Re: [NSE] SSL Heartbleed

[Patrik Karlsson <patrik () cqure net>]

Thanks for testing and feedback Gabriel. This attached version has correct
output and usage documentation I believe.
I would like to commit unless someone disagrees, wants some additional
changes, or has a better script they would like to commit.

Thanks,
Patrik


On Tue, Apr 8, 2014 at 7:42 PM, Gabriel Lawrence <gabriel.lawrence () gmail com
> wrote:

> I went down the route of trying to use the tls library... to get the same
> thing to happen... and i've failed :-) i just tested out this latest one on
> a few machines and got some nice results. I also like the good set of
> documentation it spits out.
>
> Thanks for pulling this together. Its a handy bit of kit.
>
> gabe
>
>
> On Tue, Apr 8, 2014 at 2:14 PM, Patrik Karlsson <patrik () cqure net> wrote:
>
> > Attached is a version using the vuln library. It gives me consistent
> > results against one vulnerable and one non-vulnerable version of OpenSSL
> > running with the command line I shared in earlier e-mail.
> >
> > -Patrik
> >
> >
> >
> > On Tue, Apr 8, 2014 at 4:51 PM, Patrik Karlsson <patrik () cqure net> wrote:
> >
> > > Dan,
> > >
> > > I'm working on adding the vuln library and doing some cleanup.
> > > It's working well for me against openssl s_server running with the
> > > following command:
> > > openssl s_server -cert mycert.pem -www -accept 443
> > >
> > > But like I said, I haven't done any extensive testing.
> > >
> > > -Patrik
> > >
> > >
> > >
> > >
> > > On Tue, Apr 8, 2014 at 4:48 PM, Daniel Miller <bonsaiviking () gmail com
> > > wrote:
> > >
> > > >  On 04/08/2014 03:16 PM, Patrik Karlsson wrote:
> > > >
> > > > All,
> > > >
> > > > Here's a first attempt on creating a script to detect the OpenSSL
> > > > Heartbleed bug.
> > > > It's based on the Python script[1] from Jared Stafford (
> > jspenguin () jspenguin org).
> > > > My Lua and NSE is rusty and I haven't given it a lot of testing so any
> > > > feedback would be great.
> > > >
> > > > Thanks,
> > > > Patrik
> > > >
> > > >
> > > >
> > > >
> > > > _______________________________________________
> > > > Sent through the dev mailing listhttp://nmap.org/mailman/listinfo/dev
> >
> > > > Archived at http://seclists.org/nmap-dev/
> > > >
> > > >  Patrick/List,
> > > >
> > > > I've also been working on this. My progress is attached.
> > > >
> > > > The Python PoC doesn't work on the implementations I've tried because,
> > > > quoting RFC 6520, "a HeartbeatRequest message SHOULD NOT be sent during
> > > > handshakes." The implementation I've been using for testing is the
> > openssl
> > > > s_server application, invoked as: sudo openssl s_server -tls1_1
> > -accept 443
> > > > -cert /etc/ssl/certs/ssl-cert-snakeoil.pem -key
> > > > /etc/ssl/private/ssl-cert-snakeoil.key
> > > >
> > > > I kind-of got it working sometimes, but there are so many problems with
> > > > implementing TLS handshaking that I'm tearing out my hair.
> > > >
> > > > Dan
> > >
> > >
> > >
> > > --
> > > Patrik Karlsson
> > > http://www.cqure.net
> > > http://twitter.com/nevdull77
> > > http://www.linkedin.com/in/nevdull77
> >
> >
> > --
> > Patrik Karlsson
> > http://www.cqure.net
> > http://twitter.com/nevdull77
> > http://www.linkedin.com/in/nevdull77
> >
> > _______________________________________________
> > Sent through the dev mailing list
> > http://nmap.org/mailman/listinfo/dev
> > Archived at http://seclists.org/nmap-dev/


-- 
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77
http://www.linkedin.com/in/nevdull77

Attachment: ssl-heartbleed.nse
Description:

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/