National University of Computer and Emerging Sciences

CS-3002 Information Security – Spring 2024

Assignment 2
Instructions:
 This is group assignment and can be done in a group of 2.
 Copied and Plagiarized submissions will get zero in the whole category
 Each screenshot should be of whole screen, do not crop any image.
Statement:
In this assignment you will gain some hands-on experience of Heartbleed Attack. You need to follow SEED
Labs’ Heartbleed Attack Lab from here:

https://seedsecuritylabs.org/Labs_20.04/Networking/Heartbleed/

The detailed tasks are under the Tasks [PDF] link on the page. Complete the implementation and submit
a detailed report, including screenshots, of all the steps involved.

Task 1 (Heartbleed Attack Execution and Analysis):

In this task, students will perform a Heartbleed attack on given social network site, aiming to assess
potential damages. Attempt to obtain the following information from the target server:

 Username and password.

 User’s activity on the site.
 Exact content of the private message.
Capture a screenshot for each successfully extracted piece of information and provide a detailed
explanation of the Heartbleed attack process and share observations.

Task 2 (Discuss the cause of the Heartbleed Vulnerability):

 2.1: Observations with Decreasing Payload Length

 2.2: Identifying Boundary Value for Requests
Task 3 (Countermeasure and Bug Fix):

 3.1: Update the OpenSSL

 3.2: Again, launch the Heartbleed attack and discuss the observations
 3.3: Fix the Heartbleed bug in the source code.

All tasks should be described in your own words and should display your understanding of what each step
is doing. Each sub-task carries marks.

Submission instructions:

 Submit your report on Google Classroom as a PDF document using the following naming format:
 CS3002_Assignment2_<section>_<RollNoOfMember1>_<RollNoOfMember2>
 Late submissions will receive zero credit.
 Submitting a report with only screenshots and no description will receive zero credit.