| Commit message (Collapse) | Author | Age | ||
|---|---|---|---|---|
| ... | ||||
| * | Improved RTSP detection the second. (#1232) (#1233) | Toni | 2021-07-07 | |
| | | | | | | | | * RTSP is no subprotocol of HTTP (most of the time) * detection patterns should stay in rtsp.c * set detected HTTP protocol only if at least a valid HTTP method detected Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
| * | Refactored nDPI subprotocol handling and aimini protocol detection. (#1156) | Toni | 2021-03-23 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Refactored and merged callback buffer routines for non-udp-tcp / udp / tcp / tcp-wo-payload. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Try to detect one subprotocol if a detected protocol can have one. * This adds a performance overhead due to much more protocol detection routine calls. See #1148 for more information. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Refactor subprotocol handling (1/2). Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Refactor subprotocol handling (2/2). Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Prevent some code duplication by using macros for ndpi_int_one_line_struct string comparision. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Refactored aimini HTTP detection parts (somehow related to #1148). Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Added aimini client/server test pcap. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Removed master protocol as it was only used for STUN and via also removed API function ndpi_get_protocol_id_master_proto * Adjusted Python code to conform to the changes made during the refactoring process. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
| * | HTTP: fix memory access in ndpi_http_parse_subprotocol() (#1151) | Ivan Nardi | 2021-03-09 | |
| | | ||||
| * | Added Ookla detection over IPv6 | Luca Deri | 2021-03-09 | |
| | | ||||
| * | Ookla fixes | Luca Deri | 2021-03-09 | |
| | | ||||
| * | Improved detection of Ookla speedtest and openspeedtest.com | Luca Deri | 2021-03-09 | |
| | | ||||
| * | Improved DGA detection with trigrams. Disadvantage: slower startup time | Luca Deri | 2021-03-03 | |
| | | | | | | Reworked Tor dissector embedded in TLS (fixes #1141) Removed false positive on HTTP User-Agent | |||
| * | HTTP: fix user-agent parsing (#1124) | Ivan Nardi | 2021-02-03 | |
| | | | | | | | | | | | | User-agent information is used to try to detect the user OS; since the UA is extracted for QUIC traffic too, the "detected_os" field must be generic and not associated to HTTP flows only. Otherwise, you might overwrite some "tls_quic_stun" fields (SNI...) with random data. Strangely enough, the "detected_os" field is never used: it is never logged, or printed, or exported... | |||
| * | HTTP: fix logs when NDPI_ENABLE_DEBUG_MESSAGES is defined (#1123) | Ivan Nardi | 2021-02-03 | |
| | | ||||
| * | Increased number of extra packets that is necessary since the frgament ↵ | Luca Deri | 2021-02-03 | |
| | | | | | mananger introduction | |||
| * | (C) Update | Luca Deri | 2021-01-07 | |
| | | ||||
| * | HTTP: fix compilation and a memory error when NDPI_ENABLE_DEBUG_MESSAGES is ↵ | Ivan Nardi | 2021-01-07 | |
| | | | | | defined (#1109) | |||
| * | Split HTTP request from response Content-Type. Request Content-Type should ↵ | Luca Deri | 2021-01-06 | |
| | | | | | be present with POSTs and not with other methods such as GET | |||
| * | Added check for invalid HTTP content | Luca Deri | 2021-01-06 | |
| | | ||||
| * | Fixed missing symbol | Luca Deri | 2021-01-02 | |
| | | ||||
| * | Added HTTP suspicious content securirty risk (useful for tracking trickbot) | Luca Deri | 2021-01-02 | |
| | | ||||
| * | Added known protocol on unknown port for ntop | Luca Deri | 2020-12-28 | |
| | | ||||
| * | Type change to avoid Windows compilation issues | Luca Deri | 2020-12-17 | |
| | | ||||
| * | Improved HTTP dissection | Luca Deri | 2020-12-16 | |
| | | ||||
| * | Fix for detecting numeric IPs | Luca Deri | 2020-11-01 | |
| | | ||||
| * | Fixes #1033 | Luca Deri | 2020-10-21 | |
| | | ||||
| * | Minor UA handling improvement to avoid heap-overflow | Luca Deri | 2020-09-22 | |
| | | ||||
| * | Merge pull request #1012 from IvanNardi/ua | Luca Deri | 2020-09-17 | |
| |\ | | | | | QUIC: extract User Agent information | |||
| | * | http: create a common function to parse User Agent field | Nardi Ivan | 2020-09-08 | |
| | | | | | | | | | Prepare the code to handle UA information from flows other than HTTP | |||
| * | | Added extension to detect nested subdomains as used in Browsertunnel attack tool | Luca Deri | 2020-09-09 | |
| |/ | | | | https://github.com/veggiedefender/browsertunnel | |||
| * | Improved ntop detection over HTTP | Luca Deri | 2020-08-30 | |
| | | | | | Added cap on number of attempts for CiscoVPN | |||
| * | Fixed false positive in suspicous user agent | Luca Deri | 2020-08-30 | |
| | | | | | Optimized stddev calculation | |||
| * | Passes method_len param to ndpi_http_str2method | Simone Mainardi | 2020-08-27 | |
| | | ||||
| * | Added ndpi_http_method ndpi_http_str2method(const char* method) API call | Luca Deri | 2020-08-26 | |
| | | ||||
| * | Added check on payload lenght during extra packet processing | Luca Deri | 2020-08-04 | |
| | | ||||
| * | User agent detection improvements | Luca Deri | 2020-07-21 | |
| | | ||||
| * | Merge pull request #932 from IvanNardi/log | Luca Deri | 2020-07-07 | |
| |\ | | | | | Log | |||
| | * | Incorporated some feedback | Nardi Ivan | 2020-07-01 | |
| | | | ||||
| | * | Fix compilation with --enable-debug-messages flag | Nardi Ivan | 2020-06-26 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | NDPI_LOG* macros dereference ndpi_detection_module_struct object which is private to ndpi library (via NDPI_LIB_COMPILATION define). So we can't use them outside the library itself, i.e. in ndpiReader code Therefore, in files in example/, convert all (rare) uses of NDPI_LOG* macros to a new very simple macro, private to ndpiReader program. If necessary, such macro may be improved. According to a comment in ndpi_define.h, each dissector must define its own NDPI_CURRENT_PROTO macro before including ndpi_api.h file | |||
| * | | Improved HTTP line parsing if request splitted into multiple packets. | Toni Uhlig | 2020-07-05 | |
| | | | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
| * | | Added malformed packet risk support | Luca Deri | 2020-06-26 | |
| |/ | ||||
| * | Added checks for DGA detection | Luca Deri | 2020-06-17 | |
| | | ||||
| * | Added DGA risk for names that look like a DGA | Luca Deri | 2020-06-11 | |
| | | ||||
| * | Reworked HTTP header processing workflow | Luca Deri | 2020-06-01 | |
| | | ||||
| * | HTTP comparison optimization | Luca Deri | 2020-05-31 | |
| | | ||||
| * | Minor changes | Luca Deri | 2020-05-31 | |
| | | ||||
| * | HTTP dissector improvements | Luca Deri | 2020-05-30 | |
| | | ||||
| * | Minor cleanup | Luca Deri | 2020-05-29 | |
| | | ||||
| * | Fixes for https://github.com/ntop/nDPI/pull/911 | Luca Deri | 2020-05-29 | |
| | | | | | Added code for dumping invalid HTTP header | |||
| * | Added check for suspicious HTTP headers | Tommaso Macchioni | 2020-05-29 | |
| | | ||||
| * | Added stub for checking HTTP header | Luca Deri | 2020-05-21 | |
| | | | | | Updated Teams result | |||
| * | Added check for invalid HTTP URLs | Luca Deri | 2020-05-16 | |
| | | ||||
| * | Added check for binary scripts | Luca Deri | 2020-05-15 | |
| | | | | | | Added NDPI_HTTP_NUMERIC_IP_HOST risk ndpi_risk moved to 32 bit | |||
| * | Added NDPI_HTTP_SUSPICIOUS_USER_AGENT ndpi_risk | Luca Deri | 2020-05-15 | |
| | | ||||
| * | Added NDPI_TLS_CERTIFICATE_EXPIRED, NDPI_TLS_CERTIFICATE_MISMATCH, to ndpi_risk | Luca Deri | 2020-05-15 | |
| | | ||||