Yesterday I posted my heartbleed packet capture with an unencrypted heartbeat record.
Now I post a capture with full TLS session setup, hence here the heartbeat records are encrypted. I use heartbleed.c by HackerFantastic.
heartbleed_packet_capture_tls.zip (https)
MD5: 7D19146C2ACC28AFAD6E1FD217E908BB
SHA256: 7FDECDD05269731EDD57FFEE24323C672D620A533CD412089F055D6266C76164
Didier Stevens 
Hello didier. I need some help from you.
when i try to compile the code made by Hacker Fantastic (the same you use), ive got some problems
i hope you can help me compiling this code.
im using ubuntu 12.03 with OpenSSL 1.0.1 14 Mar 2012 on it.
im using the next code yo try to compile:
gcc heartbleed.c -o heart -lssl -lssl3 -lcrypto
but this comand does not work
the output:
/tmp/ccOvusmc.o: In function `heartbleed’:
heartbleed.c:(.text+0x8fd): undefined reference to `ssl3_write_bytes’
/tmp/ccOvusmc.o: In function `sneakyleaky’:
heartbleed.c:(.text+0x9f0): undefined reference to `ssl3_read_n’
heartbleed.c:(.text+0xb77): undefined reference to `ssl3_read_n’
heartbleed.c:(.text+0xbe0): undefined reference to `tls1_enc’
heartbleed.c:(.text+0xd4d): undefined reference to `ssl3_cbc_copy_mac’
heartbleed.c:(.text+0xdbd): undefined reference to `tls1_mac’
heartbleed.c:(.text+0xeea): undefined reference to `ssl3_do_uncompress’
collect2: ld devolvió el estado de salida 1
Could you please tell me what is happening or maby tell me what can i do
Thank you in advance!!!!
Comment by zorro — Friday 11 April 2014 @ 1:12
@zorro I too had problems compiling this, so I installed ArchLinux, gcc and openssl, and compiled without -lssl3 option.
Comment by Didier Stevens — Friday 11 April 2014 @ 6:26
it’compiles without the -lssl3 option on Arch. But does it work? With my testserver with an vulnereable OpenSSL Version it always fails with “problem handling SSL record packet -wrong type?” “error to many bad packets recieved”.
locking in the heartbleed.c source it always fails after:
if ((s->rstate != SSL_ST_READ_BODY) ||
(s->packet_length s3->rbuf.len, 0);
if (n <= 0)
goto apple;
(it goes to apple, where it does the print outs)
you're sure it really works withouth the -lssl3? What is lssl3 anyway? I can't find the library!
Comment by Cheeers — Saturday 12 April 2014 @ 9:43
@Cheeers Of course it works, since I posted a packet capture with encrypted heartbeats.
Comment by Didier Stevens — Saturday 12 April 2014 @ 9:48
true.
Do you have any idea what else I can try?
thanks
Comment by Cheeers — Saturday 12 April 2014 @ 10:15
@Cheeers startup Wireshark, capture your test and see what you get. Moght give you a clue as to what goes wrong. Also, have you tested your server with other PoCs that don’t encrypt?
Comment by Didier Stevens — Saturday 12 April 2014 @ 10:18
Hi all,
In Debian based compile this way:
gcc heartbleed.c -o heartbleed -Wl,-Bstatic -lssl -Wl,-Bdynamic -lssl3 -lcrypto
Worked fine on Raspberry Pi with the most updated packages and libssl-dev.
Comment by Filipe YaBa Polido — Saturday 12 April 2014 @ 20:49
I tried on Ubuntu, but got the same “undefined reference to `ssl3_write_bytes’” error as OP.
any ideas?
Comment by t — Monday 14 April 2014 @ 12:35
“gcc heartbleed.c -o heartbleed -Wl,-Bstatic -lssl -Wl,-Bdynamic -lssl3 -lcrypto” works great in ubuntu 12.04
Thanks
Comment by Anonymous — Wednesday 7 May 2014 @ 8:08
I’ve compiled the heartbleed.c this way here
“gcc heartbleed.c -o heartbleed -Wl,-Bstatic -lssl -Wl,-Bdynamic -lssl3 -lcrypto” System Ubuntu 12.04
After that I’ve created a virtualbox with Ubuntu 14.04 and installed openssl 1.0.1f
Now when I want to test this I got every time this error message:
./heartbleed -s x.x.x.x -p 443 -f out -t 1
[ heartbleed – CVE-2014-0160 – OpenSSL information leak exploit
[ =============================================================
[ connecting to x.x.x.x 443/tcp
[!] FATAL: could not connect to x.x.x.x 443/tcp
What is wrong?
Comment by Elec — Tuesday 14 October 2014 @ 9:00
@Elec capture the traffic and see if you get a tcp connection.
Comment by Didier Stevens — Tuesday 14 October 2014 @ 13:39