vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-01 16:30:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Fixed false positives on binary application transfer risk

Browse source
This commit is contained in:
Luca Deri 2024-04-08 23:51:45 +02:00
parent 48b0f8e2c1
commit 98bf0e243e
12 changed files with 67 additions and 63 deletions
Download patch file Download diff file Expand all files Collapse all files

2
tests/cfgs/default/result/dotenv.pcap.out
View file

@ -25,4 +25,4 @@ HTTP 10 993 1
Acceptable 10 993 1
1 TCP 192.168.2.198:51327 <-> 89.31.76.10:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Download/7][6 pkts/490 bytes <-> 4 pkts/503 bytes][Goodput ratio: 17/46][0.12 sec][Hostname/SNI: sevenpitaly.com][bytes ratio: -0.013 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 24/22 45/43 20/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 82/126 148/297 30/99][URL: sevenpitaly.com/.env][StatusCode: 406][Content-Type: application/octet-stream][Server: openresty][User-Agent: curl/8.4.0][Risk: ** Possible Exploit Attempt **** Error Code **** Binary Data Transfer Attemot **][Risk Score: 210][Risk Info: URL starting with dot / HTTP Error Code 406 / Found mime exe octet-stream][PLAIN TEXT (GET /.env HTTP/1.1)][Plen Bins: 0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
1 TCP 192.168.2.198:51327 <-> 89.31.76.10:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Download/7][6 pkts/490 bytes <-> 4 pkts/503 bytes][Goodput ratio: 17/46][0.12 sec][Hostname/SNI: sevenpitaly.com][bytes ratio: -0.013 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 24/22 45/43 20/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 82/126 148/297 30/99][URL: sevenpitaly.com/.env][StatusCode: 406][Content-Type: application/octet-stream][Server: openresty][User-Agent: curl/8.4.0][Risk: ** Possible Exploit Attempt **** Error Code **][Risk Score: 160][Risk Info: URL starting with dot / HTTP Error Code 406][PLAIN TEXT (GET /.env HTTP/1.1)][Plen Bins: 0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]