rkalyanapurdue
commented
6 years ago Compiling OpenSSL from source did not work. Decided to use actual debs from the Debian snapshots (http://snapshot.debian.org/); ala https://github.com/hmlio/vaas-cve-2014-0160.
Will use Ubuntu 14.04 with OpenSSL ver. 1.0.1f. Will demonstrate something in a similar vein as https://mattslifebytes.com/2014/04/08/hijacking-user-sessions-with-the-heartbleed-vulnerability/. There will be 3 containers; one each for hacker, victim and server. Server will host an authenticated webpage that hacker can gain access to by obtaining a cookie (via HeartBleed) and setting it in their browser session.