diff options
| author | Luca Deri <lucaderi@users.noreply.github.com> | 2020-07-22 11:36:31 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-07-22 11:36:31 +0200 |
| commit | 1740042cbb639fae8f1d06b8966cac9d56c52c20 (patch) | |
| tree | d092d4a12f6e6b3bfaed3bf17a8e244448cda229 /src/lib/protocols | |
| parent | b568c26989b9baf72940007d220d5c47eae67618 (diff) | |
| parent | f6242f0e4621650a2bc409278b0442d775b14db8 (diff) | |
Merge branch 'dev' into ossfuzzbuild
Diffstat (limited to 'src/lib/protocols')
| -rw-r--r-- | src/lib/protocols/http.c | 16 | ||||
| -rw-r--r-- | src/lib/protocols/ssh.c | 19 |
2 files changed, 30 insertions, 5 deletions
diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 8f74d22ad..2b96e55b4 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -262,12 +262,18 @@ static void ndpi_check_user_agent(struct ndpi_detection_module_struct *ndpi_stru char *ua) { if((!ua) || (ua[0] == '\0')) return; - // printf("[%s:%d] ==> '%s'\n", __FILE__, __LINE__, ua); - + // printf("***** [%s:%d] ==> '%s'\n", __FILE__, __LINE__, ua); + // printf("***** %u\n", ndpi_check_dga_name(ndpi_struct, NULL, "uclient-fetch]")); + if((strlen(ua) < 4) - || (!strcmp(ua, "test")) - || (!strcmp(ua, "<?")) - || ndpi_match_bigram(ndpi_struct, &ndpi_struct->bigrams_automa, ua)) { + || (!strncmp(ua, "test", 4)) + || (!strncmp(ua, "<?", 2)) + || strchr(ua, ';') + || strchr(ua, '{') + || strchr(ua, '}') + || ndpi_check_dga_name(ndpi_struct, NULL, ua) + // || ndpi_match_bigram(ndpi_struct, &ndpi_struct->impossible_bigrams_automa, ua) + ) { NDPI_SET_BIT(flow->risk, NDPI_HTTP_SUSPICIOUS_USER_AGENT); } } diff --git a/src/lib/protocols/ssh.c b/src/lib/protocols/ssh.c index 8252d6725..7679a2337 100644 --- a/src/lib/protocols/ssh.c +++ b/src/lib/protocols/ssh.c @@ -60,6 +60,21 @@ static void ndpi_search_ssh_tcp(struct ndpi_detection_module_struct *ndpi_struct /* ************************************************************************ */ +static void ssh_analyse_signature_version(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, + char *str_to_check, + u_int8_t is_client_signature) { + + + /* + if(obsolete_ssh_version) + NDPI_SET_BIT(flow->risk, is_client_signature ? NDPI_SSH_OBSOLETE_CLIENT_SIGNATURE : NDPI_SSH_OBSOLETE_SERVER_SIGNATURE); + */ + +} + +/* ************************************************************************ */ + static int search_ssh_again(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_search_ssh_tcp(ndpi_struct, flow); @@ -287,6 +302,8 @@ static void ndpi_search_ssh_tcp(struct ndpi_detection_module_struct *ndpi_struct strncpy(flow->protos.ssh.client_signature, (const char *)packet->payload, len); flow->protos.ssh.client_signature[len] = '\0'; ndpi_ssh_zap_cr(flow->protos.ssh.client_signature, len); + + ssh_analyse_signature_version(ndpi_struct, flow, flow->protos.ssh.client_signature, 1); #ifdef SSH_DEBUG printf("[SSH] [client_signature: %s]\n", flow->protos.ssh.client_signature); @@ -305,6 +322,8 @@ static void ndpi_search_ssh_tcp(struct ndpi_detection_module_struct *ndpi_struct strncpy(flow->protos.ssh.server_signature, (const char *)packet->payload, len); flow->protos.ssh.server_signature[len] = '\0'; ndpi_ssh_zap_cr(flow->protos.ssh.server_signature, len); + + ssh_analyse_signature_version(ndpi_struct, flow, flow->protos.ssh.server_signature, 0); #ifdef SSH_DEBUG printf("[SSH] [server_signature: %s]\n", flow->protos.ssh.server_signature); |