Tool to exploit Heartbleed Vulnerability

Naidu, Poluru Praveen Kumar (2015) Tool to exploit Heartbleed Vulnerability. MTech thesis.

[img]PDF
707Kb

Abstract

OpenSSL is an open-source library that is used to communicate data through a secure protocol known as TLS. TLS is used for secure communication over a channel widely over the internet for various applications both desktop and web like web browsers, emails, chat applications. In April 2014 a security bug called as heartbleed [1] was found which is very catastrophic that sensitive information like cookies, session data, and even private keys of the server. This vulnerability allows stealing of the contents of the RAM by anyone on the Internet. This also allows the attackers to extract the private keys from the server which can be used to decrypt the HTTPS traffic by doing a man-in-the-middle attack [2] and eavesdrop on sensitive data and also to impersonate another user. In this thesis report we study the heartbleed vulnerability in depth, propose a method to exploit the vulnerability and develop a tool to exploit.

Item Type:Thesis (MTech)
Uncontrolled Keywords:Heartbleed, TLS, OpenSSL, Vulnerability, security
Subjects:Engineering and Technology > Computer and Information Science > Information Security
Divisions: Engineering and Technology > Department of Computer Science
ID Code:7200
Deposited By:Mr. Sanat Kumar Behera
Deposited On:17 Mar 2016 17:40
Last Modified:17 Mar 2016 17:40
Supervisor(s):Babu, K S

Repository Staff Only: item control page