Nmap Development mailing list archives

Re: [NSE] SSL Heartbleed

From: Patrik Karlsson <patrik () cqure net>
Date: Tue, 8 Apr 2014 17:14:04 -0400

Attached is a version using the vuln library. It gives me consistent
results against one vulnerable and one non-vulnerable version of OpenSSL
running with the command line I shared in earlier e-mail.

-Patrik



On Tue, Apr 8, 2014 at 4:51 PM, Patrik Karlsson <patrik () cqure net> wrote:

Dan,

I'm working on adding the vuln library and doing some cleanup.
It's working well for me against openssl s_server running with the
following command:
openssl s_server -cert mycert.pem -www -accept 443

But like I said, I haven't done any extensive testing.

-Patrik




On Tue, Apr 8, 2014 at 4:48 PM, Daniel Miller <bonsaiviking () gmail com>wrote:

 On 04/08/2014 03:16 PM, Patrik Karlsson wrote:

All,

Here's a first attempt on creating a script to detect the OpenSSL
Heartbleed bug.
It's based on the Python script[1] from Jared Stafford (jspenguin () jspenguin org).
My Lua and NSE is rusty and I haven't given it a lot of testing so any
feedback would be great.

Thanks,
Patrik




_______________________________________________
Sent through the dev mailing listhttp://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

 Patrick/List,

I've also been working on this. My progress is attached.

The Python PoC doesn't work on the implementations I've tried because,
quoting RFC 6520, "a HeartbeatRequest message SHOULD NOT be sent during
handshakes." The implementation I've been using for testing is the openssl
s_server application, invoked as: sudo openssl s_server -tls1_1 -accept 443
-cert /etc/ssl/certs/ssl-cert-snakeoil.pem -key
/etc/ssl/private/ssl-cert-snakeoil.key

I kind-of got it working sometimes, but there are so many problems with
implementing TLS handshaking that I'm tearing out my hair.

Dan




--
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77
http://www.linkedin.com/in/nevdull77



-- 
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77
http://www.linkedin.com/in/nevdull77

Attachment: ssl-heartbleed.nse
Description:

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[NSE] SSL Heartbleed Patrik Karlsson (Apr 08)
- Re: [NSE] SSL Heartbleed Daniel Miller (Apr 08)
  - Re: [NSE] SSL Heartbleed Patrik Karlsson (Apr 08)
    - Re: [NSE] SSL Heartbleed Patrik Karlsson (Apr 08)
    - Re: [NSE] SSL Heartbleed Gabriel Lawrence (Apr 08)
    - Re: [NSE] SSL Heartbleed Patrik Karlsson (Apr 08)
    - Re: [NSE] SSL Heartbleed Patrik Karlsson (Apr 08)
    - Re: [NSE] SSL Heartbleed John (Apr 09)
    - Re: [NSE] SSL Heartbleed Alan Jones (Apr 09)
    - Re: [NSE] SSL Heartbleed Gisle Vanem (Apr 09)
    - Re: [NSE] SSL Heartbleed Daniel Miller (Apr 09)
    - Re: [NSE] SSL Heartbleed Patrik Karlsson (Apr 09)
- Re: [NSE] SSL Heartbleed Niklaus Schiess (Apr 11)
- <Possible follow-ups>
- Re: [NSE] SSL Heartbleed Dane Goodwin (Apr 09)

(Thread continues...)