tintinweb tintinweb
🍣
tintinweb
/ hb-test.py
Last active
August 29, 2015 13:58
— forked from takeshixx/hb-test.py
CVE-2014-0160 - OpenSSL tcp heartbeat PoC with STARTTLS, XMPP, Proxy CONNECT (SSL) support. Also includes some TLS record fixups, and features like file-dumping, TLS protocol version selection (HBMsg only)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python2 | |
| # Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org) | |
| # The author disclaims copyright to this source code. | |
| # | |
| # tintinweb | https://github.com/tintinweb | |
| # added proxy CONNECT support | |
| # added HB packet variation for IPS testing | |
| # added valid HB message padding (without HMAC) | |
| # added options for custom HeartBeat.len, payload, fixed size TLSRecord.len, padding |