diff options
| author | Nardi Ivan <nardi.ivan@gmail.com> | 2022-01-09 16:53:00 +0100 |
|---|---|---|
| committer | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2022-07-07 15:36:05 +0200 |
| commit | a31e79fc3c728acb01f03547197cccb95aa2265a (patch) | |
| tree | 49f5de58c6468a9adbf758109d7df39c3eb9175f /tests/result | |
| parent | 15042870f94d19d824e5f80c6274690711f72ef7 (diff) | |
TLS: ignore invalid Content Type values
Diffstat (limited to 'tests/result')
| -rw-r--r-- | tests/result/fuzz-2021-10-13.pcap.out | 10 | ||||
| -rw-r--r-- | tests/result/tls_false_positives.pcapng.out | 11 | ||||
| -rw-r--r-- | tests/result/tls_invalid_reads.pcap.out | 5 |
3 files changed, 18 insertions, 8 deletions
diff --git a/tests/result/fuzz-2021-10-13.pcap.out b/tests/result/fuzz-2021-10-13.pcap.out index 6f5010e37..4cab569cb 100644 --- a/tests/result/fuzz-2021-10-13.pcap.out +++ b/tests/result/fuzz-2021-10-13.pcap.out @@ -1,13 +1,11 @@ Guessed flow protos: 1 DPI Packets (TCP): 1 (1.00 pkts/flow) -Confidence DPI : 1 (flows) +Confidence Unknown : 1 (flows) -TLS 1 197 1 +Unknown 1 197 1 -JA3 Host Stats: - IP Address # JA3C - 1 3400:3a30:3035:2f75:706c:6f32:643f:6c3d 1 - 1 TCP [3400:3a30:3035:2f75:706c:6f32:643f:6c3d]:44288 -> [302e::3d00::8001]:0 [proto: 91/TLS][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/197 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Obsolete TLS (v1.1 or older) **** TLS Suspicious Extn **** Unidirectional Traffic **][Risk Score: 260][Risk Info: No server to client traffic / TLS (0030)][TLS (0030)][JA3C: a5e5938747ae3199abb5d3fcd94f9e8d][PLAIN TEXT (005/uplo2)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] +Undetected flows: + 1 TCP [3400:3a30:3035:2f75:706c:6f32:643f:6c3d]:44288 -> [302e::3d00::8001]:0 [proto: 0/Unknown][ClearText][Confidence: Unknown][1 pkts/197 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (005/uplo2)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/tls_false_positives.pcapng.out b/tests/result/tls_false_positives.pcapng.out new file mode 100644 index 000000000..dd4a97f0c --- /dev/null +++ b/tests/result/tls_false_positives.pcapng.out @@ -0,0 +1,11 @@ +Guessed flow protos: 1 + +DPI Packets (TCP): 30 (30.00 pkts/flow) +Confidence Unknown : 1 (flows) + +Unknown 30 37313 1 + + + +Undetected flows: + 1 TCP 10.10.10.1:1445 <-> 192.168.0.1:20979 [proto: 0/Unknown][ClearText][Confidence: Unknown][27 pkts/35276 bytes <-> 3 pkts/2037 bytes][Goodput ratio: 96/92][6.40 sec][bytes ratio: 0.891 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/3 267/2832 5666/5662 1131/2830][Pkt Len c2s/s2c min/avg/max/stddev: 66/186 1307/679 1454/1454 393/555][PLAIN TEXT (countrycode)][Plen Bins: 3,0,0,0,3,0,0,0,0,0,3,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,82,0,0,0,0] diff --git a/tests/result/tls_invalid_reads.pcap.out b/tests/result/tls_invalid_reads.pcap.out index 62d3a62e6..9d942c419 100644 --- a/tests/result/tls_invalid_reads.pcap.out +++ b/tests/result/tls_invalid_reads.pcap.out @@ -1,7 +1,8 @@ Guessed flow protos: 3 DPI Packets (TCP): 11 (3.67 pkts/flow) -Confidence DPI : 3 (flows) +Confidence Match by IP : 1 (flows) +Confidence DPI : 2 (flows) TLS 7 1827 1 Crashlytics 3 560 1 @@ -14,4 +15,4 @@ JA3 Host Stats: 1 TCP 192.168.10.101:3967 <-> 206.33.61.113:443 [proto: 91/TLS][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/330 bytes <-> 3 pkts/1497 bytes][Goodput ratio: 31/89][0.08 sec][bytes ratio: -0.639 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/38 25/19 58/38 24/19][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 82/499 156/905 43/346][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TLSv1][JA3S: 53611273a714cb4789c8222932efd5a7 (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 0,0,0,33,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 10.191.139.17:58552 <-> 54.221.224.45:443 [VLAN: 2][proto: GTP:91.275/TLS.Crashlytics][Encrypted][Confidence: DPI][cat: DataTransfer/4][2 pkts/442 bytes <-> 1 pkts/118 bytes][Goodput ratio: 41/0][0.23 sec][Hostname/SNI: e.crashlytics.com][ALPN: ][Risk: ** TLS Suspicious Extn **][Risk Score: 100][TLSv1.2][JA3C: 9d5430e6dfce44459702b74d790df353][Firefox][PLAIN TEXT (e.crashlytics.com)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 3 TCP 74.80.160.99:3258 -> 67.217.77.28:443 [proto: 91.293/TLS.GoTo][Encrypted][Confidence: DPI][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes][Goodput ratio: 15/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 TCP 74.80.160.99:3258 -> 67.217.77.28:443 [proto: 91.293/TLS.GoTo][Encrypted][Confidence: Match by IP][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes][Goodput ratio: 15/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] |