Posts Tagged ‘heartbleed CVE-2014-0160 openssl SSL’

With all the news of the Heartbleed SSL flaw in the media this week IT staff have been working to lock things down on servers & services.

Here are 3 Simple ways to Identify if a domain is vulnerable to a Heartbleed

Method 1
From any host running Chrome Web Browser search for and install the following extension
https://chrome.google.com/webstore/detail/chromebleed/eeoekjnjgppnaegdjbcafdggilajhpic

Image

Now browse to the Domain name in question to validate the status.
If the domain is vulnerable you will see a message similar to the following

Image
Method 2
Use a web based service such as the one found here:
http://filippo.io/Heartbleed/

Method 3
For scanning multiple sites at once we have created the following script.

bleeding_hearts.sh

Usage :

‘./bleeding_hearts.sh domain-list.txt’

Output Examples :

'TLS server extension heartbeat' 

The above output should be further investigated to verify the vulnerability.

More Info:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160