How to Exploit Heartbleed Attack? There are many available ways to exploit Heartbleed. Everyone has their proof of concepts. Some of the ways that I liked are listed below: Easy and simple way to do it http://www.garage4hackers.com/entry.php?b=2551 Honeypot Sniffing http://packetstormsecurity.com/files/126068/hb_honeypot.pl.txt Openmagic https://github.com/isgroup-srl/openmagic/ Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford https://gist.github.com/dyatlov/10192468 Basically, using the idea of Heartbeat, a client can send a Heartbeat request and the server will have to respond with Heartbeat response. The total length of a Heartbeat Message(request/response)can NOT exceed 2^14 or max_fragment_length when negotiated as defined in [RFC6066]. So we are only able to leak 64 KB of memory and that could easily have usernames/password or any random information