diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2023-12-05 08:05:44 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-12-05 08:05:44 +0100 |
| commit | 7b0c16a70d25687ff7abaa859e3e11e54513286e (patch) | |
| tree | c28e9fbe5f613c994195c1f8fa3a9dd4268f0ce2 /src/lib | |
| parent | c34bded4ef9733e12a1475fc57f39b71a350aad7 (diff) | |
TLS: remove JA3+ fingerprints. (#2192)
See: #2191
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/ndpi_main.c | 3 | ||||
| -rw-r--r-- | src/lib/ndpi_private.h | 2 | ||||
| -rw-r--r-- | src/lib/protocols/tls.c | 29 |
3 files changed, 2 insertions, 32 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 2dbf92e64..0a29295c2 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -3058,9 +3058,6 @@ struct ndpi_detection_module_struct *ndpi_init_detection_module(ndpi_init_prefs NDPI_BITMASK_RESET(ndpi_str->debug_bitmask); #endif /* NDPI_ENABLE_DEBUG_MESSAGES */ - if(prefs & ndpi_enable_ja3_plus) - ndpi_str->enable_ja3_plus = 1; - if(!(prefs & ndpi_dont_init_libgcrypt)) { if(!gcry_control (GCRYCTL_INITIALIZATION_FINISHED_P)) { const char *gcrypt_ver = gcry_check_version(NULL); diff --git a/src/lib/ndpi_private.h b/src/lib/ndpi_private.h index 8a06804e2..a9500d13d 100644 --- a/src/lib/ndpi_private.h +++ b/src/lib/ndpi_private.h @@ -128,7 +128,7 @@ struct ndpi_detection_module_struct { u_int64_t current_ts; u_int16_t max_packets_to_process; u_int16_t num_tls_blocks_to_follow; - u_int8_t skip_tls_blocks_until_change_cipher:1, enable_ja3_plus:1, _notused:6; + u_int8_t skip_tls_blocks_until_change_cipher:1, _notused:7; u_int8_t tls_certificate_expire_in_x_days; void *user_data; diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index b86d51f54..1ed8341b6 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -1851,26 +1851,9 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, if(rc <= 0) break; else ja3_str_len += rc; } - if(ndpi_struct->enable_ja3_plus) { - for(i=0; (i<ja3.server.num_elliptic_curve_point_format) && (JA3_STR_LEN > ja3_str_len); i++) { - rc = ndpi_snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, "%s%u", - (i > 0) ? "-" : "", ja3.server.elliptic_curve_point_format[i]); - if((rc > 0) && (ja3_str_len + rc < JA3_STR_LEN)) ja3_str_len += rc; else break; - } - - if((ja3.server.alpn[0] != '\0') && (JA3_STR_LEN > ja3_str_len)) { - rc = ndpi_snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, ",%s", ja3.server.alpn); - if((rc > 0) && (ja3_str_len + rc < JA3_STR_LEN)) ja3_str_len += rc; - } - -#ifdef DEBUG_TLS - printf("[JA3+] Server: %s \n", ja3_str); -#endif - } else { #ifdef DEBUG_TLS - printf("[JA3] Server: %s \n", ja3_str); + printf("[JA3] Server: %s \n", ja3_str); #endif - } ndpi_MD5Init(&ctx); ndpi_MD5Update(&ctx, (const unsigned char *)ja3_str, strlen(ja3_str)); @@ -2636,16 +2619,6 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, if((rc > 0) && (ja3_str_len + rc < JA3_STR_LEN)) ja3_str_len += rc; else break; } - if(ndpi_struct->enable_ja3_plus) { - rc = ndpi_snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, - ",%s,%s,%s", ja3.client.signature_algorithms, ja3.client.supported_versions, ja3.client.alpn); - if((rc > 0) && (ja3_str_len + rc < JA3_STR_LEN)) ja3_str_len += rc; - } - -#ifdef DEBUG_JA3C - printf("[JA3+] Client: %s \n", ja3_str); -#endif - ndpi_MD5Init(&ctx); ndpi_MD5Update(&ctx, (const unsigned char *)ja3_str, strlen(ja3_str)); ndpi_MD5Final(md5_hash, &ctx); |