From f526f39f1015a72d506aa9d296323a31a64c25da Mon Sep 17 00:00:00 2001
From: Brendan Coles <bcoles@gmail.com>
Date: Sun, 13 Apr 2014 03:33:32 +1000
Subject: [PATCH] Warn about Heartbleed if opemnssl is vulnerable

Warn user if the OpenSSL library is vulnerable to Heartbleed and HTTPS is enabled.

Part of #990
---
 core/main/server.rb | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/core/main/server.rb b/core/main/server.rb
index b4530ad07..e82c9dc4a 100644
--- a/core/main/server.rb
+++ b/core/main/server.rb
@@ -108,6 +108,11 @@ module BeEF
               @rack_app)
 
           if @configuration.get('beef.http.https.enable') == true
+            openssl_version = OpenSSL::OPENSSL_VERSION
+            if openssl_version =~ / 1\.0\.1([a-f])/
+              print_error "Warning: #{openssl_version} is vulnerable to Heartbleed (CVE-2014-0160)."
+              print_more "Upgrade OpenSSL to version 1.0.1g or newer."
+            end
             @http_server.ssl = true
             @http_server.ssl_options = {:private_key_file => $root_dir + "/" + @configuration.get('beef.http.https.key'),
                                       :cert_chain_file => $root_dir + "/" + @configuration.get('beef.http.https.cert'),