You give a URL that exists on an HTTPS webserver you control that you've patched to send SSL Heartbeats that have a payload size much greater than the real payload.

If the client code (at whatever site you are targeting) is vulnerable then each heartbeat response you get from the client site may give you up to 64KB of its memory contents.