All of Heart Bleed Checker were bleed data of using memory by Open SSL Libary in a apache process. This bleed is accessed unauthorized way, and violated 'Unauthorized access law'.
This presentation think these BAD scripts, and 'Heart Bleed check site', and attempts more better method.
12. 古いssltest.pyの修正その1
# Classic bounadry check violation.
hb = struct.pack(“>BHHBH”, # Format(1,2,2,1,2) bytes = TOTAL 9 bytes
24, # TLS package kind - 24 == Heartbeat
770, # TLS Version (1.1) (0x0301)
3, # Length
1, # Heartbeat type (0x01 == Request, 0x02 == Response)
0 # ( <- 65535 ) Payload length, control how much memory we can
snarf on the server side. (exploit here)
13. ssltest.pyの修正その2
def hit_hb(s):
while True:
typ, ver, pay = recvmsg(s)
if typ is None:
print 'No heartbeat response received, server likely not vulnerable'
return False
if typ == 24:
print 'Received heartbeat response:'
- print 'WARNING: server returned more data than it should - server
is vulnerable!'
+ print ' ... WARNING: Server processed malformed heartbeat,
server is vulnerable!'
return True
if typ == 21:
print 'Received alert:'
- hexdump(pay)
- print 'Server returned error, likely not vulnerable'
+ print ' ... Server is NOT vulnerable!'
return False