#### Scanning for HTTP/2 with Rumble

Published on August 15, 2019

This Tuesday, Jonathan Looney, a researcher at Netflix, disclosed seven different ways to break common HTTP/2 protocol implementations, while an eighth issue was disclosed by Piotr Sikora of Google. These issues could be used to exhaust the resources of affected HTTP/2 implementations.

Shortly after the HTTP/2 issues were disclosed, a Rumble user reached out asking if we could help identify HTTP/2 endpoints on their network. We are happy to announce that as of version 0.8.14, the Rumble Agent and Rumble Scanner now probe for HTTP/2 automatically, recording the protocol and the HTTP/2 specific responses (status, headers, body). For users of the Rumble Network Discovery web console, HTTP/2 enabled nodes can be identified by using Inventory search term protocol:http2. Users of the command-line Rumble Scanner can view the assets.html report and search for nodes with the http2 protocol flagged.

As an alternative to Rumble, the Nmap Security Scanner can also identify HTTP/2 implementations via the tls-nextprotoneg NSE. The CVEs for the eight HTTP/2 issues are CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, and CVE-2019-9518. The CERT/CC Wiki provides a matrix of affected vendors, including both software packages and service providers.

As always, if you have questions, feedback, or suggestions please reach out!

### Similar Content

Hunting for Network Bridges with Rumble
Published on August 5, 2019
Thanks to the wonderful user feedback from Beta 5, a handful of bug fixes and improvements have been deployed along with a new feature: Network Bridge Detection! The bridge report shows external networks in red, internal networks in green, and multihomed assets that bridge these networks in orange. Zooming in will show asset and subnet details, while clicking a node will take you to the asset page for bridge nodes and to a CIDR-based inventory search for network nodes.
Rumble Network Discovery Beta 5
Published on July 30, 2019
Rumble Two Ways with Beta 5 The last few months have been incredible thanks to our wonderful beta community and their vocal feedback. Quite a few folks asked for a version of Rumble they could use independent of the cloud and Beta 5 delivers it. The Rumble Scanner has undergone a makeover and now handles fingerprinting, asset correlation, and rudimentary reporting, making it far more adaptable for restrictive environments and security consulting.
Better TCP Scans Through UDP Discovery
Published on June 11, 2019
One of the trickiest parts of network discovery is balancing thoroughness with speed. We strive to provide a fast, low-impact scan by default, but also try to include as many services and protocols as possible. Today we released version 0.7.5 of the Rumble Agent and Rumble Scanner. This version increases the default port coverage from 100 TCP ports to more than 400, while also supporting discovery and fingerprinting of additional TCP services by leveraging UDP discovery protocols.