| Commit message (Collapse) | Author | Age | |
|---|---|---|---|
| * | Check for common ALPNs and set a flow risk if not known. (#1175) | Toni | 2021-04-27 |
| | | | | | | | * Increased risk bitmask to 64bit (instead of 32bit). * Removed annoying "Unknown datalink" error message for fuzzers. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Add vxlan enum to ndpi_packet_tunnel | Alfredo Cardigliano | 2021-04-21 |
| | | |||
| * | Added NDPI_DESKTOP_OR_FILE_SHARING_SESSION flow risk | Luca Deri | 2021-04-11 |
| | | |||
| * | Improved DGA detection with trigrams. Disadvantage: slower startup time | Luca Deri | 2021-03-03 |
| | | | | | | Reworked Tor dissector embedded in TLS (fixes #1141) Removed false positive on HTTP User-Agent | ||
| * | DTLS: improve support (#1146) | Ivan Nardi | 2021-03-02 |
| | | | | | | | | * DTLS: add some pcap tests * DTLS: fix parsing of Client/Server Helllo message * DTLS: add parsing of server certificates | ||
| * | Added NDPI_MALICIOUS_SHA1 flow risk. (#1142) | Toni | 2021-02-26 |
| | | | | | | | * An external file which contains known malicious SSL certificate SHA-1 hashes can be loaded via ndpi_load_malicious_sha1_file(...) Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Added protocol breed to JSON serializer. (#1137) | Toni | 2021-02-25 |
| | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Modified JA3 fingerprint message | Luca Deri | 2021-02-24 |
| | | |||
| * | Added NDPI_MALICIOUS_JA3 flow risk | Luca Deri | 2021-02-22 |
| | | | | | Added ndpi_load_malicious_ja3_file() API call | ||
| * | Removed unused NDPI_RISKY_COUNTRY | Luca Deri | 2021-02-21 |
| | | |||
| * | Fixes due to the fragment mananegr code | Luca Deri | 2021-02-18 |
| | | |||
| * | Added new risks (future use) | Luca Deri | 2021-02-16 |
| | | | | | | | - NDPI_RISKY_ASN - NDPI_RISKY_DOMAIN - NDPI_RISKY_COUNTRY | ||
| * | Removed now obsolete NDPI_DETECTION_SUPPORT_IPV6: code is more readeable now | Luca Deri | 2021-02-10 |
| | | |||
| * | Partial fix for #1129 | Luca Deri | 2021-02-05 |
| | | |||
| * | Code cleanup and safety checks in the fragment manager (#1129) | Alfredo Cardigliano | 2021-02-05 |
| | | |||
| * | Cosmetic fixes | Luca Deri | 2021-02-03 |
| | | |||
| * | fragments management added (#1122) | Roberto AGOSTINO | 2021-02-03 |
| | | | | | | | Management of tcp segments managements. Co-authored-by: ragostino <ragostino73@gmail.com> Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com> | ||
| * | Cleaned up tls/quic datatypes | Luca Deri | 2021-01-21 |
| | | |||
| * | Reworked TLS fingerprint calcolation | Luca Deri | 2021-01-21 |
| | | | | | Modified TLS memory free | ||
| * | Added simple hash implementation to the nDPI API | Luca Deri | 2021-01-20 |
| | | |||
| * | (C) Update | Luca Deri | 2021-01-07 |
| | | |||
| * | QUIC: improve handling of SNI (#1105) | Ivan Nardi | 2021-01-07 |
| | | | | | | | | | | | | | | * QUIC: SNI should be always saved in flow->protos.stun_ssl.ssl.client_requested_server_name Close #1077 * QUIC: fix matching of custom categories * QUIC: add NDPI_TLS_MISSING_SNI support for older GQUIC versions * QUIC: fix serialization * QUIC: add DGA check for older GQUIC versions | ||
| * | Added HTTP suspicious content securirty risk (useful for tracking trickbot) | Luca Deri | 2021-01-02 |
| | | |||
| * | Win fixes | Luca Deri | 2020-12-17 |
| | | |||
| * | Type change to avoid Windows compilation issues | Luca Deri | 2020-12-17 |
| | | |||
| * | Fix/overflow and libgerror check (#1068) | Toni | 2020-11-26 |
| | | | | | | | | | | * Fixed stack overflow caused by missing buffer space for the trailing \0 added by sprintf() Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Remove the autoconf cache value from the previous and failed check before checking again. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Improved processing of IPv6 header | Luca Deri | 2020-10-15 |
| | | | | | Improved QUIC serialization | ||
| * | Added ndpi_quick_16_byte_hash | Luca | 2020-10-05 |
| | | | | | Warning fix | ||
| * | Added risks for checking | Luca Deri | 2020-09-21 |
| | | | | | | - invalid DNS traffic (probably carrying exfiltrated data) - TLS traffic with no SNI extension | ||
| * | Do not re-define libc functions for mingw builds. | Toni Uhlig | 2020-09-20 |
| | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Merge pull request #1017 from lnslbrty/fix/mingw-xcompile | Luca Deri | 2020-09-20 |
| |\ | | | | | Added support for mingw xcompile. | ||
| | * | Fixed shlib xcompile for x86_64-w64-mingw32 | Toni Uhlig | 2020-09-08 |
| | | | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | | Reworked MDNS dissector that is not based on the DNS dissector | Luca Deri | 2020-09-17 |
| |/ | |||
| * | Added some additional TLS mappings | Luca Deri | 2020-09-02 |
| | | |||
| * | Added check for ndpi_ssl_version2str() | Luca Deri | 2020-08-31 |
| | | |||
| * | Added new risk for NDPI_UNSAFE_PROTOCOL that identifies protocols that are ↵ | Luca Deri | 2020-08-30 |
| | | | | | not condidered safe/secure | ||
| * | Fixes control reaches end of non-void function | Simone Mainardi | 2020-08-27 |
| | | |||
| * | Passes method_len param to ndpi_http_str2method | Simone Mainardi | 2020-08-27 |
| | | |||
| * | Added ndpi_http_method ndpi_http_str2method(const char* method) API call | Luca Deri | 2020-08-26 |
| | | |||
| * | Added ndpi_http_method2str() API call | Luca Deri | 2020-08-26 |
| | | |||
| * | Added new check for detecting suspicious (too long) names | Luca Deri | 2020-08-21 |
| | | |||
| * | Merge pull request #973 from IvanNardi/esni3 | Luca Deri | 2020-08-06 |
| |\ | | | | | Add risk flag about suspicious ESNI usage | ||
| | * | Add risk flag about suspicious ESNI usage | Nardi Ivan | 2020-08-05 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In a Client Hello, the presence of both SNI and ESNI may obfuscate the real domain of an HTTPS connection, fooling DPI engines and firewalls, similarly to Domain Fronting. Such technique is reported in a presentation at DEF CON 28: "Domain Fronting is Dead, Long Live Domain Fronting: Using TLS 1.3 to evade censors, bypass network defenses, and blend in with the noise" Full credit for the idea must go the original author At the moment, the only way to get the pdf presention and related video is via https://forum.defcon.org/node/234492 Hopefully a direct link (and an example pcap) will be available soon | ||
| * | | Added note on memory management | Luca Deri | 2020-08-06 |
| |/ | |||
| * | Added NDPI_SMB_INSECURE_VERSION for detecting insecure SMB versions (e.g. v1) | Luca Deri | 2020-07-27 |
| | | |||
| * | SSH code cleanup | Luca Deri | 2020-07-25 |
| | | |||
| * | modified new last two risks | MrRadix | 2020-07-22 |
| | | |||
| * | Introduced SSH rick checks | Luca Deri | 2020-07-22 |
| | | |||
| * | Fixed makefile error message | Luca Deri | 2020-07-13 |
| | | | | | Code hardedning fix | ||
| * | Fixed race condition in ndpi_ssl_version2str() caused by static qualifier in ↵ | Toni Uhlig | 2020-07-11 |
| | | | | | | | | | | the version string buffer. * added also GREASE supported tls versions as specified in https://tools.ietf.org/html/draft-davidben-tls-grease-01#page-4 Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||