Detection and Exploitation of Heart bleed Vulnerability in Open SSL

International Journal of Computer Trends and Technology (IJCTT)          
© 2016 by IJCTT Journal
Volume-34 Number-2
Year of Publication : 2016
Authors : G.K.Bhaskar, C.Imthyaz Sheriff, G.K.Sandhia


G.K.Bhaskar, C.Imthyaz Sheriff, G.K.Sandhia "Detection and Exploitation of Heart bleed Vulnerability in Open SSL". International Journal of Computer Trends and Technology (IJCTT) V34(2):98-102, April 2016. ISSN:2231-2803. Published by Seventh Sense Research Group.

Abstract -
Heartbleed vulnerability in OpenSSL makes the attacker or cyber criminals to steal the confidential information of the victim such as username, passwords and sessions from the web server. Heartbleed is exploited by sending a malformed heartbeat request with a small payload to the web server which is using OpenSSL and the vulnerability could be exploited many times to get the different confidential information of the victim from the web server. Two different detection ways such as port scanning technique and script engine are used to find the heartbleed vulnerability on the web server. Exploitation of the heartbleed vulnerability could be done by using two ways such as Metasploit Framework and Scripting language.

[1] David Wheeler,“Preventing Heartbleed”, IEEE Computer Society, vol.47,pp.80-83, August 2014.
[2] Boyes, Norris, Bryant and Watson,“Trustworthy Software: Lessons From GotoFail & Heartbleed Bugs”, IEEE Cyber Security Conference, pp.1-7, 2014.
[3] Nektarios Georgios Tsoustos and MichailManiatakos, "Trust No One:Thwarting Heartbleed Attacks Using Privacy Preserving Computation", IEEE International Conference on VLSI, pp.59-64, 2014.
[4] Imran Ghafoor, Imran Jattala, ShakeelDurrani and Muhammad Tahir ch,“Analysis of OpenSSL Heartbleed Vulnerabiltiy for Embedded Systems”, IEEE International Multi Topic Conference, pp.314-319, 2014.
[5] Jun Wang, Mingyi Zhao, Qiang Zeng, Dinghao Wu and Peng Liu, “Risk Assessment of Buffer Heartbleed Overread Vulnerabilities”, IEEE International Conference on Dependable Systems and Networks, pp.555-562, 2015.

Heartbleed, Heartbeat, Reconnaissance, Espionage.