diff options
| author | Luca Deri <deri@ntop.org> | 2019-05-11 00:50:56 +0200 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2019-05-11 00:50:56 +0200 |
| commit | a00ad9fc922c4dccb8073d78d252d85571ac26ea (patch) | |
| tree | ba26ea2f2edc7b36972ad073ce84829b2d39a321 /example/ndpiReader.c | |
| parent | b96e6a9e2dafe73a00a35a6f94dc11b0ba02f5db (diff) | |
Initial JA3 support (https://github.com/salesforce/ja3) for SSL
Diffstat (limited to 'example/ndpiReader.c')
| -rw-r--r-- | example/ndpiReader.c | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c index da64bdb21..216b4d9ab 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -800,10 +800,14 @@ static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t threa flow->dst2src_packets, (long long unsigned int) flow->dst2src_bytes); if(flow->host_server_name[0] != '\0') fprintf(out, "[Host: %s]", flow->host_server_name); + if(flow->info[0] != '\0') fprintf(out, "[%s]", flow->info); - if(flow->ssh_ssl.client_info[0] != '\0') fprintf(out, "[client: %s]", flow->ssh_ssl.client_info); + + if(flow->ssh_ssl.ja3_client[0] != '\0') fprintf(out, "[JA3C: %s]", flow->ssh_ssl.ja3_client); if(flow->ssh_ssl.server_info[0] != '\0') fprintf(out, "[server: %s]", flow->ssh_ssl.server_info); + + if(flow->ssh_ssl.ja3_server[0] != '\0') fprintf(out, "[JA3S: %s]", flow->ssh_ssl.ja3_server); if(flow->ssh_ssl.server_organization[0] != '\0') fprintf(out, "[organization: %s]", flow->ssh_ssl.server_organization); if(flow->bittorent_hash[0] != '\0') fprintf(out, "[BT Hash: %s]", flow->bittorent_hash); @@ -850,6 +854,15 @@ static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t threa if((flow->ssh_ssl.client_info[0] != '\0') || (flow->ssh_ssl.server_info[0] != '\0')) { json_object *sjObj = json_object_new_object(); + if(flow->ssh_ssl.ja3_server[0] != '\0') + json_object_object_add(jObj,"ja3s",json_object_new_string(flow->ssh_ssl.ja3_server)); + + if(flow->ssh_ssl.ja3_client[0] != '\0') + json_object_object_add(jObj,"ja3c",json_object_new_string(flow->ssh_ssl.ja3_client)); + + if(flow->ja3_server[0] != '\0') + json_object_object_add(jObj,"host.server.ja3",json_object_new_string(flow->ja3_server)); + if(flow->ssh_ssl.client_info[0] != '\0') json_object_object_add(sjObj, "client", json_object_new_string(flow->ssh_ssl.client_info)); |