vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-04-29 15:39:42 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

TLS: remove JA3C (#2679)

Browse source 
Last step of removing JA3C fingerprint

Remove some duplicate tests: testing with ja4c/ja3s disabled is already
performed by `disable_metadata_and_flowrisks` configuration.

Close:#2551
This commit is contained in:
Ivan Nardi 2025-01-14 15:02:20 +01:00 committed by GitHub
parent 63a3547f99
commit af011e338e
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
19 changed files with 8 additions and 182 deletions
Download patch file Download diff file Expand all files Collapse all files

3
doc/configuration_parameters.md
View file

@ -33,9 +33,8 @@ List of the supported configuration options:
| "tls " | "dpi.heuristics", | 0x00 | 0x00 | 0x07 | Enable/disable some heuristics to detect encrypted/obfuscated/proxied TLS flows. The value is a bitmask. Values: 0x0 = disabled; 0x01 = enable basic detection (i.e. encrypted TLS without any encapsulation); 0x02 = enable detection over TLS (i.e. TLS-in-TLS); 0x04 = enable detection over HTTP (i.e. TLS-over-WebSocket). If enabled, some false positives are expected. See: https://www.usenix.org/conference/usenixsecurity24/presentation/xue-fingerprinting |
| "tls " | "dpi.heuristics.max_packets_extra_dissection", | 25 | 0 | 255 | If at least one TLS heuristics is enabled (see `tls,"dpi.heuristics"`, this parameter set the upper limit on the number of packets required/processed for each flow. Higher the value, lower the false positive rate but more packets are required by nDPI for processing. |
| "tls" | "metadata.sha1_fingerprint" | enable | NULL | NULL | Enable/disable computation and export of SHA1 fingerprint for TLS flows. Note that if it is disable, the flow risk `NDPI_MALICIOUS_SHA1_CERTIFICATE` is not checked |
| "tls" | "metadata.ja3c_fingerprint" | enable | NULL | NULL | Enable/disable computation and export of JA3C fingerprint for TLS flows. Note that if it is disable, the flow risk `NDPI_MALICIOUS_JA3` is not checked |
| "tls" | "metadata.ja3s_fingerprint" | enable | NULL | NULL | Enable/disable computation and export of JA3S fingerprint for TLS flows |
| "tls" | "metadata.ja4c_fingerprint" | enable | NULL | NULL | Enable/disable computation and export of JA4C fingerprint for TLS flows |
| "tls" | "metadata.ja4c_fingerprint" | enable | NULL | NULL | Enable/disable computation and export of JA4C fingerprint for TLS flows. Note that if it is disable, the flow risk `NDPI_MALICIOUS_FINGERPRINT` is not checked |
| "tls" | "metadata.ja4r_fingerprint" | disable | NULL | NULL | Enable/disable computation and export of JA4C fingerprint for TLS flows also in raw format |
| "tls" | "subclassification" | enable | NULL | NULL | Enable/disable sub-classification of TLS/DTLS flows |
| "quic" | "subclassification" | enable | NULL | NULL | Enable/disable sub-classification of QUIC flows |