vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-04-29 23:49:41 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
nDPI/tests/cfgs/tls_heuristics_enabled/pcap/tls_heur__vmess-tcp.pcapng
Ivan Nardi ddd08f913c
Add some heuristics to detect encrypted/obfuscated/proxied TLS flows (#2553) 
Based on the paper: "Fingerprinting Obfuscated Proxy Traffic with
Encapsulated TLS Handshakes".
See: https://www.usenix.org/conference/usenixsecurity24/presentation/xue-fingerprinting

Basic idea:
* the packets/bytes distribution of a TLS handshake is quite unique
* this fingerprint is still detectable if the handshake is
encrypted/proxied/obfuscated

All heuristics are disabled by default.
2024-09-24 14:20:31 +02:00

Symbolic link
1 line
No EOL
45 B
Text
Follow symlink Raw Blame History

../../default/pcap/tls_heur__vmess-tcp.pcapng
Reference in a new issue View git blame Copy permalink