Establishment of Heartbleed heart bleed hole range

1. Introduction

The principle of OpenSSL heart bleeding is the OpenSSL introduction of a Heartbeat (heartbeat) mechanism to maintain the long-term existence of TLS links, the heartbeat mechanism as an extension of TLS, but in code including TLS (TCP) and Dtls (UDP) do not do boundary detection, This could lead to an attacker exploiting this vulnerability to obtain some data in memory of the TLS link pair (either the server or the client).
So in order to detect this vulnerability, I need to build a data exchange site through the HTTPS security protocol in the virtual machine, while the OpenSSL version of the virtual machine is a version that contains a heart bleed vulnerability. Through the client that is the physical machine command line running the heart Bleed Detection POC code and Wireshark to carry out a crawl packet to analyze the painstaking vulnerabilities. 2. Server environment build 2.1 install VMware

Go to the official website to download or download VMware virtual machine software and install VMware in intranet share, install VMware without any difficulty choose the path click Install can. 2.2 Installing the Ubuntu system

Download the Ubuntu14.04 system in the official website, click to create the virtual machine in VMware and then import the downloaded Ubuntu ISO path to install, ctrl+alt+t Open the command line after the installation, enter command OpenSSL version to view the OpenSSL edition, Theoretically the Ubuntu14.04 version of OpenSSL 1.0.1f is a heart bleed, but because of the time of the heart bleed leak is 2014-04-07, so time is at a boundary, afraid of the loophole is repaired, so I put OpenSSL The 1.0.1f version of the OpenSSL version is uninstalled and reinstalled on the OpenSSL 1.0.1e version to ensure that a OpenSSL heart bleed is included. 2.3 Installation OpenSSL

Enter the Ubuntu virtual machine ctrl+alt+t open the command line. Uninstall the original version of OpenSSL, enter the command: sudo apt-get purge OpenSSL, through the command OpenSSL version to see if the OpenSSL has been uninstalled, uninstall completed, download OpenSSL The 1.0.1e version of the compressed package is transmitted via SSH to the virtual machine. Install OpenSSL: Unpack the installation package, tar XF openssl-1.0.1e.tar.gz enter OpenSSL directory execution command:
./config–prefix=usr/local–openssldir=/usr/local/ssl
Make
sudo make install
./config Shared–prefix=/usr/local–openssldir=/usr/local/ssl
Make
Make install
2.4 Install apache+ Configure HTTPSInstall Apache server: input command: sudo apt-get install apache2 installs Apache2. After the installation is complete:
The resulting start and stop files are:/etc/init.d/apache2
Start: sudo apache2 start
Stop: sudo apache2 stop
Reboot: sudo apache2 restart
The configuration file is saved in the/etc/apache2 directory, and the Ubuntu release version of the primary profile is apache2.conf.
Enter the URL in the browser localhost to see if it works for Apache display page.
To open the SSL module:
sudo a2enmod SSL Create certificate: Because we build the environment mainly for us to detect vulnerabilities to use, so we only need to create a self-signed certificate. Use the Apache built-in tool to create a default self-signed certificate with the-days parameter to make the expiration date
sudo apache2-ssl-certificate-daysxxx

Enter your hostname when common name (eg,your name) is required. After the creation is complete, a APACHE.PEM file is generated in the current directory containing the secret key and the certificate. You can copy this certificate to the/etc/apache2/and create an SSL directory and copy it to:
/etc/apache2/ssl/apache.pem2.5 Edit HTTPS configurationTo add a listening port:
Edit Apache Port configuration (/etc/apache2/ports.conf) Add 443 port Listen 443 if SSL defaults. Set site-enabled:
After installation, a default default-ssl.conf file is generated in the/etc/apache2/sites-available directory. Create a link to the sites-enabled directory:
Ln-s/etc/apache2/sites-available/default-ssl.conf/etc/apache2/sites-enabled/001-ssl Modify configuration file:
Verify that the HTTP listening port is 80:gedit/etc/apache2/sites-enabled/000-default.conf

HTTPS Listening port default 443: Change port to 443, add SSL authentication configuration under, others according to their own custom
Gedit/etc/apache2/sites-enabled/001-ssl
2.6 Restart Apache service

Service apache2 Stop
Service apache2 start 3. Website Environment Build 3.1 install MySQL database +php5 Install MySQL database: Enter sudo apt-get update to prevent software packages that are not directly installed MySQL from downloading.
Input: sudo apt-get install mysql-server mysql-client for installation, the software installation will let you enter the root user password, enter the password to confirm the password after the installation.
Determine if the MySQL database was installed successfully: sudo service MySQL restart to see if it is running. Let Apache support mysql:sudo apt-get install libapache2-mod-auth-mysql Setup module for PHP support mysql:sudo apt-get install Php5-mysql installation module Login MySQL Database: mysql-u root-p input mysql root password installation php5:sudo apt-get install PHP5 let Apache support php5:sudo apt-get install Libapache 2-MOD-PHP5 Install PHP5-GD module: sudo apt-get install PHP5-GD use gedit to create/var/www files under "info.php": sudo gedit/var/www/info.php
In the text editor, enter 3.2 Simple Web page code writing

Build a simple web site with data interaction: Use Apache server, MySQL database and PHP5 website to build. PHP to write a simple user login program, backstage connection MySQL database for data validation, if the data matching return to the success of the page. 4. Environmental construction Considerations When you install OpenSSL, unzip the OpenSSL./config make makes install the three steps when configuring./config must be aware of the OpenSSL installation path, Because sometimes you just follow the default compiled installation path may be installed after the installation is completed, enter OpenSSL version cannot find the installed versions. The directory of the certificate files that are generated when you configure HTTPS is consistent with the sslcertificatefile path of the default-ssl.conf that you have under the Sites-enabled folder. Because the heart bleed leak is mainly due to the heartbeat mechanism of the boundary detection problem, so we want to see their installed OpenSSL has not opened the heartbeat expansion mechanism:
/usr/bin/openssl s_client-connect 192.168.197.128/ Login.php:443-tlsextdebug 2>&1| grep ' TLS ' 5. Detection methods are detected via the online POC Python scripting code:
Open a Web site written in a virtual machine through a physical machine, install Python in a physical machine, and configure environment variables, Run the POC through the command line, enter the IP address of the server and see if there is any data returned. Command line directive: Python ssltest.py 192.168.197.128 nmap for Heart Bleed detection, nmap-sv-p 443–script=ssl-heartbleed 192.168.197.128
Through the online detection tool hearbleed scanner Direct detection