Wireshark-bugs: [Wireshark-bugs] [Bug 9988] New: Unencrypted heartbeat requests are marked as en
Date: Mon, 14 Apr 2014 12:29:18 +0000
Bug ID 9988
Summary Unencrypted heartbeat requests are marked as encrypted
Classification Unclassified
Product Wireshark
Version Git
Hardware All
OS All
Severity Normal
Priority Low
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected]

Created attachment 12692 [details]
Malicious and normal heartbeats (gzip-compressed pcapng)

Build Information:
The attached packet gets marked as an encrypted heartbeat request. However, all
record contents before the ChangeCipherSpec message is unencrypted. This bug
also makes it impossible to detect the Heartbleed bug using the expert info

The capture consists of two sessions:

 1. Client exploitation[1] of Heartbleed (using vulnerable OpenSSL):

    ./pacemaker.py -x2 -n 0xffed
    curl -o /dev/null https://localhost:4433/
 2. Normal, legit, encrypted heartbeats using:

    openssl s_server
    openssl s_client -connect 0:4433 -cipher AES128-SHA

    Issue the "B" command to trigger heartbeats. The keys for this capture file
can be found below.

premaster.txt (join the three parts on a single space-separated line):




 [1]: https://github.com/Lekensteyn/pacemaker

You are receiving this mail because:
  • You are watching all bug changes.