vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-05 02:16:47 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
4969 commits 9 branches 12 tags 263 MiB
Commit graph

1327 commits

Author SHA1 Message Date
Toni Uhlig
4b8c8608d1
Improved HTTP line parsing if request splitted into multiple packets. 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-07-05 18:36:57 +02:00
Luca Deri
08698c65e5
Merge pull request #943 from lnslbrty/fix/missing-lengthcheck-in-tls-esni 
Fixed heap overflow in tls esni extraction triggered by manipulated p…
 2020-07-01 12:37:29 +02:00
Toni Uhlig
05d7400563
Fixed heap overflow in tls esni extraction triggered by manipulated packets. 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-06-29 21:51:46 +02:00
Toni Uhlig
3068306b60
Copy&Paste ./tests/ossfuzz.sh from https://github.com/google/oss-fuzz/pull/4041 
* Changing the OSS-Fuzz script from our side is much more easier then
   opening a PR to google/oss-fuzz every time we have to change a single line.
 * https://github.com/google/oss-fuzz/pull/4041 will be updated once this PR is merged

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-06-29 20:50:09 +02:00
Toni Uhlig
4a6c525db8
Improved fuzz_ndpi_reader which supports now SMP/MT w/o race-coniditions. 
./tests/do.sh can supports SMP/MT via environment variables.
Removed -fno-sanitize=shift as well, was fixed by 317d3ffd.

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-06-29 19:07:59 +02:00
Nardi Ivan
f39e3c98f0 Update test results 2020-06-28 12:47:27 +02:00
Nardi Ivan
3669c14afd DNP3: add missing initialization 2020-06-28 12:05:12 +02:00
Nardi Ivan
b68b45f3bb TLS: extract JA3 signatures in some corner cases 
In some (rare) cases, Client Hello message contains lots of cipher
suits.
 2020-06-28 12:05:12 +02:00
Toni Uhlig
fbfa54eee6
Fixed off-by-one error in h323. 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-06-27 22:58:05 +02:00
Toni Uhlig
1f4523e331
fixed fuzzing tests in a way that ./tests/do.sh is now able to use corpus *.pcap files from ./tests/pcap 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-06-27 18:41:03 +02:00
Luca Deri
8566288e43 Added malformed packet risk support 2020-06-26 22:37:52 +02:00
Luca Deri
d710b8291d
Merge pull request #927 from lnslbrty/fix/fbzero-missing-length-check 
Fixed missing length check in fbzero.
 2020-06-24 22:17:35 +02:00
Toni Uhlig
ca68beda85
Fixed missing length check in fbzero. 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-06-23 18:35:50 +02:00
Toni Uhlig
39800c88fa
Fixed unitialized values in ndpiReader protocol detection bitmask during dga selftest. 
* make ./tests/vagrind_test.sh directory agnostic

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-06-23 17:23:56 +02:00
Luca Deri
d9af1562f0 Fixes #906 
Packet bins are not printed wehn empty
 2020-06-22 14:30:26 +02:00
Luca Deri
e29e14b7aa
Merge pull request #921 from lnslbrty/improved/test-sh 
make tests/do.sh directory agnostic
 2020-06-22 12:51:17 +02:00
Luca Deri
1a62f4c799 Added ndpi_bin_XXX API 
Added packet lenght distribution bins
 2020-06-22 01:02:54 +02:00
Toni Uhlig
6a9f5e4f7c
Fixed use after free caused by dangling pointer 
* This fix also improved RCE Injection detection

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-06-21 20:05:38 +02:00
Luca Deri
fd0591b4fc
Merge pull request #920 from lnslbrty/fix/tls-rdn-crash 
Fixed stack overflow caused by missing length check
 2020-06-19 11:44:37 +02:00
Luca Deri
48758d28ea Added GoogleDNS DoH on Android 10 2020-06-19 09:55:58 +02:00
Toni Uhlig
14f514134d
make tests/do.sh directory agnostic 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-06-19 07:15:20 +02:00
Toni Uhlig
23594f0365
Fixed stack overflow caused by missing length check 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-06-18 00:52:04 +02:00
Luca Deri
b2c24558c5 DGA detection improvements 2020-06-18 00:17:30 +02:00
Luca Deri
46d96e7f32 Added checks for DGA detection 2020-06-17 19:46:37 +02:00
Toni Uhlig
da37f2444f
Implemented proprietary AnyDesk protocol 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-06-17 01:23:03 +02:00
Luca Deri
55364ef0b4 Added DGA risk for names that look like a DGA 2020-06-11 18:51:53 +02:00
Luca Deri
3506a07864 Added check in TLS 1.2+ for reporting a risk when TLS is not used to carry HTTPS 2020-06-08 14:20:10 +02:00
Luca Deri
801c9481cb Removed some obsolete protocols (battlefield, oscar, pcanywhere, tvants) 2020-06-06 11:29:03 +02:00
Luca Deri
b6eef17e54 Added check to avoid producing alerts for known protocol on unknown port when using TLS 2020-05-30 19:33:13 +02:00
Luca Deri
3085d8e4ff Refreshed test pcap 2020-05-28 21:23:02 +02:00
Luca Deri
9c3bfeca80 Added support for Encrypted TLS SNI dissection 
https://datatracker.ietf.org/doc/draft-ietf-tls-sni-encryption/
 2020-05-28 17:44:18 +02:00
Luca Deri
3108c75059 Result update 2020-05-27 15:26:30 +02:00
Luca Deri
811d7a39b5 Added pcap with encrypted SNI 
- https://blog.cloudflare.com/encrypted-sni/
- https://www.inmotionhosting.com/support/website/security/dns-over-https-encrypted-sni-in-firefox/
 2020-05-27 15:00:55 +02:00
Luca Deri
3874f0e0e0 Added stub for checking HTTP header 
Updated Teams result
 2020-05-21 15:19:55 +02:00
Luca Deri
b7e666e465 Added fix to avoid potential heap buffer overflow in H.323 dissector 
Modified HTTP report information to make it closer to the HTTP field names
 2020-05-19 08:31:05 +02:00
Luca Deri
3d9285f1be Added check for invalid HTTP URLs 2020-05-16 00:10:35 +02:00
Luca Deri
e90c5c7c32 Added NDPI_HTTP_SUSPICIOUS_USER_AGENT ndpi_risk 2020-05-15 19:19:17 +02:00
Luca Deri
da22aa5fc7 Added NDPI_TLS_CERTIFICATE_EXPIRED, NDPI_TLS_CERTIFICATE_MISMATCH, to ndpi_risk 2020-05-15 18:57:49 +02:00
Luca Deri
9ed94a722c Improvements on GotoMeeting 
Added pcap for testing malware
 2020-05-15 10:52:23 +02:00
Luca Deri
ee15c6149d Added TLS weak cipher and obsolete protocol version detection 2020-05-10 21:55:35 +02:00
Luca Deri
ae803c8b51 Added detection of self-signed TLS certificates 2020-05-10 21:40:35 +02:00
Luca Deri
e5e69d0f7a Added the ability to detect when a known protocol is using a non-standard port 
Added check to spot executables exchanged via HTTP
 2020-05-10 21:25:38 +02:00
Luca Deri
c9b37b92f5 Added self signed certificate test pcap 2020-05-08 09:09:58 +02:00
Luca Deri
4a09b4efa0 Added TLS issuerDN and subjectDN 2020-05-07 18:44:51 +02:00
Luca Deri
263547e77d Updated automa API to use 32 bit values splits from protocol/categpry 2020-05-06 21:57:32 +02:00
Luca Deri
4148c5e065 Removed now obsolete MSN protocol 
Added nats.io protocol dissector
 2020-05-03 18:20:21 +02:00
Luca Deri
bd0fd6cf8d
Merge pull request #883 from leonn/websocket 
💡 implement WebSocket protocol dissector
 2020-04-27 23:28:23 +02:00
Leonn Paiva
780dc8d1e7 💡 implement websocket protocol dissector 2020-04-26 02:53:12 -03:00
Nardi Ivan
f965983c23 Add basic support for some ip-in-ip tunnels 
Add support for 4in4, 6in6 and 4in6 encapsulations
Add support for ipv6 traffic in gtp tunnels, too

To allow gtp unit test, gtp detunneling flag has been globally enabled
in the test suite
 2020-04-23 10:55:33 +02:00
Luca Deri
e8cae3cff9 Updated results 2020-04-21 19:26:49 +02:00