Proj 11: Attacking Clients with a Malicious Heartbleed SSL Server (10 pts.)

What You Need


The heartbleed vulnerability in OpenSSL allows a malicous HTTPS server to steal RAM from a client machine that connects to it.

This was patched recently in openssl1.0.1g, but the Kali Linux machines you got on the DVD in class have an older, vulnerable version :)

Checking OpenSSL Version

To test the version, in a Terminal window, excute this command:
openssl version
The version number appears, as shown below. If the version is 1.0.1, 1.0.1f, or 1.0.1 followed by any letter before g, your server is likely to be vulnerable.

Kali Linux uses a vulnerable version!


If you have a later version of openssl, which is not vulnerable, re-extract a new Kali virtual machine from the DVDs handed out in class to get a vulnerable machine.

Get the Exploit Code

In a Terminal window, execute these commands:
git clone

cd pacemaker


You should see a "" file, as shown below.


If that git repository is unavailable for some reason, you can get a copy from my server with these commands:

mv pacemaker.pyx

Run the Malicious HTTPS Server

Resize your Terminal window to use only a portion of the Kali desktop, as shown below.

In the Terminal window, execute this command:

Pacemaker starts listening, as shown below. Leave this window open.

Testing curl

Curl uses openssl, which makes it vulnerable.

Open a new Terminal window and resize it to use the other half of the Kali desktop, as shown below.

In the new Terminal window, execute this command:

curl https://localhost:4433/
Curl will show a connection error, but that doesn't matter because the RAM was stolen before that happened.

The pacemaker window fills with stolen RAM data, as shown below. The exploit worked!

In the pacemaker window, use the mouse to carefully scroll back up to see the start of the stolen RAM. Find the "Client returned 65517 (0xffed) bytes" message, as shown below. (Some versions of pacemaker show a slightly different number of bytes.)

Saving the Screen Image

Make sure your image has these required elements: Save the image with a filename of "Proj 11a from YOUR NAME".

Testing IceWeasel

In the pacemaker window, scroll to the bottom so you see the last line of stolen RAM, beginning with "ff00:".

At the top left of the Kali Linux desktop, click the round blue icon to open IceWeasel, which forked from Firefox.

Move IceWeasel to use only the lower portion of the desktop, as shown below.

In IceWeasel, type in this address and press Enter:

The pacemaker window shows one or messages saying "Not vulnerable!", as shown below.

This means IceWeasel is not vulnerable--that's just a normal heartbeat.

Saving the Screen Image

Make sure your image has these required elements: Save the image with a filename of "Proj 11b from YOUR NAME".

Turning In Your Project

Email the image to with a subject of "Project 11 from YOUR NAME".


Last modified: 4-28-14 7:47 pm