{"id":14469289,"url":"https://github.com/nxenon/h2spacex","last_synced_at":"2026-01-11T22:53:39.864Z","repository":{"id":204259633,"uuid":"711459021","full_name":"nxenon/h2spacex","owner":"nxenon","description":"HTTP/2 Last Frame Synchronization (also known as Single Packet Attack) low Level Library / Tool based on Scapy‌ + Exploit Timing Attacks","archived":false,"fork":false,"pushed_at":"2025-05-26T13:06:21.000Z","size":58,"stargazers_count":177,"open_issues_count":0,"forks_count":10,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-06-05T14:42:24.246Z","etag":null,"topics":["http2","last-frame-synchronization","race-condition","race-conditions","scapy","single-packet-attack"],"latest_commit_sha":null,"homepage":"https://pypi.org/project/h2spacex/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nxenon.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-10-29T10:34:53.000Z","updated_at":"2025-06-01T00:09:38.000Z","dependencies_parsed_at":"2023-12-02T08:23:45.187Z","dependency_job_id":"bc3594fe-705f-43a8-915e-7ea952077fc6","html_url":"https://github.com/nxenon/h2spacex","commit_stats":null,"previous_names":["nxenon/h2spacex"],"tags_count":20,"template":false,"template_full_name":null,"purl":"pkg:github/nxenon/h2spacex","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nxenon%2Fh2spacex","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nxenon%2Fh2spacex/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nxenon%2Fh2spacex/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nxenon%2Fh2spacex/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nxenon","download_url":"https://codeload.github.com/nxenon/h2spacex/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nxenon%2Fh2spacex/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":272619373,"owners_count":24965415,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-29T02:00:10.610Z","response_time":87,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["http2","last-frame-synchronization","race-condition","race-conditions","scapy","single-packet-attack"],"created_at":"2024-09-02T04:00:46.250Z","updated_at":"2026-01-11T22:53:39.858Z","avatar_url":"https://github.com/nxenon.png","language":"Python","funding_links":[],"categories":["Weapons","Python","Tools"],"sub_categories":["Tools"],"readme":"# \u003cimg src=\"https://github.com/nxenon/h2spacex/assets/61124903/fd6387bf-15e8-4a5d-816b-cf5e079e07cc\" width=\"20%\" valign=\"middle\" alt=\"H2SpaceX\" /\u003e\u0026nbsp;\u0026nbsp; H2SpaceX\r\n\r\n[![pypi: 1.2.0](https://img.shields.io/badge/pypi-1.2.0-8c34eb.svg)](https://pypi.org/project/h2spacex/)\r\n[![Python: 3.8.8](https://img.shields.io/badge/Python-==3.8.x-blue.svg)](https://www.python.org)\r\n[![License: GPL v3](https://img.shields.io/badge/License-GPL%20v3-006112.svg)](https://github.com/nxenon/h2spacex/blob/main/LICENSE)\r\n\r\nHTTP/2 low level library based on Scapy which can be used for Single Packet Attack (Race Condition on H2)\r\n\r\n# Dive into Single Packet Attack Article\r\nI wrote an article and published it at InfoSec Write-ups:\r\n- [Dive into Single Packet Attack](https://infosecwriteups.com/dive-into-single-packet-attack-3d3849ffe1d2)\r\n\r\n# TODO\r\n- [Single Packet Attack - POST](https://github.com/nxenon/h2spacex/wiki/Quick-Start-Examples)\r\n  - [x] implement\r\n- [Single Packet Attack - GET](https://github.com/nxenon/h2spacex/wiki/GET-SPA-Methods)\r\n  - [x] Content-Length: 1 Method\r\n  - [x] POST Request with x-override-method: GET header\r\n- Response Parsing\r\n  - [x] implement\r\n  - [x] implement threaded response parser\r\n  - [x] add response times in nano seconds for timing attacks\r\n  - [x] Body Decompression\r\n    - [x] gzip\r\n    - [x] br\r\n    - [x] deflate\r\n- [Proxy](https://github.com/nxenon/h2spacex/wiki/Quick-Start-Examples#proxy-example)\r\n  - [x] Socks5 Proxy\r\n\r\n# More Research\r\nSome following statements are just ideas and not tested or implemented.\r\n\r\n- More Request in a Single Packet\r\n  - Increase MSS (Idea by James Kettle)\r\n  - Out of Order TCP Packets (Idea by James Kettle)\r\n  - IP Fragmentation\r\n- Proxy the Single Packet Request through SOCKS\r\n- Single Packet Attack on GET Requests\r\n  - [Content-Length: 1 Method](https://github.com/nxenon/h2spacex/wiki/GET-SPA-Methods) (Idea by James Kettle)\r\n  - [x-override-method: GET](https://github.com/nxenon/h2spacex/wiki/GET-SPA-Methods) Method (Idea by James Kettle)\r\n  - Index HPACK Headers to Make GET Requests Smaller\r\n  - HEADERS Frame without END_HEADER Flag\r\n  - HEADERS Frame Without Some Pseudo Headers\r\n\r\n# Installation\r\nH2SpaceX works with Python 3 (preferred: \u003e=3.8.8)\r\n\r\n    pip install h2spacex\r\n\r\n\r\n## Error in Installation\r\nif you get errors of scapy:\r\n\r\n\r\n    pip install --upgrade scapy\r\n\r\n\r\n# Quick Start\r\nYou can import the HTTP/2 TLS Connection and set up the connection. After setting up the connection, you can do other things:\r\n\r\n```python\r\nfrom h2spacex import H2OnTlsConnection\r\n\r\nh2_conn = H2OnTlsConnection(\r\n    hostname='http2.github.io',\r\n    port_number=443,\r\n    ssl_log_file_path=\"PATH_TO_SSL_KEYS.log\"  # optional (if you want to log ssl keys to read the http/2 traffic in wireshark)\r\n)\r\n\r\nh2_conn.setup_connection()\r\n...\r\n```\r\nsee more examples in [Wiki Page](https://github.com/nxenon/h2spacex/wiki/Quick-Start-Examples)\r\n\r\n# Examples\r\nSee examples which contain some Portswigger race condition examples.\r\n\r\n[Examples Page](./examples)\r\n\r\n# Enhanced Single Packet Attack Method (Black Hat 2024) for Timing Attacks\r\nJames Kettle introduced an improved version of Single Packet Attack in Black Hat 2024 for timing attacks:\r\n\r\n![Impvoved Version Image](https://github.com/user-attachments/assets/bf7bf88c-937a-4a95-899b-990bc6fc6a23)\r\n\r\nYou can implement this method easily using `send_ping_frame()` method.\r\n\r\nSee this Wiki and `Parse Response (Threaded) + Response Times for Timing Attacks` part:\r\n- [New Method README (WIKI)](https://github.com/nxenon/h2spacex/wiki/SPA-New-Method)\r\n\r\n[Improved Version of SPA Sample Exploit](./examples/improved-spa-method.py)\r\n## Reference of Improved Method:\r\n- [Listen to the whispers: web timing attacks that actually work](https://portswigger.net/research/listen-to-the-whispers-web-timing-attacks-that-actually-work)\r\n\r\n# References \u0026 Resources\r\n\r\n- [James Kettle DEF CON 31 Presentation](https://youtu.be/tKJzsaB1ZvI?si=6uAuzOt3wjnEGYP6)\r\n- [Portswigger Research Page](https://portswigger.net/research/smashing-the-state-machine#single-packet-attack)\r\n- [HTTP/2 in Action Book](https://www.manning.com/books/http2-in-action)\r\n\r\nI also got some ideas from a previous developed library [h2tinker](https://github.com/kspar/h2tinker).\r\n\r\nFinally, thanks again to James Kettle for directly helping and pointing some other techniques.\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnxenon%2Fh2spacex","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnxenon%2Fh2spacex","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnxenon%2Fh2spacex/lists"}