mirror of
https://github.com/vel21ripn/nDPI.git
synced 2026-05-06 03:45:32 +00:00
79b89d2866
In a Client Hello, the presence of both SNI and ESNI may obfuscate the real domain of an HTTPS connection, fooling DPI engines and firewalls, similarly to Domain Fronting. Such technique is reported in a presentation at DEF CON 28: "Domain Fronting is Dead, Long Live Domain Fronting: Using TLS 1.3 to evade censors, bypass network defenses, and blend in with the noise" Full credit for the idea must go the original author At the moment, the only way to get the pdf presention and related video is via https://forum.defcon.org/node/234492 Hopefully a direct link (and an example pcap) will be available soon |
||
|---|---|---|
| .. | ||
| flow_printer.py | ||
| Makefile.in | ||
| ndpi.py | ||
| ndpi_example.py | ||
| ndpi_typestruct.py | ||
| ndpi_wrap.c | ||
| python_extensions_guide.pdf | ||
| README.rst | ||
nDPI Python bindings
--------------------
This directory contains the Python3 bindings for nDPI. We provide both cffi and ctypes based bindings.
**cffi bindings**
Files:
* ndpi.py
Example (using `nfstream <https://github.com/aouinizied/nfstream>`_ package):
.. code-block:: bash
pip3 install nfstream
python3 flow_printer.py <interface>
python3 flow_printer.py <pcap_file>
Code courtesy:
* Zied Aouini
**ctypes bindings**
Files:
* ndpi_typestruct.py
* ndpi_wrap.c
* Makefile.in
Example:
.. code-block:: bash
pip3 install scapy
python3 ndpi_example.py <interface>
python3 ndpi_example.py <pcap_file>
Code courtesy:
* Massimo Puddu
* Zied Aouini