Heartbleed plugin for FOCA

Tuesday, April 29, 2014

By now, everyone knows about Heartbleed. Just like we did for FaasT, we have created a plugin for FOCA (final version) one of our most downloaded tools. This plugin allows the tool to detect vulnerable servers and audit them, among all the other cool features FOCA counts with.


Loading the plugin in FOCA
To take advantage of the plugin, just download FOCA and create a project over the domain to be audited. Load the plugin from "Plugins" tab in the upper menu, and press on "Load/Unload plugins". Browse for HeartBreatPlugin.dll and load it. Once loaded, it will be accessible from the plugins menu.

There are two options: automatic analysis or manual analysis and exploitation. Checking on "Check all hosts that FOCA detects automatically for the HeartBleed vulnerability" will make FOCA to check for the vulnerability in all domains found for this project.


Automatically checking domains

Domains will go from the "Pending" box to "Checked" or "Vulnerable", depending on the results. All domains found by the usual way FOCA works, will be checked. For a manual analysis, a domain and port has to be specified. There is an option to repeat the attack every 5 seconds and generate a memory dump, that will be stored in a local file.


Manually checking domains

Ricardo Martín
ricardo.martin@11paths.com








5 comments:

  1. De donde me bajo el HeartBreatPlugin.dll

    ReplyDelete
    Replies
    1. Download the full version of FOCA, and start it. Go to the file plugins (wich is in the same file of FOCA)and then load the plugin called HeartBreat.

      Delete
  2. Imagino ya lo habrás encontrado anonimo, si no es así, al descargarte foca pro, dentro de la carpeta plugin está la dll.
    Un saludo

    ReplyDelete
    Replies
    1. Muchas gracias, soy nuevo utilizando FOCA para la proxima ya se donde donde encontrar los plugins, de nuevo gracias

      Delete
  3. Me he descargado la última versión de FOCA pero no está HeartBreatPlugin.dll en la carpeta plugins.
    La habéis quitado? Se puede encontrar en otro luagar?
    Gracias.

    ReplyDelete