Open konklone opened 10 years ago
timmc
commented
10 years ago Last I checked from the web tool, cotse.net and imgur.com were vulnerable, so those might be good to test with. (Still working on getting the CLI tool set up myself.)
ETA: Both example sites are patched.
konklone
commented
10 years ago yep, imgur.com works, though cotse.net can't be found:
$ Heartbleed imgur.com:443
2014/04/08 12:31:49 ([]uint8) {
00000000 02 00 79 68 65 61 72 74 62 6c 65 65 64 2e 66 69 |..yheartbleed.fi|
00000010 6c 69 70 70 6f 2e 69 6f 59 45 4c 4c 4f 57 20 53 |lippo.ioYELLOW S|
00000020 55 42 4d 41 52 49 4e 45 eb cb 5f c8 64 b6 f4 22 |UBMARINE.._.d.."|
00000030 0f 45 99 86 2e 9a d2 bb 5e 25 54 f4 0b 0b 0b 0b |.E......^%T.....|
00000040 0b 0b 0b 0b 0b 0b 28 00 2e c0 2b c0 2f c0 0a c0 |......(...+./...|
00000050 09 c0 13 c0 14 c0 12 c0 07 c0 11 00 33 00 32 00 |............3.2.|
00000060 45 00 39 00 38 00 88 00 16 00 2f 00 41 00 35 00 |E.9.8...../.A.5.|
00000070 84 00 0a 00 05 00 04 01 00 00 50 00 d1 63 4a 53 |..........P..cJS|
00000080 96 5d b8 b7 be 8a 7c dd 6d 25 3e 79 |.]....|.m%>y|
}
2014/04/08 12:31:49 imgur.com:443 - VULNERABLE
$ Heartbleed cotse.net:443
2014/04/08 12:31:55 cotse.net:443 - ERROR: dial tcp: lookup cotse.net: no such hostWeird though, the one I'm testing on now (my employer!) is reliably timing out:
$ Heartbleed sunlightfoundation.com:443
2014/04/08 12:32:42 sunlightfoundation.com:443 - ERROR: heartbleed: timeoutThat site worked (and turned up an UNSAFE) via the website last night.
bmhatfield
commented
10 years ago I'm seeing timeouts against all of the ELB endpoints that I am testing.
sansmischevia
commented
10 years ago Same with the ELBs I'm testing with as well - AWS has a forum thread with updates here: https://forums.aws.amazon.com/thread.jspa?threadID=149690
This is with the command line tool.
Sites which I know are fixed correctly give a
SAFEresponse, but sites which I believe are not give aERROR: heartbleed: timeoutresponse. I can't get a straightforward "NOT SAFE" response (or whatever it gives in that condition).