[Ach] OpenSSL 'heartbleed' bug
Wolfgang Breyha
wolfgang.breyha at univie.ac.at
Wed Apr 9 00:37:56 CEST 2014
On 09/04/14 00:30, Aaron Zauner wrote:
>> https://michael-p-davis.com/using-heartbleed-for-hijacking-user-sessions/
> I've written a similar PoC just using the ssltest.py file and a bit of
> bash and grep hackery. This can be done by any teen script-kiddie. Worrying.
The perl script mentioned on heise looks useful, too:
https://github.com/noxxi/p5-scripts/blob/master/check-ssl-heartbleed.pl
Allows regex'ing on the "data".
Greetings, Wolfgang
--
Wolfgang Breyha <wolfgang.breyha at univie.ac.at> | http://www.blafasel.at/
Vienna University Computer Center | Austria
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 538 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20140409/98393e9e/attachment.sig>
More information about the Ach
mailing list