vrr/nDPI

Fork 0

mirror of https://github.com/vel21ripn/nDPI.git synced 2026-04-30 07:59:49 +00:00

Commit graph

Author	SHA1	Message	Date
Ivan Nardi	ddd08f913c	Add some heuristics to detect encrypted/obfuscated/proxied TLS flows (#2553 ) Based on the paper: "Fingerprinting Obfuscated Proxy Traffic with Encapsulated TLS Handshakes". See: https://www.usenix.org/conference/usenixsecurity24/presentation/xue-fingerprinting Basic idea: * the packets/bytes distribution of a TLS handshake is quite unique * this fingerprint is still detectable if the handshake is encrypted/proxied/obfuscated All heuristics are disabled by default.	2024-09-24 14:20:31 +02:00

Author

SHA1

Message

Date

Ivan Nardi

ddd08f913c

Add some heuristics to detect encrypted/obfuscated/proxied TLS flows (#2553 )

Based on the paper: "Fingerprinting Obfuscated Proxy Traffic with
Encapsulated TLS Handshakes".
See: https://www.usenix.org/conference/usenixsecurity24/presentation/xue-fingerprinting

Basic idea:
* the packets/bytes distribution of a TLS handshake is quite unique
* this fingerprint is still detectable if the handshake is
encrypted/proxied/obfuscated

All heuristics are disabled by default.

2024-09-24 14:20:31 +02:00

1 commit