diff options
| author | Luca Deri <deri@ntop.org> | 2019-08-22 19:25:58 +0200 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2019-08-22 19:25:58 +0200 |
| commit | e7c0ac37d87958c80115e7553ea39b26668ce360 (patch) | |
| tree | a3d6adb3b5379fc9ac67916cda6dbd8f5a09ae29 /example | |
| parent | 385e848a0f61b9e517f096b010070a6dd61d1f62 (diff) | |
Implemented HASSH (https://github.com/salesforce/hassh)
Diffstat (limited to 'example')
| -rw-r--r-- | example/ndpiReader.c | 5 | ||||
| -rw-r--r-- | example/reader_util.c | 4 | ||||
| -rw-r--r-- | example/reader_util.h | 4 |
3 files changed, 11 insertions, 2 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 06e303a6c..708e330e1 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -972,10 +972,13 @@ static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t threa if(flow->ssh_tls.ssl_version != 0) fprintf(out, "[%s]", ndpi_ssl_version2str(flow->ssh_tls.ssl_version)); if(flow->ssh_tls.client_info[0] != '\0') fprintf(out, "[client: %s]", flow->ssh_tls.client_info); + if(flow->ssh_tls.client_hassh[0] != '\0') fprintf(out, "[HASSH-C: %s]", flow->ssh_tls.client_hassh); + if(flow->ssh_tls.ja3_client[0] != '\0') fprintf(out, "[JA3C: %s%s]", flow->ssh_tls.ja3_client, print_cipher(flow->ssh_tls.client_unsafe_cipher)); if(flow->ssh_tls.server_info[0] != '\0') fprintf(out, "[server: %s]", flow->ssh_tls.server_info); - + if(flow->ssh_tls.server_hassh[0] != '\0') fprintf(out, "[HASSH-S: %s]", flow->ssh_tls.server_hassh); + if(flow->ssh_tls.ja3_server[0] != '\0') fprintf(out, "[JA3S: %s%s]", flow->ssh_tls.ja3_server, print_cipher(flow->ssh_tls.server_unsafe_cipher)); if(flow->ssh_tls.server_organization[0] != '\0') fprintf(out, "[organization: %s]", flow->ssh_tls.server_organization); diff --git a/example/reader_util.c b/example/reader_util.c index b57e23526..b8e21cce8 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -862,6 +862,10 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl flow->ndpi_flow->protos.ssh.client_signature); snprintf(flow->ssh_tls.server_info, sizeof(flow->ssh_tls.server_info), "%s", flow->ndpi_flow->protos.ssh.server_signature); + snprintf(flow->ssh_tls.client_hassh, sizeof(flow->ssh_tls.client_hassh), "%s", + flow->ndpi_flow->protos.ssh.hassh_client); + snprintf(flow->ssh_tls.server_hassh, sizeof(flow->ssh_tls.server_hassh), "%s", + flow->ndpi_flow->protos.ssh.hassh_server); } /* TLS */ else if((flow->detected_protocol.app_protocol == NDPI_PROTOCOL_TLS) diff --git a/example/reader_util.h b/example/reader_util.h index 8b511ff30..cf6acc7ec 100644 --- a/example/reader_util.h +++ b/example/reader_util.h @@ -152,7 +152,9 @@ typedef struct ndpi_flow_info { struct { u_int16_t ssl_version; - char client_info[64], server_info[64], server_organization[64], + char client_info[64], server_info[64], + client_hassh[33], server_hassh[33], + server_organization[64], ja3_client[33], ja3_server[33]; u_int16_t server_cipher; ndpi_cipher_weakness client_unsafe_cipher, server_unsafe_cipher; |