vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-05 10:41:40 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
2687 commits 9 branches 12 tags 263 MiB
Commit graph

1614 commits

Author SHA1 Message Date
Luca Deri
9f431f9218
Merge pull request #985 from lnslbrty/add/SOAP 
Added support for SOAP.
 2020-08-19 21:49:12 +02:00
Luca Deri
d87bdf9302
Merge pull request #977 from adek05/dev 
Enable building on OpenBSD 6.7
 2020-08-19 21:48:38 +02:00
Toni Uhlig
8e93f48c43
Added support for SOAP. 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-08-18 16:21:26 +02:00
Luca Deri
98a9afc40c Added support for discord 2020-08-16 10:01:40 +02:00
Luca Deri
8090765a64
Merge pull request #974 from IvanNardi/esni4 
Suspicious ESNI usage: add a comment and a pcap example
 2020-08-13 10:40:51 +02:00
Luca Deri
9edddee0b7 Fixes invalid detection on traffic on non standard ports 2020-08-12 11:08:28 +02:00
Luca Deri
d5cac570d6 Improved DGA detection algoritm 2020-08-11 17:13:40 +02:00
Luca Deri
0e363d0ca6 Added HLL notes 2020-08-11 16:23:35 +02:00
Luca Deri
dfa9dd66c0 Added case-insensitive substring matching 2020-08-10 19:36:43 +02:00
Adrian Zgorzałek
8f74d5733d OpenBSD: Introduce pkt_timeval to deal with (bpf_)_timeval 
Some BSD APIs called in example/ return `struct bpf_timeval`, where nDPI
APIs expect `struct timeval`. These two structs, besides having
a different name, share the exact same set of fields.
 2020-08-09 14:30:12 +01:00
Nardi Ivan
2722861d6e Suspicious ESNI usage: add a comment and a pcap example 
See: 79b89d2866
 2020-08-06 10:29:35 +02:00
Luca Deri
95dfbdc64a
Merge pull request #973 from IvanNardi/esni3 
Add risk flag about suspicious ESNI usage
 2020-08-06 10:18:27 +02:00
Luca Deri
c2156a5161 Added note on memory management 2020-08-06 09:19:04 +02:00
Luca Deri
5b6ffad278 Added new ndpi_string_sha1_hash API call 2020-08-05 21:45:38 +02:00
Luca Deri
d3fb1fb25a Fixed possible memory leak in TLS certificate handling 2020-08-05 17:57:00 +02:00
Nardi Ivan
79b89d2866 Add risk flag about suspicious ESNI usage 
In a Client Hello, the presence of both SNI and ESNI may obfuscate the real
domain of an HTTPS connection, fooling DPI engines and firewalls, similarly
to Domain Fronting.

Such technique is reported in a presentation at DEF CON 28:
"Domain Fronting is Dead, Long Live Domain Fronting: Using TLS 1.3 to evade
censors, bypass network defenses, and blend in with the noise"
Full credit for the idea must go the original author

At the moment, the only way to get the pdf presention and related video is via
https://forum.defcon.org/node/234492
Hopefully a direct link (and an example pcap) will be available soon
 2020-08-05 17:13:23 +02:00
Luca Deri
00b2763399 Added check on payload lenght during extra packet processing 2020-08-04 21:59:45 +02:00
Luca Deri
e16675b700 Added new traffic category for connectivity check detection 2020-08-04 18:09:13 +02:00
Luca Deri
ea10b8e757 Added memory checks 2020-08-02 13:00:31 +02:00
Luca Deri
2ae4c6675d Fixed partial TLS dissection 2020-07-30 18:30:07 +02:00
Luca Deri
6904935934 Restored TLS dissection 2020-07-30 00:06:35 +02:00
Luca Deri
a828ac0191 Tiny changes for TLS block lenght dissection 2020-07-29 22:36:27 +02:00
Luca Deri
32bd3d7a59 TLS dissection improvements 2020-07-28 01:06:38 +02:00
Luca Deri
da87cc3157 Added NDPI_SMB_INSECURE_VERSION for detecting insecure SMB versions (e.g. v1) 2020-07-27 13:05:06 +02:00
Luca Deri
69f140878c Boundary check on QUIC 2020-07-27 07:40:50 +02:00
Luca Deri
4b1cae2c2b Boundary check 2020-07-27 06:52:35 +02:00
Luca Deri
1c405e382a SSH code cleanup 2020-07-25 16:43:54 +02:00
Luca Deri
b26539d65a
Merge pull request #967 from MrRadix/dev 
Ssh signature checking
 2020-07-25 16:17:24 +02:00
MrRadix
6719fa30f9 added other ssh implementations to check 2020-07-24 20:53:02 +02:00
Luca Deri
21e2e57614 Fixed bin similarity 2020-07-24 01:30:58 +02:00
Luca Deri
439558f6a3 Improved bin clustering 2020-07-22 23:56:50 +02:00
MrRadix
a9ca47fcdb added cipher check 2020-07-22 17:17:12 +02:00
MrRadix
1c1be5a0d1 Resolved conflicts on fetch 2020-07-22 16:25:01 +02:00
Luca Deri
3cd1ec5c9a Added changes for handlign SSSH cipher detection 2020-07-22 15:58:46 +02:00
MrRadix
a3ba9253ef fixed bug inside set bit macro call 2020-07-22 15:39:44 +02:00
MrRadix
c450caae94 modified new last two risks 2020-07-22 15:38:31 +02:00
Luca Deri
36af97a14c Minor HLL fixes 2020-07-22 14:40:15 +02:00
MrRadix
af5d792c08 added sscanf error handling 2020-07-22 13:06:08 +02:00
MrRadix
8e2cd9ff43 improved performance and legibility 2020-07-22 12:42:26 +02:00
MrRadix
d9fc4d52e9 merged with remote 2020-07-22 11:56:51 +02:00
MrRadix
a688e36b51 improved ndpi_risk2str output for new risks 2020-07-22 11:44:56 +02:00
Luca Deri
f83d0b18c6 Introduced SSH rick checks 2020-07-22 11:40:57 +02:00
Luca Deri
f6242f0e46 HLL memory usage notes 2020-07-22 11:28:14 +02:00
MrRadix
0a182c6d18 Merge remote-tracking branch 'ntop_origin/dev' into dev 2020-07-22 11:15:02 +02:00
MrRadix
9c521c5ddd added new risks iside ndpi_risk2str function 2020-07-22 10:55:53 +02:00
MrRadix
847eb7b180 improved performance by removing linear scan 2020-07-22 10:54:55 +02:00
MrRadix
f66cd5aabc added ssh_analyse_signature_version and ssh_has_old_signature for check old signature version of ssh 2020-07-21 19:31:02 +02:00
Luca Deri
879cec94b2 User agent detection improvements 2020-07-21 12:06:34 +02:00
Luca Deri
9f4f228832 Added skeleton for checking SSH signature 2020-07-20 17:25:17 +02:00
Luca Deri
f452dabd92 Fix for invalid boundary check 2020-07-17 23:26:28 +02:00