Skip navigation

HTTP/2 Peach Pit for Microsoft Edge

Happy Holidays from Duo Labs. A very short blog post to announce the availability of a tool that some of you might find useful. Here at Duo Labs we believe that open sourcing security research tools helps the greater research community push technology forward. Hopefully you find this useful to your own research or testing efforts and we encourage everyone to please consider joining us in sharing your tools which are typically considered proprietary with the public in the spirit of bettering security for everyone.

During the last part of this year we spent a little time over here at Duo Labs looking at Microsoft Edge. Part of that work of course, is performing fuzz testing against various protocols that the browser supports. One such fuzzing tool that we like to use is known as Peach Fuzzer which we, in the case of Microsoft Edge used to test the emerging HTTP/2 protocol.

While we are still deciding how much more we want to look at Microsoft’s Edge, we thought that it might be helpful to release the Peach Pit that Mikhail Davidov created for use with the Enterprise version of Peach Fuzzer.

This peach pit implements the HTTP/2 protocol RFC-7540 and is targetted at Microsoft Edge.

Full documentation and all code is available on Mikhail’s github.

Steve Manzuik

Director of Security Research

Steve is the Director of Security Research at Duo Security’s Duo Labs (@duo_labs) where he is responsible for our team of crazy researchers. Steve brings over 20 years of Information Security experience including roles at various product companies, consultancies and research teams.