Warn about Heartbleed if opemnssl is vulnerable

Warn user if the OpenSSL library is vulnerable to Heartbleed and HTTPS is enabled. Part of #990
2014-04-13 03:33:32 +10:00
parent 5d1d519fc2
commit f526f39f10
1 changed files with 5 additions and 0 deletions
--- a/core/main/server.rb
+++ b/core/main/server.rb
@@ -108,6 +108,11 @@ module BeEF
              @rack_app)

          if @configuration.get('beef.http.https.enable') == true
+            openssl_version = OpenSSL::OPENSSL_VERSION
+            if openssl_version =~ / 1\.0\.1([a-f])/
+              print_error "Warning: #{openssl_version} is vulnerable to Heartbleed (CVE-2014-0160)."
+              print_more "Upgrade OpenSSL to version 1.0.1g or newer."
+            end
            @http_server.ssl = true
            @http_server.ssl_options = {:private_key_file => $root_dir + "/" + @configuration.get('beef.http.https.key'),
                                      :cert_chain_file => $root_dir + "/" + @configuration.get('beef.http.https.cert'),