Tag Archives: python

Heartbleed test for OpenVPN

OpenVPN is affected by Heartbleed too

OpenVPN is affected by Heartbleed too

I guess you would not have landed here if you don’t read about Heartbleed. In case you really don’t know what its all about, catch up here. Since OpenVPN makes use of SSL/TLS (and most distributions use OpenSSL as the implementation of choice), OpenVPN is affected too (check the official page). Most test utilities out there can test HTTP and other protocols, however, I didn’t found a test which validates that a OpenVPN installation is safe. So I created one.

You can find the Python script over at Github. My version is an heavily altered version I found at Fox-It created by Jared Stafford and Yonathan Klijnsma.

Right now, the utility only supports UDP (which is used by default). The first arguments need to be the test server which then will be contacted and a TLS session initialized. The script then sends a invalid heartbeat request, which the server will respond to if he is vulnerable.

$ ./heartbleed_test_openvpn.py my.server.com

0000 18 03 01 10 13 02 10 00 48 65 61 72 74 62 6C 65 ........Heartble
0010 65 64 20 74 65 73 74 20 70 61 79 6C 6F 61 64 E2 ed test payload.
0020 0B 9E 38 34 EC 3D 66 2B 9C D5 63 00 00 68 C0 14 ..84.=f+..c..h..
0030 C0 0A 22 C0 C0 21 00 39 00 38 00 88 00 87 C0 0F ...".!.9.8......
0040 C0 05 00 35 00 84 C0 21 C4 08 1C 1C C0 1B 00 16 ...5............
0050 00 13 C0 0D C0 03 00 0A C0 13 C0 09 C0 1F C0 1E ................
0060 00 00 00 32                                     ...2

Read more »

Setting up schroot for Python multiprocessing

When using Arch Linux, its sometimes required to run something in a older/stable releaes of a Linux distribution. For this purpose I have a Ubuntu 12.04 LTS installation in a schroot environment. However, using Bitbake (a heavily multithreded and Python based build utility) The build aborted with the error:

  File "/usr/lib/python2.7/multiprocessing/queues.py", line 63, in __init__
    self._rlock = Lock()
  File "/usr/lib/python2.7/multiprocessing/synchronize.py", line 147, in __init__
    SemLock.__init__(self, SEMAPHORE, 1, 1)
OSError: [Errno 13] Permission denied

Read more »

Python web frameworks

Lately I played around with python web frameworks. After working on a web project with Django last year, I discovered Aspen lately. There are many other frameworks out there. Nevertheless, I’d like to share my findings about Django and Aspen. 🙂

  • Both use python, which is generally known as being fast. It’s compiled and therefore usually less memory hungry than other web oriented languages. There are also better ways to optimize performance, e.g. by writing a custom web server, if your website has high traffic.
  • Both frameworks are nicely object oriented. You get a request object (Django, Aspen) which encapsulate all information from the client. The application can use all its information to generate the output, encapsulated in a response object (Django, Aspen). When errors occur, you can simply raise an error response object in the middle of your code.
  • Aspen and Django are providing templating engines which are very similar to each other.
  • URL’s like http://falstaff.agner.ch/list/10/ score in terms of readability and alterability. Also, they simply look better! Both frameworks encourage the user to use such URL’s without file endings or unreadable long query strings (like ?page=start&session=123). While Django uses a configuration file, Aspen uses the file system itself to create such URL’s.

However, there are also big differences between these frameworks… Read more »