1 files changed, 11 insertions, 2 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c
index 729d04d52..abb5ddb3d 100644
--- a/example/ndpiReader.c
+++ b/example/ndpiReader.c
@@ -67,6 +67,7 @@ static char *results_path           = NULL;
 static char * bpfFilter             = NULL; /**< bpf filter  */
 static char *_protoFilePath         = NULL; /**< Protocol file path */
 static char *_customCategoryFilePath= NULL; /**< Custom categories file path  */
+static char *_maliciousJA3Path      = NULL; /**< Malicious JA3 signatures */
 static char *_riskyDomainFilePath   = NULL; /**< Risky domain files */
 static u_int8_t live_capture = 0;
 static u_int8_t undetected_flows_deleted = 0;
@@ -438,7 +439,7 @@ static void help(u_int long_help) {
 	 "[-f <filter>][-s <duration>][-m <duration>][-b <num bin clusters>]\n"
 	 "          [-p <protos>][-l <loops> [-q][-d][-J][-h][-D][-e <len>][-t][-v <level>]\n"
 	 "          [-n <threads>][-w <file>][-c <file>][-C <file>][-j <file>][-x <file>]\n"
-	 "          [-r <file>][-T <num>][-U <num>] [-x <domain>]\n\n"
+	 "          [-r <file>][-j <file>][-T <num>][-U <num>] [-x <domain>]\n\n"
 	 "Usage:\n"
 	 "  -i <file.pcap|device>     | Specify a pcap file/playlist to read packets from or a\n"
 	 "                            | device for live capture (comma-separated list)\n"
@@ -469,6 +470,7 @@ static void help(u_int long_help) {
 	 "  -c <path>                 | Load custom categories from the specified file\n"
 	 "  -C <path>                 | Write output in CSV format on the specified file\n"
 	 "  -r <path>                 | Load risky domain file\n"
+	 "  -j <path>                 | Load malicious JA3 fingeprints\n"
 	 "  -w <path>                 | Write test output on the specified file. This is useful for\n"
 	 "                            | testing purposes in order to compare results across runs\n"
 	 "  -h                        | This help\n"
@@ -763,7 +765,7 @@ static void parseOptions(int argc, char **argv) {
   }
 #endif
 
-  while((opt = getopt_long(argc, argv, "b:e:c:C:dDf:g:i:Ihp:P:l:r:s:tu:v:V:n:Jrp:x:w:q0123:456:7:89:m:T:U:",
+  while((opt = getopt_long(argc, argv, "b:e:c:C:dDf:g:i:Ij:hp:P:l:r:s:tu:v:V:n:Jrp:x:w:q0123:456:7:89:m:T:U:",
 			   longopts, &option_idx)) != EOF) {
 #ifdef DEBUG_TRACE
     if(trace) fprintf(trace, " #### -%c [%s] #### \n", opt, optarg ? optarg : "");
@@ -796,6 +798,10 @@ static void parseOptions(int argc, char **argv) {
       ignore_vlanid = 1;
       break;
 
+    case 'j':
+      _maliciousJA3Path = optarg;
+      break;
+
     case 'm':
       pcap_analysis_duration = atol(optarg);
       break;
@@ -2060,6 +2066,9 @@ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle) {
   if(_riskyDomainFilePath)
     ndpi_load_risk_domain_file(ndpi_thread_info[thread_id].workflow->ndpi_struct, _riskyDomainFilePath);
 
+  if(_maliciousJA3Path)
+    ndpi_load_malicious_ja3_file(ndpi_thread_info[thread_id].workflow->ndpi_struct, _maliciousJA3Path);
+
   ndpi_finalize_initialization(ndpi_thread_info[thread_id].workflow->ndpi_struct);
 
   if(enable_doh_dot_detection)