Creating a valid heartbeat request

Question

I've been messing around with the heartbleed bug (mainly the cloudflare challenge) and creating an invalid heartbeat has been easy, I've been sending as follows:

### HEATBEAT ###

0x18,       # Content Type (Heartbeat)
0x03, 0x01,  # TLS version
0x00, 0x03,  # Length
# Payload
0x01,       # Type (Request)
0xff, 0xff  # Payload length
            # NO PAYLOAD

### END HEARBEAT ###

However, when I tried to send this valid heartbeat, the server doesn't respond.

### HEATBEAT ###

0x18,       # Content Type (Heartbeat)
0x03, 0x01,  # TLS version
0x00, 0x03,  # Length
# Payload
0x01,       # Type (Request)
0x00, 0x03  # Payload length
0x68, 0x61, 0x74, # Payload: hat

### END HEARBEAT ###

I've tried jiggling around the payload length and neither +1 or -1 work. Even lengths significantly higher than the actual length don't work. Any ideas as to what I'm doing wrong?

Here's my full code for any interested (it's based off of this)

EDIT: In response to @warren-dew, this also doesn't work:

### HEATBEAT ###

0x18,       # Content Type (Heartbeat)
0x03, 0x01,  # TLS version
0x00, 0x03,  # Length
# Payload
0x01,       # Type (Request)
0x00, 0x03  # Payload length
0x68, 0x61, 0x74, # Payload: hat
0x34, 0x90, 0xf0, 0xf3, # PADDING
0xe3, 0xb4, 0x5c, 0x9c, # PADDING
0x80, 0xff, 0x95, 0x74, # PADDING
0x9d, 0x81, 0xfa, 0xa0  # PADDING
### END HEARBEAT ###

EDIT: In response to @warren-dew, adjusted again but still does not work:

### HEATBEAT ###

0x18,       # Content Type (Heartbeat)
0x03, 0x01,  # TLS version
0x00, 0x16,  # Length <- Changed
# Payload
0x01,       # Type (Request)
0x00, 0x03  # Payload length
0x68, 0x61, 0x74, # Payload: hat
0x34, 0x90, 0xf0, 0xf3, # PADDING
0xe3, 0xb4, 0x5c, 0x9c, # PADDING
0x80, 0xff, 0x95, 0x74, # PADDING
0x9d, 0x81, 0xfa, 0xa0  # PADDING
### END HEARBEAT ###

you can't send this message unencrypted as it can't be sent during a handshake. You need to first handshake then send this message encrypted. Meaning this message is encapsulated in a TLSCompressed structure which is itself encapsulated in a TLSCiphertext structure — David 天宇 Wong, Jul 13 '17 at 19:37

score 2 · Answer 1 · answered Apr 16 '14 at 03:26

2

A legal heartbeat message has, in addition to the payload, three bytes of metadata - message type and payload length - and a minimum of 16 bytes of padding. As a result, the message length has to exceed the payload length by at least 19 bytes, rather than merely being equal to it. See RFC 6520 for more detail.

answered Apr 16 '14 at 03:26

Warren Dew

8,790
3
30
44

I added 16 bytes of random padding to the end of the request (as seen in my above edit), and the request still fails... – Puzzler3141 Apr 16 '14 at 04:07
1

The message length is still the same as the payload length. You need to adjust the message length to the correct value, which is now 22. – Warren Dew Apr 16 '14 at 04:58
Unfortunately it still doesn't work... Edited to add the new message. – Puzzler3141 Apr 16 '14 at 05:21

score 0 · Answer 2 · answered May 25 '14 at 19:44

It seems to me that a valid heartbeat request is only allowed after a tls session has been established. I have tested (and you can test either with s_client or your own tool perhaps using BouncyCastle) sending a valid heartbeat request after establishing a TLS session. I established a valid tls session and sent in an encrypted heartbeat and was able to elicit a heartbeat response using java and bouncycastle. I have not cleaned out the code and once I do will post it. So empirically, it seems that even in OpenSSL versions that are broken, a valid heartbeat request right after ServerHelloDone is disallowed. That would be the reason that in the examples above, a heartbeat response is not forthcoming.

Creating a valid heartbeat request

2 Answers2