Sunday, April 20, 2014
Heartbleed exploit using Python script
The deepest threats to online security are the weaknesses in the fundamental Internet protocols.
Here.
Now add these 3 lines of code (use the http://socksipy.sourceforge.net/ lib) and dump this file in the same folder to make it work behind a corporate proxy:
These hosts may be vulnerable to the reverse Heartbleed attack.
Use this tool to generate a URL for your host to make an outbound request to and check the generated results page to see whether you're vulnerable. We do not store anything about your clients on this server.
___________________________
99% BAD HARDWARE WEEK: Apple patched Hearthbleed weakness in OS X and Maverics in February !
On unpatched systems, the bug affects the signature verification process in such a way that a server could send a valid certificate chain to the client and not have to sign the handshake at all, allowing an attacker with a privileged network position to capture or modify data in sessions that should otherwise be protected by TLS/SSL protocols.
Here.
Now add these 3 lines of code (use the http://socksipy.sourceforge.net/ lib) and dump this file in the same folder to make it work behind a corporate proxy:
import socks
...
socks.setdefaultproxy(socks.PROXY_TYPE_HTTP, "proxy.server", 8080, True)
socket.socket = socks.socksocket
Quick and dirty batch script to dump Heartbleed memory leak at regular intervalThe Heartbleed bug (CVE-2014-0160) can be used to attack clients as well as servers. Many organizations have hosts which initiate outbound SSL connections (pulling updates, fetching images, or pinging webhook URLs). These hosts are often on a separate infrastructure (with different SSL dependencies) within the organization firewall.
These hosts may be vulnerable to the reverse Heartbleed attack.
Use this tool to generate a URL for your host to make an outbound request to and check the generated results page to see whether you're vulnerable. We do not store anything about your clients on this server.
___________________________
99% BAD HARDWARE WEEK: Apple patched Hearthbleed weakness in OS X and Maverics in February !
On unpatched systems, the bug affects the signature verification process in such a way that a server could send a valid certificate chain to the client and not have to sign the handshake at all, allowing an attacker with a privileged network position to capture or modify data in sessions that should otherwise be protected by TLS/SSL protocols.
THIS LINK posted by Joseph Bell : 12:55 PM
