vrr/nDPI

Fork 0

mirror of https://github.com/vel21ripn/nDPI.git synced 2026-04-28 23:19:42 +00:00

Commit graph

Author	SHA1	Message	Date
Ivan Nardi	39f3cd9558	test: rework main script The issue about `config.txt` files is that they contains paths: * to configuration files, which are in the source tree * to the dynamic plugins, which are in the build tree Solution: * copy all configuration files into the build tree * all those paths are about the build tree * tests run from the build tree, no from the source tree anymore	2025-12-08 17:51:32 +01:00
Luca Deri	3f2f1f8ce4	Added ability to define protocol dissectors in shared libraries (#3047 ) * Added ability to define protocol dissectors in shred libraries and load them at runtime --------- Co-authored-by: Ivan Nardi <nardi.ivan@gmail.com>	2025-12-04 15:26:15 +01:00
Ivan Nardi	ddd08f913c	Add some heuristics to detect encrypted/obfuscated/proxied TLS flows (#2553 ) Based on the paper: "Fingerprinting Obfuscated Proxy Traffic with Encapsulated TLS Handshakes". See: https://www.usenix.org/conference/usenixsecurity24/presentation/xue-fingerprinting Basic idea: * the packets/bytes distribution of a TLS handshake is quite unique * this fingerprint is still detectable if the handshake is encrypted/proxied/obfuscated All heuristics are disabled by default.	2024-09-24 14:20:31 +02:00

Author

SHA1

Message

Date

Ivan Nardi

39f3cd9558

test: rework main script

The issue about `config.txt` files is that they contains paths:
* to configuration files, which are in the source tree
* to the dynamic plugins, which are in the build tree

Solution:
* copy all configuration files into the build tree
* all those paths are about the build tree
* tests run from the build tree, no from the source tree anymore

2025-12-08 17:51:32 +01:00

Luca Deri

3f2f1f8ce4

Added ability to define protocol dissectors in shared libraries (#3047 )

* Added ability to define protocol dissectors in shred libraries and load them at runtime

---------

Co-authored-by: Ivan Nardi <nardi.ivan@gmail.com>

2025-12-04 15:26:15 +01:00

Ivan Nardi

ddd08f913c

Add some heuristics to detect encrypted/obfuscated/proxied TLS flows (#2553 )

Based on the paper: "Fingerprinting Obfuscated Proxy Traffic with
Encapsulated TLS Handshakes".
See: https://www.usenix.org/conference/usenixsecurity24/presentation/xue-fingerprinting

Basic idea:
* the packets/bytes distribution of a TLS handshake is quite unique
* this fingerprint is still detectable if the handshake is
encrypted/proxied/obfuscated

All heuristics are disabled by default.

2024-09-24 14:20:31 +02:00

3 commits