Nmap Development mailing list archives
Re: [NSE] SSL Heartbleed
From: Patrik Karlsson <patrik () cqure net>
Date: Tue, 8 Apr 2014 17:14:04 -0400
Attached is a version using the vuln library. It gives me consistent results against one vulnerable and one non-vulnerable version of OpenSSL running with the command line I shared in earlier e-mail. -Patrik On Tue, Apr 8, 2014 at 4:51 PM, Patrik Karlsson <patrik () cqure net> wrote:
Dan, I'm working on adding the vuln library and doing some cleanup. It's working well for me against openssl s_server running with the following command: openssl s_server -cert mycert.pem -www -accept 443 But like I said, I haven't done any extensive testing. -Patrik On Tue, Apr 8, 2014 at 4:48 PM, Daniel Miller <bonsaiviking () gmail com>wrote:On 04/08/2014 03:16 PM, Patrik Karlsson wrote: All, Here's a first attempt on creating a script to detect the OpenSSL Heartbleed bug. It's based on the Python script[1] from Jared Stafford (jspenguin () jspenguin org). My Lua and NSE is rusty and I haven't given it a lot of testing so any feedback would be great. Thanks, Patrik _______________________________________________ Sent through the dev mailing listhttp://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/ Patrick/List, I've also been working on this. My progress is attached. The Python PoC doesn't work on the implementations I've tried because, quoting RFC 6520, "a HeartbeatRequest message SHOULD NOT be sent during handshakes." The implementation I've been using for testing is the openssl s_server application, invoked as: sudo openssl s_server -tls1_1 -accept 443 -cert /etc/ssl/certs/ssl-cert-snakeoil.pem -key /etc/ssl/private/ssl-cert-snakeoil.key I kind-of got it working sometimes, but there are so many problems with implementing TLS handshaking that I'm tearing out my hair. Dan-- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77 http://www.linkedin.com/in/nevdull77
-- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77 http://www.linkedin.com/in/nevdull77
Attachment:
ssl-heartbleed.nse
Description:
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] SSL Heartbleed Patrik Karlsson (Apr 08)
- Re: [NSE] SSL Heartbleed Daniel Miller (Apr 08)
- Re: [NSE] SSL Heartbleed Patrik Karlsson (Apr 08)
- Re: [NSE] SSL Heartbleed Patrik Karlsson (Apr 08)
- Re: [NSE] SSL Heartbleed Gabriel Lawrence (Apr 08)
- Re: [NSE] SSL Heartbleed Patrik Karlsson (Apr 08)
- Re: [NSE] SSL Heartbleed Patrik Karlsson (Apr 08)
- Re: [NSE] SSL Heartbleed John (Apr 09)
- Re: [NSE] SSL Heartbleed Alan Jones (Apr 09)
- Re: [NSE] SSL Heartbleed Gisle Vanem (Apr 09)
- Re: [NSE] SSL Heartbleed Daniel Miller (Apr 09)
- Re: [NSE] SSL Heartbleed Patrik Karlsson (Apr 09)
- Re: [NSE] SSL Heartbleed Patrik Karlsson (Apr 08)
- Re: [NSE] SSL Heartbleed Daniel Miller (Apr 08)
- <Possible follow-ups>
- Re: [NSE] SSL Heartbleed Dane Goodwin (Apr 09)