Home Lab Setup SEED Labs Books Lectures Workshops
SEED Logo

Heartbleed Attack Lab

Overview

The Heartbleed bug (CVE-2014-0160) is a severe implementation flaw in the OpenSSL library, which enables attackers to steal data from the memory of the victim server. The contents of the stolen data depend on what is there in the memory of the server. It could potentially contain private keys, TLS session keys, user names, passwords, credit cards, etc. The vulnerability is in the implementation of the Heartbeat protocol, which is used by SSL/TLS to keep the connection alive.

The objective of this lab is for students to understand how serious this vulnerability is, how the attack works, and how to fix the problem. The affected OpenSSL version range is from 1.0.1 to 1.0.1f. The version in our Ubuntu VM is 1.0.1.

Tasks (English) (Spanish)

  • VM version: This lab has been tested on our SEEDUbuntu-12.04 VM
  • Note:: This lab needs to use the SEEDUbuntu-12.04 VM

Time (Suggested)

  • Supervised (closely-guided lab session): 1 hours
  • Unsupervised (take-home project): 0.5 week

Files Needed

SEED Videos

SEED Books (English) (Chinese)

  • Computer & Internet Security: A Hands-on Approach, 2nd edition (§ 20)
  • Internet Security: A Hands-on Approach, 2nd edition (§ 7)
  • Chinese version, 1st edition (§ 17)

Feedback and Help

Please give us your feedback on this lab using this feedback form.
The SEED Labs project is open source. If you are interested in contributing to this project, please check out our Github page: https://github.com/seed-labs/seed-labs.