README
¶
Exploits
This page contains information about exploiting Last Frame Synchronization (also known as Single Packet Attack) on HTTP/3.
Last Frame Synchronization for Requests with a Body
Last Frame Synchronization for Requests without Body (GET requests within a single packet)
See lfs_requests_without_body.go
Last Frame Synchronization for Requests without Body (GET requests with FAKE DATA Frames)
See lfs_requests_without_body_cl.go
Extra
LFS third method, Can be sent via fake body with content length for example:
Content-Length: 2
...OTHER HEADERS...
BODY:
aa
This request converts into:
- Send all requests [HEADERS frame + DATA(a)] with FIN=0
- Send all requests [DATA(a) frame] with FIN=1 within a Single Packet
Also, it can be sent via only a fake empty DATA frame.
Documentation
¶
There is no documentation for this package.
Source Files
Click to show internal directories.
Click to hide internal directories.