Background: After accumulating some scenarios, the testing requirements for Web Fuzzer HTTP2 should gradually be put on the agenda; many times, when encountering H2 websites during testing, users still have to switch to Burp to continue testing, and are forced to endure the interaction and Repeater/Intruder has quite a big problem with scalability. But in […]
Tag: http2
CVE-2023-44487 HTTP2 vulnerability
Recently, the security circle announced a 0day vulnerability, CVE-2023-44487, that uses the HTTP/2 fast reset mechanism to carry out DDoS attacks. Since the HTTP/2 protocol has been widely used on the Internet, this vulnerability has attracted widespread attention in the industry once it was released. . As we introduced in the previous article, Leichi WAF […]
In-depth analysis of the vulnerability principle-CVE-2023-44487 HTTP2
Recently, the security circle announced a 0day vulnerability, CVE-2023-44487, that uses the HTTP/2 fast reset mechanism to carry out DDoS attacks. Since the HTTP/2 protocol has been widely used on the Internet, this vulnerability has attracted widespread attention in the industry once it was released. . As we introduced in the previous article, Leichi WAF […]
Vulnerability CVE-2023-44487 HTTP2
Recently, the security circle announced a 0day vulnerability, CVE-2023-44487, that uses the HTTP/2 fast reset mechanism to carry out DDoS attacks. Since the HTTP/2 protocol has been widely used on the Internet, this vulnerability has attracted widespread attention in the industry once it was released. . As we introduced in the previous article, Leichi WAF […]
The difference between http1.1 and http2.0 and their application scenarios
One, difference 1. Compatibility In 2015, IETF (Internet Engineering Task Force) released http2.0. 2.0 is an upgrade based on 1.1 (more secure and efficient). It is fully compatible with version 1.1. So far, it has been used by 30% of websites (Google, Taobao, etc.). Apifox currently supports 2.0. Debugging of the protocol. 2. What specific […]
http2/push chrome removal support
# chrome removal support https://www.ctrl.blog/entry/http2-push-chromium-deprecation.html#:~:text=Server push is an optional feature introduced in, times. It also enables use-cases like instant redirects. go code example -assets folder -app2 -css main.css -js main.js index.html main.go index.html <!DOCTYPE html> <html lang=”en”> <head> <meta charset=”UTF-8″> <meta name=”viewport” content=”width=device-width, initial-scale=1.0″> <link rel=”icon” href=”/public/favicon.ico” type=”image/x-icon” /> <link rel=”stylesheet” href=”/public/css/main.css” /> <title>File Server</title> […]
Complete analysis of HTTP2 protocol
The HTTP protocol has undergone many revisions and changes since its birth. HTTP/2 has undergone revolutionary changes compared to HTTP/1.0 and HTTP/1.1. It can also be seen from its major version number changing from 1 to 2. A huge upgrade, HTTP/2 mainly solves the problem of low interaction efficiency of HTTP/1.x protocol. HTTP uses TCP […]
HTTP2 connectivity test
Introduction to HTTP/2 HTTP: HTTP/1.X – High Performance Browser Networking (O’Reilly) HTTP/2 (Hypertext Transfer Protocol version 2, originally named HTTP 2.0), referred to as h2 (encrypted connection based on TLS/1.2 or above) or h2c (unencrypted connection), HTTP/2 is the third version of the HTTP protocol Two major versions, used to transfer data between Web servers […]
HTTP2 HPACK header compression
Foreword In the HTTP/1.x era, only the message body supports compression, because generally speaking, the message body is usually larger than the header. Compressing the message body can reduce the size of the data packet and improve transmission performance. But after long-term observation, people found that there are a lot of repeated data in the […]
Netty encodes and decodes HTTP2 Frame
Foreword In the era of HTTP/1.x, HTTP is a text protocol, simple and direct, human-friendly and readable. The header and body are distinguished by line breaks, which is inefficient and error-prone for computers to process. HTTP2 breaks this tradition. It does not change the semantics of the HTTP protocol. The request response still has a […]