How can I make malformed SSL Heartbeat requests in C#?

Question

I have yet to find any responses to the CloudFlare challenge in C#.

How would I construct and send a SSL Heartbeat request from a C# Console Application to a given URL? (Should work with https://www.cloudflarechallenge.com )

I'm not even sure where to begin in constructing the request.

I would then want to get the response in some usable format, like a byte[].

Here's basically the method I need to complete the application:

private byte[] ExploitHeartBleed(string pURL, string pToSend, int pLength, int pPort = 443)
{
    byte[] response = new byte[];

    //Make TCP Request
    TcpClient client = new TcpClient(pURL, pPort);
    // Form Heartbeat Request
    // Read Response, save to 'response'

    //Return Response
    return response;
}

Any help would be appreciated!

You could begin by reading an implementation in some other language. — Matti Virkkunen, Apr 16 '14 at 00:27
I'm closing this as `icanhazcodez` for now. Note that the URL you posted appears to be very suspicious. — Robert Harvey, Apr 16 '14 at 00:31
There's a python implementation here: https://gist.github.com/epixoip/10570627 . I did read it, and yet I still don't know where to begin implementing this in C# (the essence of the question). — Ehryk, Apr 16 '14 at 00:31
I know C#, and have developed multiple large web applications. Still don't know how to make SSL Heartbeat requests. — Ehryk, Apr 16 '14 at 00:33
@RobertHarvey: No need to worry, the URL is legit, it was a thing by CloudFlare to see how fast people could steal a cert private key with heartbleed. It was broken pretty fast. They've now revoked the certificate which is why it's showing up as not trusted. — Matti Virkkunen, Apr 16 '14 at 00:33
@RobertHarvey could you provide some guidance as far as how I can narrow down the question if it is too broad? What's wrong with `icanhazcodez`? Is there another SE site that would be more appropriate to ask this on? — Ehryk, Apr 16 '14 at 00:35
Post the code you have so far, and describe in detail the problems you are having with it. — Robert Harvey, Apr 16 '14 at 00:36
The code I have so far is a console application and database set up for storing the requests, basically everything but `private byte[] MakeHeartBleedRequest(string pURL, string pToSend, int pLength)`. I really don't know where to start with it or what libraries/objects to use. — Ehryk, Apr 16 '14 at 00:38
@Ehryk: Probably `System.Net.Sockets.TcpClient` is a good tool. — Ben Voigt, Apr 16 '14 at 00:40

score 1 · Answer 1 · edited Oct 07 '21 at 11:21

You should start by making a TCP connection to port 443.

Then, read the RFCs on TLS (Transport Layer Security) and TLS Heartbeats. You're looking for what state the service needs to be in to reply to heartbeats, what packets need to be sent to change it to that state, and the format of those packets.

The latter document, at least, is quite short.

Final note: you probably don't want to use existing HTTPS library code, since it will send the correct length, if it even supports heartbeats at all. Start learning the Sockets API. It's a lower level than you've probably used before for "web applications", but straightforward enough that it shouldn't be an obstacle for an experienced programmer.

How can I make malformed SSL Heartbeat requests in C#?

1 Answers1