Skip to content

Latest commit

 

History

History

heartbleed

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
Patch OpenSSL and compile. The resulting openssl binary will be in the
apps/ subdirectory. It's best that you rename it (e.g., to
openssl-heartbleed) and copy somewhere else.

With PAYLOAD_EXTRA set to 16 (the default), the test is non-invasive and
won't return any server data. If you want to use an instrusive test (which
is necessary to differentiate vulnerable OpenSSL from non-vulnerable GnuTLS),
increase the value.

 | NOTE Use only on systems that you are allowed to test. Under
 |      no circumstances test systems for which you have no permission.

To test, invoke the patched version of OpenSSL, type B and press RETURN:

    $ ./openssl-heartbleed s_client -connect www.example.com:443 -msg

A server that doesn't respond isn't vulnerable. A server that returns
more data than it receives is vulnerable.

This is an example of a server returning 16 bytes of server data
(equivalent of setting PAYLOAD_EXTRA to 32):

---
B
HEARTBEATING
>>> TLS 1.2  [length 0025], HeartbeatRequest
    01 00 32 00 00 7c e8 f5 62 35 03 bb 00 34 19 4d
    57 7e f1 e5 90 6e 71 a9 26 85 96 1c c4 2b eb d5
    93 e2 d7 bb 5f
<<< TLS 1.2  [length 0045], HeartbeatResponse
    02 00 32 00 00 7c e8 f5 62 35 03 bb 00 34 19 4d
    57 7e f1 e5 90 6e 71 a9 26 85 96 1c c4 2b eb d5
    93 e2 d7 bb 5f 6f 81 0f aa dc e0 47 62 3f 7e dc
    60 95 c6 ba df c9 f6 9d 2b c8 66 f8 a5 45 64 0b
    d2 f5 3d a9 ad
read R BLOCK