vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-06 03:45:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6
2420 commits 9 branches 12 tags 263 MiB
Commit graph

2420 commits

This branch
This branch
All branches
Author SHA1 Message Date
Luca Deri
8fa5c31996 Added ndpi_serialize_risk() to the nDPI API 2020-05-24 08:54:38 +02:00
Luca Deri
ee35834be6 Added flow risk serilization 2020-05-24 08:46:10 +02:00
aouinizied
e5c2c400ef Update APIs and structures. 2020-05-22 23:48:54 +02:00
Luca Deri
bbbc5fdbae Added memory boundary checks 2020-05-22 07:24:02 +02:00
Luca Deri
3874f0e0e0 Added stub for checking HTTP header 
Updated Teams result
 2020-05-21 15:19:55 +02:00
Luca Deri
c02b00e0ce MS Teams uses as underlying protocol for voice/video. This commit adds the ability 
to mark as MS Teams all Skype traffic made by a host with active MS Teams flows
 2020-05-21 00:06:22 +02:00
Luca Deri
07d9e4f9ba Fixed valse positive whatsapp detection 
Cleaned Microsoft IP addresses list
 2020-05-20 23:28:21 +02:00
Luca Deri
e9519c9aca Merge branch 'dev' of https://github.com/ntop/nDPI into dev 2020-05-20 23:14:46 +02:00
Luca Deri
329eff069e Removed bittorrent false positive detection 2020-05-20 23:14:09 +02:00
Luca Deri
246ec53bcf
Merge pull request #905 from lnslbrty/dev 
Fixed docstring typos for ndpi_finalize_initalization
 2020-05-20 08:48:49 +02:00
Luca Deri
b7e666e465 Added fix to avoid potential heap buffer overflow in H.323 dissector 
Modified HTTP report information to make it closer to the HTTP field names
 2020-05-19 08:31:05 +02:00
Toni Uhlig
c5e16b4ff7
Fixed docstring typos for ndpi_finalize_initalization 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-05-17 16:59:57 +02:00
Luca Deri
3d9285f1be Added check for invalid HTTP URLs 2020-05-16 00:10:35 +02:00
Luca Deri
c375782b96 Added check for binary scripts 
Added NDPI_HTTP_NUMERIC_IP_HOST risk
ndpi_risk moved to 32 bit
 2020-05-15 22:49:55 +02:00
Luca Deri
8e7b1ea7a1 Fix for potential heap-buffer-overflow in ndpi_search_openvpn 2020-05-15 21:10:37 +02:00
Luca Deri
e90c5c7c32 Added NDPI_HTTP_SUSPICIOUS_USER_AGENT ndpi_risk 2020-05-15 19:19:17 +02:00
Luca Deri
7dfbfff743 Merge branch 'dev' of https://github.com/ntop/nDPI into dev 2020-05-15 18:58:10 +02:00
Luca Deri
da22aa5fc7 Added NDPI_TLS_CERTIFICATE_EXPIRED, NDPI_TLS_CERTIFICATE_MISMATCH, to ndpi_risk 2020-05-15 18:57:49 +02:00
Luca Deri
a183b2ab9b
Added link to nfstream 2020-05-15 18:11:59 +02:00
Luca Deri
adfe6b763c Gotomeeting address range fix 2020-05-15 11:20:21 +02:00
Luca Deri
9ed94a722c Improvements on GotoMeeting 
Added pcap for testing malware
 2020-05-15 10:52:23 +02:00
Luca Deri
7037e79604
Merge pull request #903 from Loures/dev 
Extend packet struct with Content-Disposition HTTP header field
 2020-05-14 20:56:07 +02:00
loures
1edf5c49d6 Extend filetype matching for Content-Disposition header 2020-05-14 14:30:34 +02:00
loures
baddfbb6c3 Extend packet struct with Content-Disposition HTTP header field 
and improve HTTP binary transfer mime type check
 2020-05-14 12:47:22 +02:00
Luca Deri
fb64346e28 Code clenup for PR #902 2020-05-14 09:49:47 +02:00
Luca Deri
50be0b0049
Merge pull request #902 from Loures/dev 
Add check for HTTP transfer of executable files
 2020-05-14 09:12:17 +02:00
loures
08f32f2e0e Set risk field instead of changing protocol when checking for dangerous 
HTTP traffic
 2020-05-13 19:56:49 +02:00
loures
0a4fbb8cfb Add check for HTTP transfer of executable files 2020-05-13 18:32:29 +02:00
Luca Deri
9dfd0d0071 Code cleanup 2020-05-13 17:49:02 +02:00
Luca Deri
17235d234e
Merge pull request #897 from catenacyber/fuzzoracle 
Adds bound check in oracle protocol
 2020-05-12 13:53:55 +02:00
Luca Deri
db16a987c5
Merge pull request #896 from IvanNardi/nats 
Fix NATS dissector
 2020-05-12 13:52:42 +02:00
Luca Deri
f7f705406f Invalid TLS check 2020-05-12 12:25:07 +02:00
Luca Deri
cd765c08d6 Added NDPI_XXX_BIT_16 2020-05-11 09:07:30 +02:00
Luca Deri
ee15c6149d Added TLS weak cipher and obsolete protocol version detection 2020-05-10 21:55:35 +02:00
Luca Deri
ae803c8b51 Added detection of self-signed TLS certificates 2020-05-10 21:40:35 +02:00
Luca Deri
e5e69d0f7a Added the ability to detect when a known protocol is using a non-standard port 
Added check to spot executables exchanged via HTTP
 2020-05-10 21:25:38 +02:00
Philippe Antoine
b69177be2f Adds bound check in oracle protocol 
Found by oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21780
 2020-05-10 15:04:23 +02:00
Nardi Ivan
f8503da9e9 Fix NATS dissector 2020-05-09 15:41:20 +02:00
Luca Deri
39ae57e6a3 Cleaned hyperscan leftover 
Added further hyperscan hooks
 2020-05-08 18:24:07 +02:00
Luca Deri
c9b37b92f5 Added self signed certificate test pcap 2020-05-08 09:09:58 +02:00
Luca Deri
4a09b4efa0 Added TLS issuerDN and subjectDN 2020-05-07 18:44:51 +02:00
Luca Deri
fd646bd05f Reworked TLS dissector with a certificate RDN sequence reader 2020-05-07 17:22:01 +02:00
Luca Deri
6a1b8baa00 Fixed category matching 2020-05-06 23:50:35 +02:00
Luca Deri
2ccd2c204b API cleanup for indetifying explicitly in automa's what we're searching (protocol or category) 
Removed hyperscan support that is apperently unused
 2020-05-06 23:19:59 +02:00
Luca Deri
263547e77d Updated automa API to use 32 bit values splits from protocol/categpry 2020-05-06 21:57:32 +02:00
Luca Deri
86e34fbf6d Added support for Telegram v6 2020-05-06 18:06:30 +02:00
Luca Deri
84f66b4d6b Introduced custom protocols with IP and (optional) port support 
Example

- Single IP address
  ip:213.75.170.11@CustomProtocol

- IP address with CIDR
  ip:213.75.170.11/32@CustomProtocol

- IP address with CIDR and port
  ip:213.75.170.11/32:443@CustomProtocol

Please note that there are some restrictions on the port
usage. They have been listed in example/protos.txt
 2020-05-06 12:51:44 +02:00
Luca Deri
7855e0318d Various fixes to patricia tree handling 2020-05-06 11:13:57 +02:00
Luca Deri
48282369e2 False positive fixes 2020-05-06 01:34:55 +02:00
Luca Deri
7d63149ced Updated API 2020-05-06 00:41:07 +02:00