diff options
Diffstat (limited to 'src/lib/protocols')
| -rw-r--r-- | src/lib/protocols/ssh.c | 9 | ||||
| -rw-r--r-- | src/lib/protocols/stun.c | 4 | ||||
| -rw-r--r-- | src/lib/protocols/tls.c | 13 |
3 files changed, 23 insertions, 3 deletions
diff --git a/src/lib/protocols/ssh.c b/src/lib/protocols/ssh.c index de3b93bc2..5dd6fb0e5 100644 --- a/src/lib/protocols/ssh.c +++ b/src/lib/protocols/ssh.c @@ -39,14 +39,19 @@ seastc = packet.ssh.encryption_algorithms_server_to_client smastc = packet.ssh.mac_algorithms_server_to_client scastc = packet.ssh.compression_algorithms_server_to_client - hasshs_str = ';'.join([skex, seastc, smastc, scastc]) + hasshs_str = ';'.join([skex, seastc, smastc, scastc]) [client] ckex = packet.ssh.kex_algorithms ceacts = packet.ssh.encryption_algorithms_client_to_server cmacts = packet.ssh.mac_algorithms_client_to_server ccacts = packet.ssh.compression_algorithms_client_to_server - hassh_str = ';'.join([ckex, ceacts, cmacts, ccacts]) + hassh_str = ';'.join([ckex, ceacts, cmacts, ccacts]) + + NOTE + THe ECDSA key fingerprint is SHA256 -> ssh.kex.h_sig (wireshark) + is in the Message Code: Diffie-Hellman Key Exchange Reply (31) + that usually is packet 14 */ /* #define SSH_DEBUG 1 */ diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index f8e360c3f..0ab3ed805 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -140,7 +140,9 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * *is_whatsapp = 0, *is_messenger = 0, *is_duo = 0; - if(payload_length < sizeof(struct stun_packet_header)) { + if(payload_length >= 512) { + return(NDPI_IS_NOT_STUN); + } else if(payload_length < sizeof(struct stun_packet_header)) { /* This looks like an invalid packet */ if(flow->protos.stun_ssl.stun.num_udp_pkts > 0) { diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index 3e0e295c5..5c8e2b18b 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -30,6 +30,19 @@ // #define DEBUG_TLS 1 +/* + NOTE + + How to view the certificate fingerprint + 1. Using wireshark save the certificate on certificate.bin file as explained + in https://security.stackexchange.com/questions/123851/how-can-i-extract-the-certificate-from-this-pcap-file + + 2. openssl x509 -inform der -in certificate.bin -text > certificate.der + 3. openssl x509 -noout -fingerprint -sha1 -inform pem -in certificate.der + SHA1 Fingerprint=15:9A:76.... + + */ + #define NDPI_MAX_TLS_REQUEST_SIZE 10000 /* skype.c */ |