Difference between revisions of "Heartbleed"
APuchinger (talk | contribs) |
APuchinger (talk | contribs) |
||
Line 2: | Line 2: | ||
This page explains the background information of the "Heartbleed"- bug. | This page explains the background information of the "Heartbleed"- bug. | ||
The purpose of this documentation is not to guide attackers to reproduce the heartbleed attack, it should only highlight the functionality. | |||
== Requirements == | == Requirements == | ||
Line 10: | Line 10: | ||
== Description == | == Description == | ||
* HTTP communication usually takes place over TCP/IP connections | |||
* TCP is reliable but, a continuous data exchange is needed. | |||
* HTTPS Websites are encrypted with SSL | |||
* The Webserver has available sockets which allows connections to clients | |||
* Webserver have timers, after a set time of x - seconds the session gets closed if the client is inactive | |||
* To keep the session alive, the web-browser sends heartbeat requests which are processed by the server | |||
=== Heartbeat === | === Heartbeat === | ||
* an extension in OpenSSL | |||
* Special data package | |||
* Possible size: 16 Bytes < Heartbeat < 64Kb | |||
* “Heartbeat Requests” are sent from Webbrowser to Webserver to keep the session alive | |||
* The server answers with a “Heartbeat Respond” which contains the exact same dataset | |||
==== Example ==== | |||
Web browsers (client) sends a length and a message | |||
Pseudo example: | |||
Web browser sends message with length 5: ‘hello’ | |||
Web server responds with the exact same message : ‘hello’ | |||
=== Heartbleed === | === Heartbleed === | ||
Choose heartbeat request size as a minimum and claim it to the maximum | |||
The heartbeat request can be executed multiple times in a row | |||
Rebuild picture of servers RAM | |||
==== Example ==== | |||
Web browser sends message with length 65536: ‘hello’ | |||
The server read a full 64 KiB from memory and sends it to the client | |||
Web server allocates a dataslot of 64 KiB and copies the message ‘hello’ in the first place. The rest of the 65536 - ‘hello’ size is appended with data in the RAM. | |||
The Web server responds with the filled 64 KiB dataslot (including content of RAM). | |||
Make sure to read | Make sure to read |
Revision as of 16:06, 17 January 2022
Summary
This page explains the background information of the "Heartbleed"- bug. The purpose of this documentation is not to guide attackers to reproduce the heartbleed attack, it should only highlight the functionality.
Requirements
- Webserver e.g. (nginx / apache)
- OpenSSL between version 1.0.1 and 1.0.1f
Description
- HTTP communication usually takes place over TCP/IP connections
- TCP is reliable but, a continuous data exchange is needed.
- HTTPS Websites are encrypted with SSL
- The Webserver has available sockets which allows connections to clients
- Webserver have timers, after a set time of x - seconds the session gets closed if the client is inactive
- To keep the session alive, the web-browser sends heartbeat requests which are processed by the server
Heartbeat
- an extension in OpenSSL
- Special data package
- Possible size: 16 Bytes < Heartbeat < 64Kb
- “Heartbeat Requests” are sent from Webbrowser to Webserver to keep the session alive
- The server answers with a “Heartbeat Respond” which contains the exact same dataset
Example
Web browsers (client) sends a length and a message Pseudo example: Web browser sends message with length 5: ‘hello’ Web server responds with the exact same message : ‘hello’
Heartbleed
Choose heartbeat request size as a minimum and claim it to the maximum
The heartbeat request can be executed multiple times in a row
Rebuild picture of servers RAM
Example
Web browser sends message with length 65536: ‘hello’ The server read a full 64 KiB from memory and sends it to the client Web server allocates a dataslot of 64 KiB and copies the message ‘hello’ in the first place. The rest of the 65536 - ‘hello’ size is appended with data in the RAM. The Web server responds with the filled 64 KiB dataslot (including content of RAM).
Make sure to read
- War and Peace
- Lord of the Rings
- The Baroque Cycle
Used Hardware
Device to be used with this documentation Maybe another device to be used with this documentation
Courses
- A course where this documentation was used (2017, 2018)
- Another one (2018)