vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-01 00:19:42 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
5656 commits 9 branches 12 tags 263 MiB
Commit graph

369 commits

Author SHA1 Message Date
Nardi Ivan
dcac633878 QUIC: add support for MVFST EXPERIMENTAL version 2020-09-20 16:38:28 +02:00
Luca Deri
d81bc1add6 Reworked MDNS dissector that is not based on the DNS dissector 2020-09-17 23:24:02 +02:00
Luca Deri
5ac870074b
Merge pull request #1014 from lnslbrty/improved/teamspeak 
Improved Teamspeak(3) protocol detection.
 2020-09-09 23:28:21 +02:00
Luca Deri
7086197047 Added extension to detect nested subdomains as used in Browsertunnel attack tool 
https://github.com/veggiedefender/browsertunnel
 2020-09-09 23:25:19 +02:00
Toni Uhlig
8ca13bc46a
Improved Teamspeak(3) protocol detection. 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-09-09 21:57:31 +02:00
Toni Uhlig
df14d225f6
Added pcap file which contains dnscrypt-v1 data and resolver update requests/responses (v1/v2). 
* Renamed dnscrypt.pcap to simple-dnscrypt.pcap

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-09-07 21:04:23 +02:00
Toni Uhlig
fe5aa7ebca
Added dnscrypt-v2-doh resolver test pcaps. 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-09-07 20:22:52 +02:00
Nardi Ivan
7da4abe6ad QUIC: add support for GQUIC T050 and T051 
QUIC versioning wasn't complex enough without T05X family...
These versions are very similar to Q050, but use TLS as their handshake
protocol.
 2020-08-30 20:51:33 +02:00
Nardi Ivan
97b80a8838 QUIC: minor fixes 
LGTM found a real issue on a boundary check
Fix unit tests: a pcap ha been uploaded twice (with different names)
Fix compilation when using DPDK (see #990)
 2020-08-24 13:53:36 +02:00
Luca Deri
fe1e2c241f Added som GQUIC and IETF QUIC test pcaps 2020-08-22 16:47:05 +02:00
Nardi Ivan
23ec82b59d Major rework of QUIC dissector 
Improve support for GQUIC (up to Q046) and add support for Q050 and (IETF-)QUIC
Still no sub-classification for Q050 and QUIC
 2020-08-21 22:04:55 +02:00
Luca Deri
b23781e807 Added the ability do identigy as DGA those host/domain names with too many consucutive repeated characters 
such as ckaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa used fr netbios reflection attacks
https://www.akamai.com/uk/en/multimedia/documents/state-of-the-internet/ddos-reflection-netbios-name-server-rpc-portmap-sentinel-udp-threat-advisory.pdf
 2020-08-21 18:41:35 +02:00
Toni Uhlig
f4421314b0
Added (manipulated) MySQL 8 test pcap. 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-08-20 23:46:47 +02:00
Nardi Ivan
2722861d6e Suspicious ESNI usage: add a comment and a pcap example 
See: 79b89d2866
 2020-08-06 10:29:35 +02:00
Toni Uhlig
4b8c8608d1
Improved HTTP line parsing if request splitted into multiple packets. 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-07-05 18:36:57 +02:00
Toni Uhlig
05d7400563
Fixed heap overflow in tls esni extraction triggered by manipulated packets. 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-06-29 21:51:46 +02:00
Nardi Ivan
b68b45f3bb TLS: extract JA3 signatures in some corner cases 
In some (rare) cases, Client Hello message contains lots of cipher
suits.
 2020-06-28 12:05:12 +02:00
Toni Uhlig
fbfa54eee6
Fixed off-by-one error in h323. 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-06-27 22:58:05 +02:00
Luca Deri
8566288e43 Added malformed packet risk support 2020-06-26 22:37:52 +02:00
Toni Uhlig
ca68beda85
Fixed missing length check in fbzero. 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-06-23 18:35:50 +02:00
Toni Uhlig
6a9f5e4f7c
Fixed use after free caused by dangling pointer 
* This fix also improved RCE Injection detection

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-06-21 20:05:38 +02:00
Luca Deri
fd0591b4fc
Merge pull request #920 from lnslbrty/fix/tls-rdn-crash 
Fixed stack overflow caused by missing length check
 2020-06-19 11:44:37 +02:00
Luca Deri
48758d28ea Added GoogleDNS DoH on Android 10 2020-06-19 09:55:58 +02:00
Toni Uhlig
23594f0365
Fixed stack overflow caused by missing length check 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-06-18 00:52:04 +02:00
Toni Uhlig
da37f2444f
Implemented proprietary AnyDesk protocol 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
 2020-06-17 01:23:03 +02:00
Luca Deri
b6eef17e54 Added check to avoid producing alerts for known protocol on unknown port when using TLS 2020-05-30 19:33:13 +02:00
Luca Deri
3085d8e4ff Refreshed test pcap 2020-05-28 21:23:02 +02:00
Luca Deri
9c3bfeca80 Added support for Encrypted TLS SNI dissection 
https://datatracker.ietf.org/doc/draft-ietf-tls-sni-encryption/
 2020-05-28 17:44:18 +02:00
Luca Deri
3108c75059 Result update 2020-05-27 15:26:30 +02:00
Luca Deri
811d7a39b5 Added pcap with encrypted SNI 
- https://blog.cloudflare.com/encrypted-sni/
- https://www.inmotionhosting.com/support/website/security/dns-over-https-encrypted-sni-in-firefox/
 2020-05-27 15:00:55 +02:00
Luca Deri
9ed94a722c Improvements on GotoMeeting 
Added pcap for testing malware
 2020-05-15 10:52:23 +02:00
Luca Deri
c9b37b92f5 Added self signed certificate test pcap 2020-05-08 09:09:58 +02:00
Luca Deri
263547e77d Updated automa API to use 32 bit values splits from protocol/categpry 2020-05-06 21:57:32 +02:00
Luca Deri
4148c5e065 Removed now obsolete MSN protocol 
Added nats.io protocol dissector
 2020-05-03 18:20:21 +02:00
Luca Deri
bd0fd6cf8d
Merge pull request #883 from leonn/websocket 
💡 implement WebSocket protocol dissector
 2020-04-27 23:28:23 +02:00
Leonn Paiva
780dc8d1e7 💡 implement websocket protocol dissector 2020-04-26 02:53:12 -03:00
Nardi Ivan
f965983c23 Add basic support for some ip-in-ip tunnels 
Add support for 4in4, 6in6 and 4in6 encapsulations
Add support for ipv6 traffic in gtp tunnels, too

To allow gtp unit test, gtp detunneling flag has been globally enabled
in the test suite
 2020-04-23 10:55:33 +02:00
Luca Deri
711ba99eaa Added detection of Microsoft Teams 2020-04-16 15:23:07 +02:00
Luca Deri
17d531e3db Added s7comm test pcap 2020-03-27 09:35:59 +01:00
Luca Deri
40be74c629 Merge branch 'dev' of https://github.com/ntop/nDPI into dev 2020-03-23 14:45:08 +01:00
Luca Deri
df5cf59787 Format update 2020-03-23 14:44:33 +01:00
Luca Deri
d26349e082 Format update 2020-03-23 14:37:14 +01:00
Luca Deri
7add3acc53 Added fuzz-2020-02-16-11 fuzzy pcap 2020-03-23 10:27:32 +01:00
Luca Deri
1c1a18d12f Added fuzz-2006-09-29-2858 fuzzy pcap 2020-03-23 10:25:28 +01:00
Luca Deri
92bd223c34 Added fuzz-2006-06-26-2594.pcap fuzzy pcap 2020-03-23 10:24:11 +01:00
Luca Deri
9d53c3c3b8 Added wa_video.pcap 2020-03-23 10:23:05 +01:00
Luca Deri
906d7fe0c1 Added wa_voice.pcap 2020-03-23 10:22:46 +01:00
Luca Deri
cd78740caf Added netflow-fritz.pcap 2020-03-23 10:11:51 +01:00
Luca Deri
626ee52049 Added smb_deletefile.pcap 2020-03-23 10:09:47 +01:00
Luca Deri
7a93994802 Added iphone.pcap 2020-03-23 10:09:14 +01:00