Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement Heartbleed scenario #15

Open
craig-willis opened this issue Aug 15, 2018 · 2 comments
Open

Implement Heartbleed scenario #15

craig-willis opened this issue Aug 15, 2018 · 2 comments
Assignees
@rkalyanapurdue

Comments

@craig-willis
Copy link
Contributor

No description provided.

@rkalyanapurdue
Copy link
Contributor

Will use Ubuntu 14.04 with OpenSSL ver. 1.0.1f. Will demonstrate something in a similar vein as https://mattslifebytes.com/2014/04/08/hijacking-user-sessions-with-the-heartbleed-vulnerability/. There will be 3 containers; one each for hacker, victim and server. Server will host an authenticated webpage that hacker can gain access to by obtaining a cookie (via HeartBleed) and setting it in their browser session.

@rkalyanapurdue
Copy link
Contributor

Compiling OpenSSL from source did not work. Decided to use actual debs from the Debian snapshots (http://snapshot.debian.org/); ala https://github.com/hmlio/vaas-cve-2014-0160.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rkalyanapurdue rkalyanapurdue

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@craig-willis @rkalyanapurdue