vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-05 19:15:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6
2937 commits 9 branches 12 tags 263 MiB
Commit graph

470 commits

Author SHA1 Message Date
Nardi Ivan
b68b45f3bb TLS: extract JA3 signatures in some corner cases 
In some (rare) cases, Client Hello message contains lots of cipher
suits.
 2020-06-28 12:05:12 +02:00
Toni Uhlig
fbfa54eee6
Fixed off-by-one error in h323. 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-06-27 22:58:05 +02:00
Toni Uhlig
1f4523e331
fixed fuzzing tests in a way that ./tests/do.sh is now able to use corpus *.pcap files from ./tests/pcap 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-06-27 18:41:03 +02:00
Luca Deri
8566288e43 Added malformed packet risk support 2020-06-26 22:37:52 +02:00
Luca Deri
d710b8291d
Merge pull request #927 from lnslbrty/fix/fbzero-missing-length-check 
Fixed missing length check in fbzero.
 2020-06-24 22:17:35 +02:00
Toni Uhlig
ca68beda85
Fixed missing length check in fbzero. 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-06-23 18:35:50 +02:00
Toni Uhlig
39800c88fa
Fixed unitialized values in ndpiReader protocol detection bitmask during dga selftest. 
* make ./tests/vagrind_test.sh directory agnostic

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-06-23 17:23:56 +02:00
Luca Deri
d9af1562f0 Fixes #906 
Packet bins are not printed wehn empty
 2020-06-22 14:30:26 +02:00
Luca Deri
e29e14b7aa
Merge pull request #921 from lnslbrty/improved/test-sh 
make tests/do.sh directory agnostic
 2020-06-22 12:51:17 +02:00
Luca Deri
1a62f4c799 Added ndpi_bin_XXX API 
Added packet lenght distribution bins
 2020-06-22 01:02:54 +02:00
Toni Uhlig
6a9f5e4f7c
Fixed use after free caused by dangling pointer 
* This fix also improved RCE Injection detection

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-06-21 20:05:38 +02:00
Luca Deri
fd0591b4fc
Merge pull request #920 from lnslbrty/fix/tls-rdn-crash 
Fixed stack overflow caused by missing length check
 2020-06-19 11:44:37 +02:00
Luca Deri
48758d28ea Added GoogleDNS DoH on Android 10 2020-06-19 09:55:58 +02:00
Toni Uhlig
14f514134d
make tests/do.sh directory agnostic 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-06-19 07:15:20 +02:00
Toni Uhlig
23594f0365
Fixed stack overflow caused by missing length check 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-06-18 00:52:04 +02:00
Luca Deri
b2c24558c5 DGA detection improvements 2020-06-18 00:17:30 +02:00
Luca Deri
46d96e7f32 Added checks for DGA detection 2020-06-17 19:46:37 +02:00
Toni Uhlig
da37f2444f
Implemented proprietary AnyDesk protocol 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-06-17 01:23:03 +02:00
Luca Deri
55364ef0b4 Added DGA risk for names that look like a DGA 2020-06-11 18:51:53 +02:00
Luca Deri
3506a07864 Added check in TLS 1.2+ for reporting a risk when TLS is not used to carry HTTPS 2020-06-08 14:20:10 +02:00
Luca Deri
801c9481cb Removed some obsolete protocols (battlefield, oscar, pcanywhere, tvants) 2020-06-06 11:29:03 +02:00
Luca Deri
b6eef17e54 Added check to avoid producing alerts for known protocol on unknown port when using TLS 2020-05-30 19:33:13 +02:00
Luca Deri
3085d8e4ff Refreshed test pcap 2020-05-28 21:23:02 +02:00
Luca Deri
9c3bfeca80 Added support for Encrypted TLS SNI dissection 
https://datatracker.ietf.org/doc/draft-ietf-tls-sni-encryption/
 2020-05-28 17:44:18 +02:00
Luca Deri
3108c75059 Result update 2020-05-27 15:26:30 +02:00
Luca Deri
811d7a39b5 Added pcap with encrypted SNI 
- https://blog.cloudflare.com/encrypted-sni/
- https://www.inmotionhosting.com/support/website/security/dns-over-https-encrypted-sni-in-firefox/
 2020-05-27 15:00:55 +02:00
Luca Deri
3874f0e0e0 Added stub for checking HTTP header 
Updated Teams result
 2020-05-21 15:19:55 +02:00
Luca Deri
b7e666e465 Added fix to avoid potential heap buffer overflow in H.323 dissector 
Modified HTTP report information to make it closer to the HTTP field names
 2020-05-19 08:31:05 +02:00
Luca Deri
3d9285f1be Added check for invalid HTTP URLs 2020-05-16 00:10:35 +02:00
Luca Deri
e90c5c7c32 Added NDPI_HTTP_SUSPICIOUS_USER_AGENT ndpi_risk 2020-05-15 19:19:17 +02:00
Luca Deri
da22aa5fc7 Added NDPI_TLS_CERTIFICATE_EXPIRED, NDPI_TLS_CERTIFICATE_MISMATCH, to ndpi_risk 2020-05-15 18:57:49 +02:00
Luca Deri
9ed94a722c Improvements on GotoMeeting 
Added pcap for testing malware
 2020-05-15 10:52:23 +02:00
Luca Deri
ee15c6149d Added TLS weak cipher and obsolete protocol version detection 2020-05-10 21:55:35 +02:00
Luca Deri
ae803c8b51 Added detection of self-signed TLS certificates 2020-05-10 21:40:35 +02:00
Luca Deri
e5e69d0f7a Added the ability to detect when a known protocol is using a non-standard port 
Added check to spot executables exchanged via HTTP
 2020-05-10 21:25:38 +02:00
Luca Deri
c9b37b92f5 Added self signed certificate test pcap 2020-05-08 09:09:58 +02:00
Luca Deri
4a09b4efa0 Added TLS issuerDN and subjectDN 2020-05-07 18:44:51 +02:00
Luca Deri
263547e77d Updated automa API to use 32 bit values splits from protocol/categpry 2020-05-06 21:57:32 +02:00
Luca Deri
4148c5e065 Removed now obsolete MSN protocol 
Added nats.io protocol dissector
 2020-05-03 18:20:21 +02:00
Luca Deri
bd0fd6cf8d
Merge pull request #883 from leonn/websocket 
💡 implement WebSocket protocol dissector
 2020-04-27 23:28:23 +02:00
Leonn Paiva
780dc8d1e7 💡 implement websocket protocol dissector 2020-04-26 02:53:12 -03:00
Nardi Ivan
f965983c23 Add basic support for some ip-in-ip tunnels 
Add support for 4in4, 6in6 and 4in6 encapsulations
Add support for ipv6 traffic in gtp tunnels, too

To allow gtp unit test, gtp detunneling flag has been globally enabled
in the test suite
 2020-04-23 10:55:33 +02:00
Luca Deri
e8cae3cff9 Updated results 2020-04-21 19:26:49 +02:00
Luca Deri
e603549967 Office365 renamed to Microsoft365 (by Microsoft) 2020-04-20 15:44:27 +02:00
Luca Deri
94eee66a7b CiscoVPN dissection improvements 2020-04-17 16:56:55 +02:00
Luca Deri
748df7972a Results update 2020-04-17 10:36:27 +02:00
Luca Deri
711ba99eaa Added detection of Microsoft Teams 2020-04-16 15:23:07 +02:00
Luca Deri
17d531e3db Added s7comm test pcap 2020-03-27 09:35:59 +01:00
havup
7841145d9c
Update tls_long_cert.pcap.out 2020-03-27 12:28:15 +08:00
Luca Deri
40be74c629 Merge branch 'dev' of https://github.com/ntop/nDPI into dev 2020-03-23 14:45:08 +01:00