Add some heuristics to detect encrypted/obfuscated/proxied TLS flows (#2553) - libndpi.git - Open Source Deep Packet Inspection Software Toolkit

diff options

author	Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>	2024-09-24 14:20:31 +0200
committer	GitHub <noreply@github.com>	2024-09-24 14:20:31 +0200
commit	ddd08f913c80289e13e9c000e11c473a21ec23ca (patch)
tree	4ed5ba0fbaa250b5999c2d3bac91466dd12303ac /tests/cfgs/fpc_disabled
parent	686d0e3839768dbbf1a073db9cb0cef58b6e5da8 (diff)

Add some heuristics to detect encrypted/obfuscated/proxied TLS flows (#2553)

Based on the paper: "Fingerprinting Obfuscated Proxy Traffic with Encapsulated TLS Handshakes". See: https://www.usenix.org/conference/usenixsecurity24/presentation/xue-fingerprinting Basic idea: * the packets/bytes distribution of a TLS handshake is quite unique * this fingerprint is still detectable if the handshake is encrypted/proxied/obfuscated All heuristics are disabled by default.

Diffstat (limited to 'tests/cfgs/fpc_disabled')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: