vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-05-05 19:15:03 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Add server malicious JA3 signature check and improve alert information

Browse source 
Closes #2880
This commit is contained in:
emanuele-f 2019-09-24 13:30:32 +02:00
parent 81a3199a44
commit 1bf89fdb4d
6 changed files with 85 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

5
include/Flow.h
View file

@ -67,7 +67,7 @@ class Flow : public GenericHashEntry {
cli2srv_direction, twh_over, twh_ok, dissect_next_http_packet, passVerdict,
check_tor, l7_protocol_guessed, flow_dropped_counts_increased,
good_low_flow_detected, good_ssl_hs, update_flow_port_stats,
quota_exceeded, has_malicious_signature;
quota_exceeded, has_malicious_cli_signature, has_malicious_srv_signature;
u_int16_t diff_num_http_requests;
int64_t alert_rowid;
#ifdef NTOPNG_PRO
@ -231,7 +231,8 @@ class Flow : public GenericHashEntry {
u_int64_t diff_rcvd_packets, u_int64_t diff_rcvd_bytes);
bool triggerAlerts() const;
void dumpFlowAlert();
void updateJA3();
void updateCliJA3();
void updateSrvJA3();
void updateHASSH(bool as_client);
const char* cipher_weakness2str(ndpi_cipher_weakness w);
bool get_partial_traffic_stats(FlowTrafficStats **dst, FlowTrafficStats *delta, bool *first_partial) const;