# heartbleed

**Repository Path**: dasics/heartbleed

## Basic Information

- **Project Name**: heartbleed
- **Description**: Reproduction of Heartbleed Attack (CVE-2014-0160), for research purpose ONLY
- **Primary Language**: Unknown
- **License**: MIT
- **Default Branch**: master
- **Homepage**: None
- **GVP Project**: No

## Statistics

- **Stars**: 0
- **Forks**: 0
- **Created**: 2023-04-03
- **Last Updated**: 2023-09-06

## Categories & Tags

**Categories**: Uncategorized

**Tags**: None

## README

# Heartbleed

## Description

This repository is a reproduction of Heartbleed bug (CVE-2014-0160) present in OpenSSL 1.0.1f. This reproduction is meant for **research purposes ONLY**.

**Users MUST abide by the laws enforced in their respective countries while using this repository.**

## Installation

For x86_64 systems, enter the following command:

~~~shell
make
~~~

For RV64 systems, enter the following command:

~~~shell
make CROSS_PREFIX=riscv64-unknown-linux-gnu-
~~~

**Notes:**

* **Compiling with riscv64-unknown-elf-gcc will fail.**
* **Compiling with -jX (x>=2) flag will fail due to the realization of make logic in openssl 1.0.1f**

## Usage

To execute the vulnerable server or the malicious client with the default IP address and port, use the commands `make run-server` or `make run-client`.

If you wish to customize the IP address and port, execute the generated executable file within the build directory (server), or run the python script directly (client).

## Acknowledgement

This repository features the malicious client script *hb_client.py*, initially created by Jared Stafford *(jspenguin@jspenguin.org)*. We express sincere gratitude to him!

## References

* [Quick and dirty demonstration of CVE-2014-0160](https://gist.github.com/luiscosio/10206724)