Re: [NSE] SSL Heartbleed

[Daniel Miller <bonsaiviking () gmail com>]

On 04/08/2014 03:16 PM, Patrik Karlsson wrote:
> All,
>
> Here's a first attempt on creating a script to detect the OpenSSL
> Heartbleed bug.
> It's based on the Python script[1] from Jared Stafford (
> jspenguin () jspenguin org).
> My Lua and NSE is rusty and I haven't given it a lot of testing so any
> feedback would be great.
>
> Thanks,
> Patrik
>
>
>
> _______________________________________________
> Sent through the dev mailing list
> http://nmap.org/mailman/listinfo/dev
> Archived at http://seclists.org/nmap-dev/
Patrick/List,

I've also been working on this. My progress is attached.

The Python PoC doesn't work on the implementations I've tried because, 
quoting RFC 6520, "a HeartbeatRequest message SHOULD NOT be sent during 
handshakes." The implementation I've been using for testing is the 
openssl s_server application, invoked as: sudo openssl s_server -tls1_1 
-accept 443 -cert /etc/ssl/certs/ssl-cert-snakeoil.pem -key 
/etc/ssl/private/ssl-cert-snakeoil.key

I kind-of got it working sometimes, but there are so many problems with 
implementing TLS handshaking that I'm tearing out my hair.

Dan

Attachment: tls-heartbleed.nse
Description:

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/