Add Yandex services detection (#1882)

Add Yandex services detection

Add VK and Yandex to the TLS certificate match list

1 files changed, 45 insertions, 0 deletions

diff --git a/tests/result/yandex.pcapng.out b/tests/result/yandex.pcapng.out
new file mode 100644
index 000000000..3e3ed6c13
--- /dev/null
+++ b/tests/result/yandex.pcapng.out
@@ -0,0 +1,45 @@
+Guessed flow protos:	4
+
+DPI Packets (TCP):	78	(8.67 pkts/flow)
+Confidence DPI              : 9 (flows)
+Num dissector calls: 9 (1.00 diss/flow)
+LRU cache ookla:      0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/0/0 (insert/search/found)
+LRU cache zoom:       0/0/0 (insert/search/found)
+LRU cache stun:       0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache mining:     0/0/0 (insert/search/found)
+LRU cache msteams:    0/0/0 (insert/search/found)
+LRU cache stun_zoom:  0/0/0 (insert/search/found)
+Automa host:          9/9 (search/found)
+Automa domain:        9/0 (search/found)
+Automa tls cert:      0/0 (search/found)
+Automa risk mask:     1/0 (search/found)
+Automa common alpns:  18/18 (search/found)
+Patricia risk mask:   18/0 (search/found)
+Patricia risk:        0/0 (search/found)
+Patricia protocols:   9/9 (search/found)
+
+Yandex	20	3709	2
+YandexMail	11	3137	1
+YandexMusic	18	8243	1
+YandexMarket	11	3888	1
+YandexDisk	18	9337	1
+YandexCloud	18	11310	1
+YandexMetrika	16	9241	1
+YandexDirect	18	8718	1
+
+JA3 Host Stats: 
+		 IP Address                  	 # JA3C     
+	1	 192.168.1.249            	 1      
+
+
+	1	TCP 192.168.1.249:57322 <-> 87.250.250.108:443 [proto: 91.62/TLS.YandexCloud][IP: 25/Yandex][Encrypted][Confidence: DPI][cat: Cloud/13][9 pkts/2271 bytes <-> 9 pkts/9039 bytes][Goodput ratio: 73/93][0.21 sec][Hostname/SNI: cloud.yandex.ru][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.598 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 29/21 86/121 32/41][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 252/1004 1138/2862 351/1122][TLSv1.3][JA3C: cd08e31494f9531f560d64c695473da9][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,25,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,37]
+	2	TCP 192.168.1.249:42954 <-> 77.88.21.127:443 [proto: 91.57/TLS.YandexDisk][IP: 25/Yandex][Encrypted][Confidence: DPI][cat: Cloud/13][11 pkts/3088 bytes <-> 7 pkts/6249 bytes][Goodput ratio: 76/92][< 1 sec][Hostname/SNI: 1.downloader.disk.yandex.kz][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.339 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/3 13/13 5/5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 281/893 1464/4162 402/1405][Risk: ** TLS Cert About To Expire **][Risk Score: 50][Risk Info: 16/Aug/2022 14:06:19 - 13/Feb/2023 20:59:59][TLSv1.2][JA3C: cd08e31494f9531f560d64c695473da9][ServerNames: *.downloader.disk.yandex.uz,downloader.disk.yandex.ru,*.disk.yandex.net,*.downloader.disk.yandex.az,*.downloader.disk.yandex.by,*.downloader.disk.yandex.co.il,*.downloader.disk.yandex.com,*.downloader.disk.yandex.com.am,*.downloader.disk.yandex.com.ge,*.downloader.disk.yandex.com.tr,*.downloader.disk.yandex.ee,*.downloader.disk.yandex.fr,*.downloader.disk.yandex.kg,*.downloader.disk.yandex.kz,*.downloader.disk.yandex.lt,*.downloader.disk.yandex.lv,*.downloader.disk.yandex.md,*.downloader.disk.yandex.net,*.downloader.disk.yandex.ru,*.downloader.disk.yandex.tj,*.downloader.disk.yandex.tm,downloader.disk.yandex.az,downloader.disk.yandex.by,downloader.disk.yandex.co.il,downloader.disk.yandex.com,downloader.disk.yandex.com.am,downloader.disk.yandex.com.ge,downloader.disk.yandex.com.tr,downloader.disk.yandex.ee,downloader.disk.yandex.fr,downloader.disk.yandex.kg,downloader.disk.yandex.kz,downloader.disk.yandex.lt,downloader.disk.yandex.lv,downloader.disk.yandex.md,downloader.disk.yandex.net,downloader.disk.yandex.tj,downloader.disk.yandex.tm,downloader.disk.yandex.uz][JA3S: 00447ab319e9d94ba2b4c1248e155917][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018][Subject: C=RU, ST=Moscow, L=Moscow, O=Yandex LLC, CN=*.downloader.disk.yandex.uz][Certificate SHA-1: 5F:90:0E:31:DE:D3:1E:B0:D7:D0:03:03:C0:2E:6B:5D:53:A4:D3:77][Chrome][Validity: 2022-08-16 14:06:19 - 2023-02-13 20:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,10,20,10,0,0,10,0,0,10,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,10]
+	3	TCP 192.168.1.249:51462 <-> 87.250.251.77:443 [proto: 91.98/TLS.YandexMetrika][IP: 25/Yandex][Encrypted][Confidence: DPI][cat: Web/5][10 pkts/3371 bytes <-> 6 pkts/5870 bytes][Goodput ratio: 80/93][< 1 sec][Hostname/SNI: metrika.yandex.kz][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.270 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 162/3 1262/10 416/4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 337/978 1464/2862 433/1129][TLSv1.3][JA3C: cd08e31494f9531f560d64c695473da9][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,12,12,0,0,0,0,0,0,0,0,0,0,0,0,25,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,25]
+	4	TCP 192.168.1.249:58832 <-> 87.250.250.134:443 [proto: 91.99/TLS.YandexDirect][IP: 25/Yandex][Encrypted][Confidence: DPI][cat: Advertisement/101][9 pkts/2679 bytes <-> 9 pkts/6039 bytes][Goodput ratio: 77/90][0.03 sec][Hostname/SNI: direct.yandex.kz][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.385 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/1 7/4 3/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 298/671 1454/2862 438/893][TLSv1.3][JA3C: cd08e31494f9531f560d64c695473da9][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,11]
+	5	TCP 192.168.1.249:40218 <-> 213.180.204.186:443 [proto: 91.34/TLS.YandexMusic][IP: 25/Yandex][Encrypted][Confidence: DPI][cat: Music/25][10 pkts/3025 bytes <-> 8 pkts/5218 bytes][Goodput ratio: 78/90][0.59 sec][Hostname/SNI: music.yandex.kz][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.266 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 70/92 465/521 150/192][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 302/652 1464/1710 423/700][TLSv1.2][JA3C: cd08e31494f9531f560d64c695473da9][ServerNames: *.music.yandex.ru,music-partner.yandex.ru,music.yandex,music.yandex.by,music.yandex.uz,music.ya.ru,music.yandex.kz,music.yandex.com,music.yandex.ru][JA3S: 4ef1b297bb817d8212165a86308bac5f][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018][Subject: C=RU, ST=Moscow, L=Moscow, O=Yandex LLC, CN=*.music.yandex.ru][Certificate SHA-1: 84:6E:A1:68:E5:3B:10:C1:87:75:43:D8:F2:39:C3:4D:E9:9F:DC:88][Chrome][Validity: 2023-01-10 21:05:02 - 2023-07-11 20:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,12,0,0,0,0,12,0,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,38,0,0,0,12]
+	6	TCP 192.168.1.249:40870 -> 87.250.251.22:443 [proto: 91.56/TLS.YandexMarket][IP: 25/Yandex][Encrypted][Confidence: DPI][cat: Shopping/27][11 pkts/3888 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][0.05 sec][Hostname/SNI: fenek.market.yandex.ru][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/0 23/0 8/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 353/0 1464/0 473/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.2][JA3C: cd08e31494f9531f560d64c695473da9][Chrome][Plen Bins: 0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,20,0,0,0,0]
+	7	TCP 192.168.1.249:45224 -> 77.88.21.37:443 [proto: 91.33/TLS.YandexMail][IP: 25/Yandex][Encrypted][Confidence: DPI][cat: Email/3][11 pkts/3137 bytes -> 0 pkts/0 bytes][Goodput ratio: 77/0][< 1 sec][Hostname/SNI: mail.yandex.kz][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/0 51/0 16/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 285/0 1464/0 412/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.2][JA3C: cd08e31494f9531f560d64c695473da9][Chrome][Plen Bins: 0,0,25,0,0,0,0,0,0,0,0,0,25,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0]
+	8	TCP 192.168.1.249:42102 -> 178.154.131.216:443 [proto: 91.25/TLS.Yandex][IP: 25/Yandex][Encrypted][Confidence: DPI][cat: Web/5][11 pkts/1890 bytes -> 0 pkts/0 bytes][Goodput ratio: 61/0][0.09 sec][Hostname/SNI: yastatic.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/0 31/0 10/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 172/0 583/0 178/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.2][JA3C: cd08e31494f9531f560d64c695473da9][Chrome][Plen Bins: 20,0,40,0,0,0,0,0,0,0,0,0,0,20,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	9	TCP 192.168.1.249:57126 -> 178.154.131.216:443 [proto: 91.25/TLS.Yandex][IP: 25/Yandex][Encrypted][Confidence: DPI][cat: Web/5][9 pkts/1819 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][3.52 sec][Hostname/SNI: yastatic.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 440/0 3495/0 1155/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 202/0 594/0 209/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.2][JA3C: cd08e31494f9531f560d64c695473da9][Chrome][Plen Bins: 0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]