Imported Upstream version 0.1.1
Emanuele Acri (Kali Developer)
10 years ago
0 | #!/usr/bin/perl | |
1 | ||
2 | # hb_honeypot.pl -- a quick 'n dirty honeypot hack for Heartbleed | |
3 | # | |
4 | # This Perl script listens on TCP port 443 and responds with completely bogus | |
5 | # SSL heartbeat responses, unless it detects the start of a byte pattern | |
6 | # similar to that used in Jared Stafford's ([email protected]) demo for | |
7 | # CVE-2014-0160 'Heartbleed'. | |
8 | # | |
9 | # Run as root for the privileged port. Outputs IPs of suspected heartbleed scan | |
10 | # to the console. Rickrolls scanner in the hex dump. | |
11 | # | |
12 | # 8 April 2014 | |
13 | # http://www.glitchwrks.com/ | |
14 | # shouts to binrev | |
15 | ||
16 | use strict; | |
17 | use warnings; | |
18 | use IO::Socket; | |
19 | ||
20 | my $sock = new IO::Socket::INET ( | |
21 | LocalPort => '443', | |
22 | Proto => 'tcp', | |
23 | Listen => 1, | |
24 | Reuse => 1, | |
25 | ); | |
26 | ||
27 | die "Could not create socket!" unless $sock; | |
28 | ||
29 | # The "done" bit of the handshake response | |
30 | my $done = pack ("H*", '16030100010E'); | |
31 | ||
32 | # Your message here | |
33 | my $taunt = "09809*)(*)(76&^%&(*&^7657332 Hi there! Your scan has been logged! Have no fear, this is for research only -- We're never gonna give you up, never gonna let you down!"; | |
34 | my $troll = pack ("H*", ('180301' . sprintf( "%04x", length($taunt)))); | |
35 | ||
36 | # main "barf responses into the socket" loop | |
37 | while (my $client = $sock->accept()) { | |
38 | $client->autoflush(1); | |
39 | ||
40 | my $found = 0; | |
41 | ||
42 | # read things that look like lines, puke nonsense heartbeat responses until | |
43 | # a line that looks like it's from the PoC shows up | |
44 | while (<$client>) { | |
45 | my $line = unpack("H*", $_); | |
46 | ||
47 | if ($line =~ /^0034.*/) { | |
48 | print $client $done; | |
49 | $found = 1; | |
50 | } else { | |
51 | print $client $troll; | |
52 | print $client $taunt; | |
53 | } | |
54 | ||
55 | if ($found == 1) { | |
56 | print $client $troll; | |
57 | print $client $taunt; | |
58 | print $client->peerhost . "\n"; | |
59 | $found = 0; | |
60 | } | |
61 | } | |
62 | } | |
63 | ||
64 | close($sock); | |
65 |