vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-05 19:15:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6
2687 commits 9 branches 12 tags 263 MiB
Commit graph

101 commits

Author SHA1 Message Date
Luca Deri
95dfbdc64a
Merge pull request #973 from IvanNardi/esni3 
Add risk flag about suspicious ESNI usage
 2020-08-06 10:18:27 +02:00
Luca Deri
c2156a5161 Added note on memory management 2020-08-06 09:19:04 +02:00
Nardi Ivan
79b89d2866 Add risk flag about suspicious ESNI usage 
In a Client Hello, the presence of both SNI and ESNI may obfuscate the real
domain of an HTTPS connection, fooling DPI engines and firewalls, similarly
to Domain Fronting.

Such technique is reported in a presentation at DEF CON 28:
"Domain Fronting is Dead, Long Live Domain Fronting: Using TLS 1.3 to evade
censors, bypass network defenses, and blend in with the noise"
Full credit for the idea must go the original author

At the moment, the only way to get the pdf presention and related video is via
https://forum.defcon.org/node/234492
Hopefully a direct link (and an example pcap) will be available soon
 2020-08-05 17:13:23 +02:00
Luca Deri
da87cc3157 Added NDPI_SMB_INSECURE_VERSION for detecting insecure SMB versions (e.g. v1) 2020-07-27 13:05:06 +02:00
Luca Deri
1c405e382a SSH code cleanup 2020-07-25 16:43:54 +02:00
MrRadix
c450caae94 modified new last two risks 2020-07-22 15:38:31 +02:00
Luca Deri
f83d0b18c6 Introduced SSH rick checks 2020-07-22 11:40:57 +02:00
Luca Deri
a8ad99aca5 Fixed makefile error message 
Code hardedning fix
 2020-07-13 15:46:19 +02:00
Toni Uhlig
23c0721538
Fixed race condition in ndpi_ssl_version2str() caused by static qualifier in the version string buffer. 
* added also GREASE supported tls versions as specified in
   https://tools.ietf.org/html/draft-davidben-tls-grease-01#page-4

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-07-11 01:05:39 +02:00
Luca Deri
b5f3facf7c Added notes whenever a new flow risk is added 2020-06-26 23:39:48 +02:00
Luca Deri
8566288e43 Added malformed packet risk support 2020-06-26 22:37:52 +02:00
Luca Deri
55364ef0b4 Added DGA risk for names that look like a DGA 2020-06-11 18:51:53 +02:00
Luca Deri
3506a07864 Added check in TLS 1.2+ for reporting a risk when TLS is not used to carry HTTPS 2020-06-08 14:20:10 +02:00
Luca Deri
07c54f9992 Added ndpi_dpi2json() API call 2020-06-05 16:08:23 +02:00
Luca Deri
4ceff1dc77 Fixes for https://github.com/ntop/nDPI/pull/911 
Added code for dumping invalid HTTP header
 2020-05-29 21:23:46 +02:00
Luca Deri
8fa5c31996 Added ndpi_serialize_risk() to the nDPI API 2020-05-24 08:54:38 +02:00
Luca Deri
ee35834be6 Added flow risk serilization 2020-05-24 08:46:10 +02:00
Luca Deri
3d9285f1be Added check for invalid HTTP URLs 2020-05-16 00:10:35 +02:00
Luca Deri
c375782b96 Added check for binary scripts 
Added NDPI_HTTP_NUMERIC_IP_HOST risk
ndpi_risk moved to 32 bit
 2020-05-15 22:49:55 +02:00
Luca Deri
e90c5c7c32 Added NDPI_HTTP_SUSPICIOUS_USER_AGENT ndpi_risk 2020-05-15 19:19:17 +02:00
Luca Deri
da22aa5fc7 Added NDPI_TLS_CERTIFICATE_EXPIRED, NDPI_TLS_CERTIFICATE_MISMATCH, to ndpi_risk 2020-05-15 18:57:49 +02:00
Luca Deri
ee15c6149d Added TLS weak cipher and obsolete protocol version detection 2020-05-10 21:55:35 +02:00
Luca Deri
ae803c8b51 Added detection of self-signed TLS certificates 2020-05-10 21:40:35 +02:00
Luca Deri
e5e69d0f7a Added the ability to detect when a known protocol is using a non-standard port 
Added check to spot executables exchanged via HTTP
 2020-05-10 21:25:38 +02:00
Luca Deri
4a09b4efa0 Added TLS issuerDN and subjectDN 2020-05-07 18:44:51 +02:00
Luca Deri
1e933e8b02 Win fixes 2020-03-12 11:26:38 +01:00
Nguyen Phuong An
e675be1a83 ndpi_flow2json should check http.url before serializer 
This patch will fix issue: https://github.com/ntop/PF_RING/issues/557
 2020-02-26 13:32:13 +07:00
Luca Deri
f89f25c118 Added ndpi_is_protocol_detected() API call 2020-02-13 15:20:47 +01:00
MrTiz9
3422574c17 FIXED - nDPI now detect RCE injections via PCRE instead Intel Hyperscan 2020-02-01 17:18:35 +01:00
MrTiz9
5c8c2d843a nDPI now detect RCE injections via PCRE instead Intel Hyperscan - BUGGY, DOES NOT COMPILE 2020-01-30 15:08:26 +01:00
MrTiz9
ea957687e1 Merge branch 'dev' of https://github.com/ntop/nDPI into dev-unstable 2020-01-30 14:57:58 +01:00
Alfredo Cardigliano
e20c4acbde Implement ndpi_flowv6_flow_hash ndpi_flowv4_flow_hash. Add ndpi_base64_encode. 2020-01-24 18:36:38 +01:00
MrTiz9
daa1171593 nDPI now detect RCE in HTTP GET requests 2020-01-24 17:16:18 +01:00
Luca Deri
ef16591f3f Merge branch 'dev' of https://github.com/ntop/nDPI into dev 2020-01-05 18:25:44 +01:00
Luca Deri
29dd45838d Updated (C) 2020-01-05 18:24:58 +01:00
Luca
8b01056b21 Renamed TLS requested server name 2020-01-02 07:37:03 +01:00
Luca
daae1cc9b1 Reworked TLS dissection 2020-01-01 12:59:19 +01:00
Luca Deri
14e5adc7c2 Win fixes 2019-12-14 15:05:47 +01:00
Luca Deri
65d526d8f6 Code cleanup 2019-12-09 15:28:44 +01:00
Luca Deri
c4d476cc58 Code improvements 2019-12-09 00:29:02 +01:00
MrTiz9
606ff10ecf Integration of the libinjection library to detect SQL injections and XSS type attacks in HTTP requests 2019-12-05 18:09:43 +01:00
Luca Deri
d328c3bccc Overflow fix 2019-11-26 17:58:49 +01:00
Luca Deri
bdc0719e76 Added auth failed support with FTP 2019-11-21 23:31:52 +01:00
Luca Deri
65a629304c Kerberos dissection improvements 2019-11-17 22:35:10 +01:00
Luca
470d30ac23 Fixed SQL Injection detection 2019-11-13 17:37:48 +01:00
Alfredo Cardigliano
ac46a4dd58 Added L2TP tunnel type. Warning fix. 2019-11-06 09:55:22 +01:00
Luca
fb56b042c0 Merge branch 'dev' of https://github.com/ntop/nDPI into dev 2019-11-05 12:15:27 +00:00
Luca
6298ecc271 Added tunnelling decapsulation 2019-11-05 08:21:31 +00:00
Luca Deri
a3a85106a1 Implemented SQL Injection and XSS attack detection 2019-11-01 23:05:11 +01:00
Luca
4802987178 Initial work towards HTTP content-type export 2019-10-31 00:14:20 +01:00