
 
                 # If the decompressed content is in bytes, you might want to decode it (if it contains text)
                 decoded_content = decompressed_content.decode('utf-8')
-                print(decoded_content)
+                logger.logger_print(decoded_content)
 
                 # print(f'------ Data Stream ID: {f.stream_id} ------')
                 # print(str(f.data))
 
             elif isinstance(f.payload, h2.H2SettingsFrame):
                 if socket_obj is not None:
-                    print('* got a Settings frame from server')
+                    logger.logger_print('* got a Settings frame from server')
                     settings_frame = create_settings_frame(is_ack=1)
                     socket_obj.send(bytes(settings_frame))
-                    print('* client sent ACK for server Settings')
+                    logger.logger_print('* client sent ACK for server Settings')
 
             elif isinstance(f.payload, h2.H2WindowUpdateFrame):
-                print('* server sent WindowUpdate Frame with win_increase_size of: ' + str(f.win_size_incr))
+                logger.logger_print('* server sent WindowUpdate Frame with win_increase_size of: ' + str(f.win_size_incr))
 
             elif isinstance(f.payload, h2.H2PingFrame):
-                print('* server sent ACK for PING frame')
+                logger.logger_print('* server sent ACK for PING frame')
 
             elif isinstance(f.payload, NoPayload):
                 if f.type == 4:  # settings frame
                     if 'A' in f.flags:
-                        print('* server sent ACK for client Settings')
+                        logger.logger_print('* server sent ACK for client Settings')
 
             else:
-                print('--frame--')
+                logger.logger_print('--frame--')
                 f.show()
-                print('##frame##')
+                logger.logger_print('##frame##')
 
-        print('+--------- END Response Frames ---------+')
+        logger.logger_print('+--------- END Response Frames ---------+')
 
 
 def create_ping_frame(ping_data='12345678', is_ack=0):
@@ -318,7 +320,7 @@ def create_ping_frame(ping_data='12345678', is_ack=0):
     """
 
     if len(ping_data) != 8:
-        print('ping frame payload must be 8 in length! --> ' + ping_data + ' is invalid!')
+        logger.logger_print('ping frame payload must be 8 in length! --> ' + ping_data + ' is invalid!')
         exit()
 
     if is_ack: