aboutsummaryrefslogtreecommitdiff
path: root/src/lib/protocols/tls.c
Commit message (Collapse)AuthorAge
* Updated ESNI/SNI alarm generation prolicyLuca Deri2020-11-08
|
* Added -D flag for detecting DoH in the wildLuca Deri2020-10-26
| | | | Removed heuristic from CiscoVPN as it leads to false positives
* Various improvemement when using ndpi_pref_enable_tls_block_dissection:Luca Deri2020-10-24
| | | | | | application data TLS blocks are now ignored when exchanged before - the end of certificate negotiation (up to TLS 1.2) - change cipher
* Added fix for invalid SNI check when SNI is missingLuca Deri2020-10-02
|
* Added risks for checkingLuca Deri2020-09-21
| | | | | - invalid DNS traffic (probably carrying exfiltrated data) - TLS traffic with no SNI extension
* Merge pull request #1012 from IvanNardi/uaLuca Deri2020-09-17
|\ | | | | QUIC: extract User Agent information
| * TLS: fix memory accesses in QUIC transport parameters extensionNardi Ivan2020-09-10
| |
| * QUIC: extract User Agent informationNardi Ivan2020-09-08
| |
* | Added extension to detect nested subdomains as used in Browsertunnel attack toolLuca Deri2020-09-09
|/ | | | https://github.com/veggiedefender/browsertunnel
* Update TLS dissector to handle QUIC flowsNardi Ivan2020-08-21
| | | | | | | Latest QUIC versions use TLS for the encryption layer: reuse existing code to allow Client Hello parsing and sub-classification based on SNI value. Side effect: we might have J3AC, TLS negotiated version, SNI value and supported cipher list for QUIC, too.
* Suspicious ESNI usage: add a comment and a pcap exampleNardi Ivan2020-08-06
| | | | See: 79b89d286605635f15edfe3c21297aaa3b5f3acf
* Merge pull request #973 from IvanNardi/esni3Luca Deri2020-08-06
|\ | | | | Add risk flag about suspicious ESNI usage
| * Add risk flag about suspicious ESNI usageNardi Ivan2020-08-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In a Client Hello, the presence of both SNI and ESNI may obfuscate the real domain of an HTTPS connection, fooling DPI engines and firewalls, similarly to Domain Fronting. Such technique is reported in a presentation at DEF CON 28: "Domain Fronting is Dead, Long Live Domain Fronting: Using TLS 1.3 to evade censors, bypass network defenses, and blend in with the noise" Full credit for the idea must go the original author At the moment, the only way to get the pdf presention and related video is via https://forum.defcon.org/node/234492 Hopefully a direct link (and an example pcap) will be available soon
* | Fixed possible memory leak in TLS certificate handlingLuca Deri2020-08-05
|/
* Added memory checksLuca Deri2020-08-02
|
* Fixed partial TLS dissectionLuca Deri2020-07-30
|
* Restored TLS dissectionLuca Deri2020-07-30
|
* Tiny changes for TLS block lenght dissectionLuca Deri2020-07-29
|
* TLS dissection improvementsLuca Deri2020-07-28
|
* Fix for invalid boundary checkLuca Deri2020-07-17
|
* Fixed race condition in ndpi_ssl_version2str() caused by static qualifier in ↵Toni Uhlig2020-07-11
| | | | | | | | | the version string buffer. * added also GREASE supported tls versions as specified in https://tools.ietf.org/html/draft-davidben-tls-grease-01#page-4 Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fixed heap overflow in tls esni extraction triggered by manipulated packets.Toni Uhlig2020-06-29
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* TLS: extract JA3 signatures in some corner casesNardi Ivan2020-06-28
| | | | | In some (rare) cases, Client Hello message contains lots of cipher suits.
* Added malformed packet risk supportLuca Deri2020-06-26
|
* Fixes #906Luca Deri2020-06-22
| | | | Packet bins are not printed wehn empty
* Merge pull request #920 from lnslbrty/fix/tls-rdn-crashLuca Deri2020-06-19
|\ | | | | Fixed stack overflow caused by missing length check
| * Fixed stack overflow caused by missing length checkToni Uhlig2020-06-18
| | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* | Fixed API documentation: packet tiestamp is expressed in millisecondsLuca Deri2020-06-18
|/
* Added DGA risk for names that look like a DGALuca Deri2020-06-11
|
* Win fixesLuca Deri2020-06-08
|
* Added check in TLS 1.2+ for reporting a risk when TLS is not used to carry HTTPSLuca Deri2020-06-08
|
* Added TLS bounadry checkLuca Deri2020-06-07
|
* Removed some obsolete protocols (battlefield, oscar, pcanywhere, tvants)Luca Deri2020-06-06
|
* Check to avoid allocating twice the esni memoryLuca Deri2020-06-01
|
* Added extra TLS memory boundary checksLuca Deri2020-05-31
|
* Added references to ESNILuca Deri2020-05-29
|
* Added support for Encrypted TLS SNI dissectionLuca Deri2020-05-28
| | | | https://datatracker.ietf.org/doc/draft-ietf-tls-sni-encryption/
* Added check for binary scriptsLuca Deri2020-05-15
| | | | | Added NDPI_HTTP_NUMERIC_IP_HOST risk ndpi_risk moved to 32 bit
* Added NDPI_TLS_CERTIFICATE_EXPIRED, NDPI_TLS_CERTIFICATE_MISMATCH, to ndpi_riskLuca Deri2020-05-15
|
* Invalid TLS checkLuca Deri2020-05-12
|
* Added TLS weak cipher and obsolete protocol version detectionLuca Deri2020-05-10
|
* Added detection of self-signed TLS certificatesLuca Deri2020-05-10
|
* Added TLS issuerDN and subjectDNLuca Deri2020-05-07
|
* Reworked TLS dissector with a certificate RDN sequence readerLuca Deri2020-05-07
|
* Warning fixLuca Deri2020-04-22
|
* Fix some compilation warningsNardi Ivan2020-04-20
|
* TLS initializes version_strPhilippe Antoine2020-04-15
|
* Adds bound check in TLSPhilippe Antoine2020-04-15
|
* tls: fix heap-overflow errorNardi Ivan2020-03-27
|
* tls_supported_versions only if version_str is initializedPhilippe Antoine2020-03-19
| | | | With version_len == (extension_len-1)
Powered by cgit, Themed by Ted Yin.