Add check for HTTP transfer of executable files

author: loures <loures.raso@gmail.com> 2020-05-13 18:30:51 +0200
committer: loures <loures.raso@gmail.com> 2020-05-13 18:32:29 +0200
commit: 0a4fbb8cfb7602c9c0b90e8329b56577dea207fd (patch)
tree: 88c58ff657091d847dc4b792d7287569cd4382a6 /src/lib/protocols/http.c
parent: 9dfd0d0071845779487b4e2e14c3599e18a74a8c (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c
index de4de3aee..b9a920ec7 100644
--- a/src/lib/protocols/http.c
+++ b/src/lib/protocols/http.c
@@ -245,6 +245,19 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_
       }
     }
 
+  /* catch application/exe mime-type */
+  if(packet->content_line.ptr != NULL) {
+    u_int app_len = sizeof("application");
+    if(packet->content_line.len > app_len) {
+      if(ndpi_strncasestr((const char *)&packet->content_line.ptr[app_len], "exe",
+        packet->content_line.len-app_len) != NULL) {
+          ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_EXECUTABLE_HTTP, NDPI_PROTOCOL_CATEGORY_WEB);
+          NDPI_LOG_INFO(ndpi_struct, "found executable HTTP transfer\n");
+          return;
+      }
+    }
+  }
+
   if(packet->user_agent_line.ptr != NULL && packet->user_agent_line.len != 0) {
     /**
        Format examples:
author	loures <loures.raso@gmail.com>	2020-05-13 18:30:51 +0200
committer	loures <loures.raso@gmail.com>	2020-05-13 18:32:29 +0200
commit	0a4fbb8cfb7602c9c0b90e8329b56577dea207fd (patch)
tree	88c58ff657091d847dc4b792d7287569cd4382a6 /src/lib/protocols/http.c
parent	9dfd0d0071845779487b4e2e14c3599e18a74a8c (diff)