diff options
| author | Luca Deri <deri@ntop.org> | 2024-10-11 19:23:29 +0200 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2024-10-11 19:24:06 +0200 |
| commit | faaa5c5799440117f7a9cc78499433396dba7eb3 (patch) | |
| tree | f57d84662d3e1fb76f108dae21819cb59ef1cead /example | |
| parent | 3e74c95d19093d27431e33c072adaab6ca653e78 (diff) | |
Added support for printing JA4r when enabled
Diffstat (limited to 'example')
| -rw-r--r-- | example/ndpiReader.c | 2 | ||||
| -rw-r--r-- | example/reader_util.c | 11 | ||||
| -rw-r--r-- | example/reader_util.h | 2 |
3 files changed, 13 insertions, 2 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 12cd7fead..17a1a2457 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -2056,6 +2056,8 @@ static void printFlow(u_int32_t id, struct ndpi_flow_info *flow, u_int16_t threa if(flow->ssh_tls.ja4_client[0] != '\0') fprintf(out, "[JA4: %s%s]", flow->ssh_tls.ja4_client, print_cipher(flow->ssh_tls.client_unsafe_cipher)); + if(flow->ssh_tls.ja4_client_raw != NULL) fprintf(out, "[JA4_r: %s]", flow->ssh_tls.ja4_client_raw); + if(flow->ssh_tls.server_info[0] != '\0') fprintf(out, "[Server: %s]", flow->ssh_tls.server_info); if(flow->ssh_tls.server_names) fprintf(out, "[ServerNames: %s]", flow->ssh_tls.server_names); diff --git a/example/reader_util.c b/example/reader_util.c index 8ed32cad4..702ff4dc7 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -549,6 +549,11 @@ static void ndpi_free_flow_tls_data(struct ndpi_flow_info *flow) { ndpi_free(flow->ssh_tls.encrypted_sni.esni); flow->ssh_tls.encrypted_sni.esni = NULL; } + + if(flow->ssh_tls.ja4_client_raw) { + ndpi_free(flow->ssh_tls.ja4_client_raw); + flow->ssh_tls.ja4_client_raw = NULL; + } } /* ***************************************************** */ @@ -1353,7 +1358,11 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl flow->ndpi_flow->protos.tls_quic.ja3_client); ndpi_snprintf(flow->ssh_tls.ja4_client, sizeof(flow->ssh_tls.ja4_client), "%s", flow->ndpi_flow->protos.tls_quic.ja4_client); - ndpi_snprintf(flow->ssh_tls.ja3_server, sizeof(flow->ssh_tls.ja3_server), "%s", + + if(flow->ndpi_flow->protos.tls_quic.ja4_client_raw) + flow->ssh_tls.ja4_client_raw = strdup(flow->ndpi_flow->protos.tls_quic.ja4_client_raw); + + ndpi_snprintf(flow->ssh_tls.ja3_server, sizeof(flow->ssh_tls.ja3_server), "%s", flow->ndpi_flow->protos.tls_quic.ja3_server); flow->ssh_tls.server_unsafe_cipher = flow->ndpi_flow->protos.tls_quic.server_unsafe_cipher; flow->ssh_tls.server_cipher = flow->ndpi_flow->protos.tls_quic.server_cipher; diff --git a/example/reader_util.h b/example/reader_util.h index 956bb1955..03a1b8d5f 100644 --- a/example/reader_util.h +++ b/example/reader_util.h @@ -275,7 +275,7 @@ typedef struct ndpi_flow_info { client_hassh[33], server_hassh[33], *server_names, *advertised_alpns, *negotiated_alpn, *tls_supported_versions, *tls_issuerDN, *tls_subjectDN, - ja3_client[33], ja3_server[33], ja4_client[37], + ja3_client[33], ja3_server[33], ja4_client[37], *ja4_client_raw, sha1_cert_fingerprint[20]; u_int8_t sha1_cert_fingerprint_set; struct tls_heuristics browser_heuristics; |