Heartbleeder automatically detects OpenSSL heartbleed vulnerabilities (attached Guide)

Heartbleeder can detect OpenSSL CVE-2014-0160 Vulnerability (heartbleed vulnerability) on your server ).

What is a heartbleed vulnerability?

CVE-2014-0160, heartbleed vulnerability, is a very serious OpenSSL vulnerability. This vulnerability allows attackers to read 64 kB memory information from vulnerable servers. This information may contain sensitive information, including user requests, passwords, and even private keys of certificates.

It is said that some attackers tried to use the vulnerability to read data on a certain treasure. After reading the data for 200 times, they obtained more than 40 usernames and 7 passwords.

How can I use heartbleeder to detect a heartbleed vulnerability? Install

You can download the compiled Binary Package from gobuild. io. Including Windows, Linux, and MacOSX.

Because Linux is the most commonly used server operating system, the following command is provided to download the Linux binary compressed package:

Linux (amd64)

wget http://gobuild.io/github.com/titanous/heartbleeder/master/linux/amd64 -O output.zip 

Linux (i386)

wget http://gobuild.io/github.com/titanous/heartbleeder/master/linux/386 -O output.zip 

Download and decompress the package.

You can also compile and install the SDK by yourself (the Go version must be later than 1.2) by running the following command:

go get github.com/titanous/heartbleeder

Binary files are stored in $ GOPATH/bin/heartbleeder.

Use

$ heartbleeder example.com INSECURE - example.com:443 has the heartbeat extension enabled and is vulnerable

Ipvs uses OpenSSL on port 5432 by default. If you use the ipvs server, use the following command:

$ heartbleeder -pg example.com SECURE - example:5432 does not have the heartbeat extension enabled

How to manually detect heartbleed Vulnerabilities

If it is not convenient to install heartbleeder, or you do not have to worry about the results of the automatic detection, you can also manually detect it.

First, determine whether the Openssl version on the server is a vulnerable version. Currently, versions with vulnerabilities include 1.0.1-1.0.1f (including 1.0.1f) and 1.0.2-beta. You can use the following command to view the current version on the server:

openssl version

Then you need to determine whether heartbeat extension is Enabled:

Openssl s_client-connect your Website: 443-tlsextdebug 2> & 1 | grep 'tls server extension "heartbeat" (id = 15), len = 1'

If both of the preceding conditions are met, it is a pity that your server is affected by this vulnerability and must be repaired as soon as possible.

How to remove the affected server to prevent leakage of sensitive information. Stop the old openssl service, Upgrade openssl to the new version, and restart. Generate a new key. (Attackers may exploit this vulnerability to obtain the private key .) Submit the new key to your CA. After obtaining the new authentication, install the new key on the server. The server goes online. Revoke old authentication. Cancel existing session cookies. Ask the user to change the password