openssl_heartbleed: Work around stupid IDS/IPS

[ghost]

Hi,

today we cross-checked a result of OpenVAS with the metasploit module openssl_heartbleed.rb on a range with an active IDS/IPS (patched to detect the heartbleed bug).

OpenVAS has detected vulnerable servers where the metasploit module was not able to detect them. Maybe this difference is because of the workaround of OpenVAS used in this file:

http://wald.intevation.org/scm/viewvco.php/scripts/gb_openssl_heartbeat.inc?root=openvas-nvts&view=markup

to send two packets instead of one?

[todb-r7]

Thanks! Please note a couple things:

• Metasploit supports a range of TCP-level evasions. I'd love to know how much testing you've done with those.
  • GitHub issues isn't an appropriate place for feature requests. Please take a look at CONTRIBUTNG.MD and either drop in on Freenode IRC, open a RedMine bug, or write to the Metasploits hackers mailing list at Sourceforge.

[todb-r7]

Wow I suck a bullet lists. Mega indent.

[ghost]

Hi,

and sorry. Sometimes its a good idea to read the contributing guidelines. :/

Metasploit supports a range of TCP-level evasions. I'd love to know how much testing you've done with those.

Yes indeed. Using:

set TCP::max_send_size 2

works.

[todb]

Sweet good to hear!