Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Warn about Heartbleed if opemnssl is vulnerable

Browse Source 
Warn user if the OpenSSL library is vulnerable to Heartbleed and HTTPS is enabled.

Part of #990
This commit is contained in:
Brendan Coles
2014-04-13 03:33:32 +10:00
parent 5d1d519fc2
commit f526f39f10
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
core/main/server.rb
View File

@@ -108,6 +108,11 @@ module BeEF
@rack_app) @rack_app)
if @configuration.get('beef.http.https.enable') == true if @configuration.get('beef.http.https.enable') == true
openssl_version = OpenSSL::OPENSSL_VERSION
if openssl_version =~ / 1\.0\.1([a-f])/
print_error "Warning: #{openssl_version} is vulnerable to Heartbleed (CVE-2014-0160)."
print_more "Upgrade OpenSSL to version 1.0.1g or newer."
end
@http_server.ssl = true @http_server.ssl = true
@http_server.ssl_options = {:private_key_file => $root_dir + "/" + @configuration.get('beef.http.https.key'), @http_server.ssl_options = {:private_key_file => $root_dir + "/" + @configuration.get('beef.http.https.key'),
:cert_chain_file => $root_dir + "/" + @configuration.get('beef.http.https.cert'), :cert_chain_file => $root_dir + "/" + @configuration.get('beef.http.https.cert'),