diff options
Diffstat (limited to 'example')
| -rw-r--r-- | example/ndpiReader.c | 18 | ||||
| -rw-r--r-- | example/reader_util.c | 6 | ||||
| -rw-r--r-- | example/reader_util.h | 5 |
3 files changed, 25 insertions, 4 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 2dde10182..01e0864cc 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1024,6 +1024,8 @@ static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t threa return; if(!json_flag) { + u_int i; + fprintf(out, "\t%u", id); fprintf(out, "\t%s ", ipProto2Name(flow->protocol)); @@ -1101,6 +1103,7 @@ static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t threa if(flow->ssh_tls.ja3_client[0] != '\0') fprintf(out, "[JA3C: %s%s]", flow->ssh_tls.ja3_client, print_cipher(flow->ssh_tls.client_unsafe_cipher)); + if(flow->ssh_tls.server_info[0] != '\0') fprintf(out, "[Server: %s]", flow->ssh_tls.server_info); if(flow->ssh_tls.server_hassh[0] != '\0') fprintf(out, "[HASSH-S: %s]", flow->ssh_tls.server_hassh); @@ -1108,6 +1111,21 @@ static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t threa print_cipher(flow->ssh_tls.server_unsafe_cipher)); if(flow->ssh_tls.server_organization[0] != '\0') fprintf(out, "[Organization: %s]", flow->ssh_tls.server_organization); + if((flow->detected_protocol.master_protocol == NDPI_PROTOCOL_TLS) + || (flow->detected_protocol.app_protocol == NDPI_PROTOCOL_TLS)) { + if((flow->ssh_tls.sha1_cert_fingerprint[0] == 0) + && (flow->ssh_tls.sha1_cert_fingerprint[1] == 0) + && (flow->ssh_tls.sha1_cert_fingerprint[2] == 0)) + ; /* Looks empty */ + else { + fprintf(out, "[Certificate SHA-1: "); + for(i=0; i<20; i++) + fprintf(out, "%s%02X", (i > 0) ? ":" : "", + flow->ssh_tls.sha1_cert_fingerprint[i] & 0xFF); + fprintf(out, "]"); + } + } + if(flow->ssh_tls.notBefore && flow->ssh_tls.notAfter) { char notBefore[32], notAfter[32]; struct tm a, b; diff --git a/example/reader_util.c b/example/reader_util.c index b4f5d984a..0b4e6c2c8 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -994,6 +994,8 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl flow->ndpi_flow->protos.stun_ssl.ssl.ja3_server); flow->ssh_tls.server_unsafe_cipher = flow->ndpi_flow->protos.stun_ssl.ssl.server_unsafe_cipher; flow->ssh_tls.server_cipher = flow->ndpi_flow->protos.stun_ssl.ssl.server_cipher; + memcpy(flow->ssh_tls.sha1_cert_fingerprint, + flow->ndpi_flow->l4.tcp.tls_sha1_certificate_fingerprint, 20); } } @@ -1171,8 +1173,8 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, if(enough_packets || (flow->detected_protocol.app_protocol != NDPI_PROTOCOL_UNKNOWN)) { if((!enough_packets) && (flow->detected_protocol.master_protocol == NDPI_PROTOCOL_TLS) - && (flow->ndpi_flow->protos.stun_ssl.ssl.ja3_server[0] == '\0')) - ; /* Wait for JA3S certificate */ + && (!flow->ndpi_flow->l4.tcp.tls_srv_cert_fingerprint_processed)) + ; /* Wait for certificate fingerprint */ else { /* New protocol detected or give up */ flow->detection_completed = 1; diff --git a/example/reader_util.h b/example/reader_util.h index 95eac67e8..0a847e3de 100644 --- a/example/reader_util.h +++ b/example/reader_util.h @@ -161,10 +161,11 @@ typedef struct ndpi_flow_info { char client_info[64], server_info[64], client_hassh[33], server_hassh[33], server_organization[64], - ja3_client[33], ja3_server[33]; + ja3_client[33], ja3_server[33], + sha1_cert_fingerprint[20]; time_t notBefore, notAfter; u_int16_t server_cipher; - ndpi_cipher_weakness client_unsafe_cipher, server_unsafe_cipher; + ndpi_cipher_weakness client_unsafe_cipher, server_unsafe_cipher; } ssh_tls; void *src_id, *dst_id; |