SPA New Method
In this method you have to send a PING frame, before sending the requests:
- Setup Connection
- Send a PING frame <-- Important
- For Requests without Body:
- send headers
- withhold an empty data frame
- For Requests with Body:
- Send headers, and body except the final byte
- withhold a data frame containing the final byte
- wait for 100ms
- send a ping frame
- send the final frames
- Use
start_thread_response_parsingmethod below to get responses times in nano seconds.
h2_conn.setup_connection()
h2_conn.send_ping_frame() <--- Important Line
h2_conn.send_frames(temp_headers_bytes)
sleep(0.1)
h2_conn.send_ping_frame()
h2_conn.send_frames(temp_data_bytes) # last frames with last bytesUse start_thread_response_parsing() method after setting up the connection or after sending your requests:
...IMPORTS...
h2_conn = H2OnTlsConnection(
hostname='http2.github.io',
port_number=443
)
h2_conn.setup_connection()
# ...Send Requests with Single Packet Attack Technique...
h2_conn.start_thread_response_parsing(_timeout=3)
while not h2_conn.is_threaded_response_finished:
sleep(1)
if h2_conn.is_threaded_response_finished is None:
print('Error has occurred!')
exit()
frame_parser = h2_conn.threaded_frame_parser
h2_conn.close_connection()
for x in frame_parser.headers_and_data_frames.keys():
d = frame_parser.headers_and_data_frames[x]
print(f'Stream ID: {x}, response nano seconds: {d["nano_seconds"]}')See improved-spa-method.py for improved version of SPA and timing attack