I made a mistake and was premature to send that last version to the list as
it had horrendous bugs and wasn't correct at all, this version now
correctly leaks from the server the full 64k heap block. It will also
attempt on client but I encountered some errors (client forcefully closing
connection
Updated version, the heartbleed leak returned incorrect TLS record sizes
(kudos to Andrea Shepard @ tor for pointing this out) but was still leaking
the requested amount. Earlier code was returning only 16k of data as I
relied on the TLS record size. This version will leak upto 64K of data from
cli
Exploit for CVE-2014-0160 - client/server exploit and uses encrypted stream
to leak bytes for IDS evasion. Can adjust heartbeat payload_length to leak
fewer bytes and also has support for pre_cmd's i.e. STARTTLS.
/*
* CVE-2014-0160 heartbleed OpenSSL information leak exploit
*
