Heartbleed Test

This is a very simple malicious HTTPS server which will attempt to steal RAM from any client that connects to this URL:


The server is pacemaker with very minor modifications.

The connection will fail, but before that happens, it will request a large heartbeat from your client.

After the connection attempt, look at the bottom of this page to see your results. The results page is cleared every 5 minutes.


Windows machines and Mac OS X should never be vunerable.

Curl on unpatched Linux servers is likely to be vulnerable.

Browsers like Firefox on Linux servers should not be vulnerable.

Really, the only interesting case is Android clients. I don't know what will happen to them.

More tests and information about heartbleed

Last modified: 4-10-14 1:05 pm