Skip to content
/ heartbleed-proof-of-concept Public

Proof of concept for exploiting the Heartbeat Extension bug detailed in the CVE-2014-0160. 🗝️ 🔓

5 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

undacmic/heartbleed-proof-of-concept

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
article
article
 
 
presentation
presentation
 
 
resources
resources
 
 
server-image
server-image
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
heartbleed.c
heartbleed.c
 
 

Repository files navigation

Heartbleed (CVE-2014-0160)

Setup

You will require docker in order to perform the setup. The exploit, dynamically generates the random bytes from the Client Hello message, therefore you will need to link the library when building the executable. The required package to be installed, in order to link properly:

sudo apt-get install libssl-dev

The tool was tested on Docker for Desktop - Version: 20.10.21 with WSL 2.

The steps to reproduce the vulnerability are:

  1. Vulnerable server initialization
cd server-image/
docker build -t <image_name> .
docker run -d -p <port>:443 --name <name> <image_name>
  1. Starting the script
cd ..
gcc -o heartbleed heartbleed.c -lcrypto
./heartbleed <ip> <port>

You do need to specify the correct port.

Heartbleed Leak of 65535 bytes

Preview

Thesis Presentation
Article preview Presentation preview

About

Proof of concept for exploiting the Heartbeat Extension bug detailed in the CVE-2014-0160. 🗝️ 🔓

Topics

tls proof-of-concept exploit heartbeat vulnerability heartbleed cve-2014-0160

Resources

Readme
Activity

Stars

5 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages