Difference between revisions of "Heartbleed"
APuchinger (talk | contribs) |
APuchinger (talk | contribs) |
||
Line 7: | Line 7: | ||
* Webserver e.g. (nginx / apache) | * Webserver e.g. (nginx / apache) | ||
* OpenSSL between version 1.0.1 and 1.0.1f | * OpenSSL between version 1.0.1 and 1.0.1f (https://github.com/openssl/openssl/branches/all) | ||
== Description == | == Description == |
Revision as of 16:11, 17 January 2022
Summary
This page explains the background information of the "Heartbleed"- bug. The purpose of this documentation is not to guide attackers to reproduce the heartbleed attack, it should only highlight the functionality.
Requirements
- Webserver e.g. (nginx / apache)
- OpenSSL between version 1.0.1 and 1.0.1f (https://github.com/openssl/openssl/branches/all)
Description
- HTTP communication usually takes place over TCP/IP connections
- TCP is reliable but, a continuous data exchange is needed.
- HTTPS Websites are encrypted with SSL
- The Webserver has available sockets which allows connections to clients
- Webserver have timers, after a set time of x - seconds the session gets closed if the client is inactive
- To keep the session alive, the web-browser sends heartbeat requests which are processed by the server
Heartbeat
- an extension in OpenSSL
- Special data package
- Possible size: 16 Bytes < Heartbeat < 64Kb
- “Heartbeat Requests” are sent from Webbrowser to Webserver to keep the session alive
- The server answers with a “Heartbeat Respond” which contains the exact same dataset
Example
Web browsers (client) sends a length and a message Pseudo example: Web browser sends message with length 5: ‘hello’ Web server responds with the exact same message : ‘hello’
Heartbleed
Choose heartbeat request size as a minimum and claim it to the maximum
The heartbeat request can be executed multiple times in a row
Rebuild picture of servers RAM
Example
Web browser sends message with length 65536: ‘hello’ The server read a full 64 KiB from memory and sends it to the client Web server allocates a dataslot of 64 KiB and copies the message ‘hello’ in the first place. The rest of the 65536 - ‘hello’ size is appended with data in the RAM. The Web server responds with the filled 64 KiB dataslot (including content of RAM).
Make sure to read
- War and Peace
- Lord of the Rings
- The Baroque Cycle
Used Hardware
Device to be used with this documentation Maybe another device to be used with this documentation
Courses
- A course where this documentation was used (2017, 2018)
- Another one (2018)