Sunday, April 20, 2014

Heartbleed exploit using Python script

The deepest threats to online security are the weaknesses in the fundamental  Internet protocols.
Now add these 3 lines of code (use the lib) and dump this file in the same folder to make it work behind a corporate proxy:
import socks

socks.setdefaultproxy(socks.PROXY_TYPE_HTTP, "proxy.server", 8080, True)
socket.socket = socks.socksocket
Quick and dirty batch script to dump Heartbleed memory leak at regular interval
The Heartbleed bug (CVE-2014-0160) can be used to attack clients as well as servers. Many organizations have hosts which initiate outbound SSL connections (pulling updates, fetching images, or pinging webhook URLs). These hosts are often on a separate infrastructure (with different SSL dependencies) within the organization firewall.
These hosts may be vulnerable to the reverse Heartbleed attack.

Use this tool to generate a URL for your host to make an outbound request to and check the generated results page to see whether you're vulnerable. We do not store anything about your clients on this server.
99% BAD HARDWARE WEEK: Apple patched Hearthbleed weakness in OS X and Maverics in February !
On unpatched systems, the bug affects the signature verification process in such a way that a server could send a valid certificate chain to the client and not have to sign the handshake at all, allowing an attacker with a privileged network position to capture or modify data in sessions that should otherwise be protected by TLS/SSL protocols.

Comments: Post a Comment

<< Home

This page is powered by Blogger. Isn't yours?