diff options
| author | Luca Deri <deri@ntop.org> | 2023-12-22 20:39:44 +0100 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2023-12-22 20:40:42 +0100 |
| commit | 8285fffdaeda5d2405360719a57f817b4772e6d1 (patch) | |
| tree | 293b33f5c1264f9038988aae9b33e1f0ac7a388c /example | |
| parent | b90c18e9069cd5b3cfcda718263b910e949d8b57 (diff) | |
Implements JA4 Support (#2191)
Diffstat (limited to 'example')
| -rw-r--r-- | example/ndpiReader.c | 15 | ||||
| -rw-r--r-- | example/reader_util.c | 2 | ||||
| -rw-r--r-- | example/reader_util.h | 2 |
3 files changed, 12 insertions, 7 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 919a7963d..e3070a47f 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1881,6 +1881,9 @@ static void printFlow(u_int32_t id, struct ndpi_flow_info *flow, u_int16_t threa if(flow->ssh_tls.ja3_client[0] != '\0') fprintf(out, "[JA3C: %s%s]", flow->ssh_tls.ja3_client, print_cipher(flow->ssh_tls.client_unsafe_cipher)); + if(flow->ssh_tls.ja4_client[0] != '\0') fprintf(out, "[JA4: %s%s]", flow->ssh_tls.ja4_client, + print_cipher(flow->ssh_tls.client_unsafe_cipher)); + if(flow->ssh_tls.server_info[0] != '\0') fprintf(out, "[Server: %s]", flow->ssh_tls.server_info); if(flow->ssh_tls.server_names) fprintf(out, "[ServerNames: %s]", flow->ssh_tls.server_names); @@ -2989,7 +2992,7 @@ static void printFlowsStats() { ndpi_ja3_info *info_of_element = NULL; ndpi_host_ja3_fingerprints *tmp = NULL; ndpi_ja3_info *tmp2 = NULL; - unsigned int num_ja3_client; + unsigned int num_ja3_ja4_client; unsigned int num_ja3_server; fprintf(out, "\n"); @@ -3155,14 +3158,14 @@ static void printFlowsStats() { for(ja3ByHost_element = ja3ByHostsHashT; ja3ByHost_element != NULL; ja3ByHost_element = ja3ByHost_element->hh.next) { - num_ja3_client = HASH_COUNT(ja3ByHost_element->host_client_info_hasht); + num_ja3_ja4_client = HASH_COUNT(ja3ByHost_element->host_client_info_hasht); num_ja3_server = HASH_COUNT(ja3ByHost_element->host_server_info_hasht); - if(num_ja3_client > 0) { + if(num_ja3_ja4_client > 0) { fprintf(out, "\t%d\t %-24s \t %-7u\n", i, ja3ByHost_element->ip_string, - num_ja3_client + num_ja3_ja4_client ); i++; } @@ -3187,10 +3190,10 @@ static void printFlowsStats() { //ja3ByHost_element: element of ja3ByHostsHashT //info_of_element: element of the inner hash table of ja3ByHost_element HASH_ITER(hh, ja3ByHostsHashT, ja3ByHost_element, tmp) { - num_ja3_client = HASH_COUNT(ja3ByHost_element->host_client_info_hasht); + num_ja3_ja4_client = HASH_COUNT(ja3ByHost_element->host_client_info_hasht); num_ja3_server = HASH_COUNT(ja3ByHost_element->host_server_info_hasht); againstRepeat = 0; - if(num_ja3_client > 0) { + if(num_ja3_ja4_client > 0) { HASH_ITER(hh, ja3ByHost_element->host_client_info_hasht, info_of_element, tmp2) { fprintf(out, "\t%-7d %-24s %s %s\n", i, diff --git a/example/reader_util.c b/example/reader_util.c index 64b00b18f..28b208099 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -1326,6 +1326,8 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl flow->ssh_tls.notAfter = flow->ndpi_flow->protos.tls_quic.notAfter; ndpi_snprintf(flow->ssh_tls.ja3_client, sizeof(flow->ssh_tls.ja3_client), "%s", flow->ndpi_flow->protos.tls_quic.ja3_client); + ndpi_snprintf(flow->ssh_tls.ja4_client, sizeof(flow->ssh_tls.ja4_client), "%s", + flow->ndpi_flow->protos.tls_quic.ja4_client); ndpi_snprintf(flow->ssh_tls.ja3_server, sizeof(flow->ssh_tls.ja3_server), "%s", flow->ndpi_flow->protos.tls_quic.ja3_server); flow->ssh_tls.server_unsafe_cipher = flow->ndpi_flow->protos.tls_quic.server_unsafe_cipher; diff --git a/example/reader_util.h b/example/reader_util.h index 9c55355e6..59a5f69ec 100644 --- a/example/reader_util.h +++ b/example/reader_util.h @@ -273,7 +273,7 @@ typedef struct ndpi_flow_info { client_hassh[33], server_hassh[33], *server_names, *advertised_alpns, *negotiated_alpn, *tls_supported_versions, *tls_issuerDN, *tls_subjectDN, - ja3_client[33], ja3_server[33], + ja3_client[33], ja3_server[33], ja4_client[37], sha1_cert_fingerprint[20]; u_int8_t sha1_cert_fingerprint_set; struct tls_heuristics browser_heuristics; |