Heartbleed

From Embedded Lab Vienna for IoT & Security
Revision as of 16:06, 17 January 2022 by APuchinger (talk | contribs)
Jump to navigation Jump to search

Summary

This page explains the background information of the "Heartbleed"- bug. The purpose of this documentation is not to guide attackers to reproduce the heartbleed attack, it should only highlight the functionality.

Requirements

  • Webserver e.g. (nginx / apache)
  • OpenSSL between version 1.0.1 and 1.0.1f

Description

  • HTTP communication usually takes place over TCP/IP connections
  • TCP is reliable but, a continuous data exchange is needed.
  • HTTPS Websites are encrypted with SSL
  • The Webserver has available sockets which allows connections to clients
  • Webserver have timers, after a set time of x - seconds the session gets closed if the client is inactive
  • To keep the session alive, the web-browser sends heartbeat requests which are processed by the server

Heartbeat

  • an extension in OpenSSL
  • Special data package
  • Possible size: 16 Bytes < Heartbeat < 64Kb
  • “Heartbeat Requests” are sent from Webbrowser to Webserver to keep the session alive
  • The server answers with a “Heartbeat Respond” which contains the exact same dataset

Example

Web browsers (client) sends a length and a message Pseudo example: Web browser sends message with length 5: ‘hello’ Web server responds with the exact same message : ‘hello’


Heartbleed

Choose heartbeat request size as a minimum and claim it to the maximum

The heartbeat request can be executed multiple times in a row

Rebuild picture of servers RAM

Example

Web browser sends message with length 65536: ‘hello’ The server read a full 64 KiB from memory and sends it to the client Web server allocates a dataslot of 64 KiB and copies the message ‘hello’ in the first place. The rest of the 65536 - ‘hello’ size is appended with data in the RAM. The Web server responds with the filled 64 KiB dataslot (including content of RAM).


Make sure to read

  • War and Peace
  • Lord of the Rings
  • The Baroque Cycle

Used Hardware

Device to be used with this documentation Maybe another device to be used with this documentation

Courses

References

Retrieved from "https://wiki.elvis.science/index.php?title=Heartbleed&oldid=9514"