-
Notifications
You must be signed in to change notification settings - Fork 36
/
Copy pathpcap-heartbleed.py
executable file
·57 lines (49 loc) · 1.55 KB
/
pcap-heartbleed.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
#!/usr/bin/env python
# Scapy heartbleed pcap searcher...
# by [email protected]
import re
import sys
import logging
logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
from scapy.all import *
# Add some colouring for printing packets later
GREEN = '\033[92m'
END = '\033[0m'
RED = '\033[91m'
YELLOW = '\033[93m'
def find_heartbleed(pkts):
for p in pkts:
if p.haslayer(TCP) and p.haslayer(Raw):
# Find the heartbleed requests & responses
# if p[TCP].sport or p[TCP].dport == 443:
x = p[Raw].load
x = hexstr(x)
x = x.split(' ')
try:
if x[0] == '18':
hb_type = ''
tls_version = ''.join(x[1:3])
length = ''.join(x[3:5])
payload = ''
if length == '0003':
hb_type = GREEN + '[!] Heartbleed Request: ' + END
elif length == '4000':
hb_type = RED + '[!] Heartbleed Response: ' + END
payload = ''.join(x[10:])
if hb_type is not '':
print hb_type + 'src: ' + p[IP].src + ' dst: ' + p[IP].dst
else:
pass
except Exception, e:
print e
if __name__ == "__main__":
if len(sys.argv) != 2:
print 'Usage is ./pcap-heartbleed.py <input pcap file>'
print 'Example - ./pcap-heartbleed.py sample.pcap'
sys.exit(1)
pcap = sys.argv[1]
print GREEN + '[+] Loading pcap file.. ' + str(pcap) + END
pkts = rdpcap(pcap)
print YELLOW + '[-] Number of packets %d' %(len(pkts)) + END
find_heartbleed(pkts)
print GREEN + '[-] Scanning complete...Have a nice day!!' + END