aboutsummaryrefslogtreecommitdiff
path: root/src/lib/protocols
Commit message (Collapse)AuthorAge
...
* Merge pull request #987 from lnslbrty/update/mysql-protocol-detectionLuca Deri2020-08-19
|\ | | | | Updated MySQL protocol detection to support server version 8.
| * Updated MySQL protocol detection to support server version 8.Toni Uhlig2020-08-19
| | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* | Added support for SOAP.Toni Uhlig2020-08-18
|/ | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Suspicious ESNI usage: add a comment and a pcap exampleNardi Ivan2020-08-06
| | | | See: 79b89d286605635f15edfe3c21297aaa3b5f3acf
* Merge pull request #973 from IvanNardi/esni3Luca Deri2020-08-06
|\ | | | | Add risk flag about suspicious ESNI usage
| * Add risk flag about suspicious ESNI usageNardi Ivan2020-08-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In a Client Hello, the presence of both SNI and ESNI may obfuscate the real domain of an HTTPS connection, fooling DPI engines and firewalls, similarly to Domain Fronting. Such technique is reported in a presentation at DEF CON 28: "Domain Fronting is Dead, Long Live Domain Fronting: Using TLS 1.3 to evade censors, bypass network defenses, and blend in with the noise" Full credit for the idea must go the original author At the moment, the only way to get the pdf presention and related video is via https://forum.defcon.org/node/234492 Hopefully a direct link (and an example pcap) will be available soon
* | Fixed possible memory leak in TLS certificate handlingLuca Deri2020-08-05
|/
* Added check on payload lenght during extra packet processingLuca Deri2020-08-04
|
* Added memory checksLuca Deri2020-08-02
|
* Fixed partial TLS dissectionLuca Deri2020-07-30
|
* Restored TLS dissectionLuca Deri2020-07-30
|
* Tiny changes for TLS block lenght dissectionLuca Deri2020-07-29
|
* TLS dissection improvementsLuca Deri2020-07-28
|
* Added NDPI_SMB_INSECURE_VERSION for detecting insecure SMB versions (e.g. v1)Luca Deri2020-07-27
|
* Boundary check on QUICLuca Deri2020-07-27
|
* Boundary checkLuca Deri2020-07-27
|
* SSH code cleanupLuca Deri2020-07-25
|
* added other ssh implementations to checkMrRadix2020-07-24
|
* added cipher checkMrRadix2020-07-22
|
* Resolved conflicts on fetchMrRadix2020-07-22
|\
| * Added changes for handlign SSSH cipher detectionLuca Deri2020-07-22
| |
* | fixed bug inside set bit macro callMrRadix2020-07-22
| |
* | added sscanf error handlingMrRadix2020-07-22
| |
* | improved performance and legibilityMrRadix2020-07-22
| |
* | Merge remote-tracking branch 'ntop_origin/dev' into devMrRadix2020-07-22
|\|
| * User agent detection improvementsLuca Deri2020-07-21
| |
* | improved performance by removing linear scanMrRadix2020-07-22
| |
* | added ssh_analyse_signature_version and ssh_has_old_signature for check old ↵MrRadix2020-07-21
|/ | | | signature version of ssh
* Added skeleton for checking SSH signatureLuca Deri2020-07-20
|
* Fix for invalid boundary checkLuca Deri2020-07-17
|
* Check for avoiding buffer overflow in netbios dissectorLuca Deri2020-07-14
|
* Fixed race condition in ndpi_ssl_version2str() caused by static qualifier in ↵Toni Uhlig2020-07-11
| | | | | | | | | the version string buffer. * added also GREASE supported tls versions as specified in https://tools.ietf.org/html/draft-davidben-tls-grease-01#page-4 Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fixed thunder protocol detection heap overflow caused by missing lengthcheck.Toni Uhlig2020-07-08
| | | | | | * triggered by fuzz traces from wireshark Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Merge pull request #932 from IvanNardi/logLuca Deri2020-07-07
|\ | | | | Log
| * Incorporated some feedbackNardi Ivan2020-07-01
| |
| * mqtt: add boundary check in log messageNardi Ivan2020-06-26
| |
| * Fix compilation with --enable-debug-messages flagNardi Ivan2020-06-26
| | | | | | | | | | | | | | | | | | | | | | | | NDPI_LOG* macros dereference ndpi_detection_module_struct object which is private to ndpi library (via NDPI_LIB_COMPILATION define). So we can't use them outside the library itself, i.e. in ndpiReader code Therefore, in files in example/, convert all (rare) uses of NDPI_LOG* macros to a new very simple macro, private to ndpiReader program. If necessary, such macro may be improved. According to a comment in ndpi_define.h, each dissector must define its own NDPI_CURRENT_PROTO macro before including ndpi_api.h file
* | Improved HTTP line parsing if request splitted into multiple packets.Toni Uhlig2020-07-05
| | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* | Fixed heap overflow in tls esni extraction triggered by manipulated packets.Toni Uhlig2020-06-29
| | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* | TLS: extract JA3 signatures in some corner casesNardi Ivan2020-06-28
| | | | | | | | | | In some (rare) cases, Client Hello message contains lots of cipher suits.
* | Fixed off-by-one error in h323.Toni Uhlig2020-06-27
| | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* | Added malformed packet risk supportLuca Deri2020-06-26
|/
* CentOS6 fix (santize won't work as too old system)lucaderi2020-06-25
| | | | Fixes warning
* Fixed missing length check in fbzero.Toni Uhlig2020-06-23
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fixes #906Luca Deri2020-06-22
| | | | Packet bins are not printed wehn empty
* Merge pull request #920 from lnslbrty/fix/tls-rdn-crashLuca Deri2020-06-19
|\ | | | | Fixed stack overflow caused by missing length check
| * Fixed stack overflow caused by missing length checkToni Uhlig2020-06-18
| | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* | Fixed API documentation: packet tiestamp is expressed in millisecondsLuca Deri2020-06-18
| |
* | Added checks for DGA detectionLuca Deri2020-06-17
|/
* Added DGA risk for names that look like a DGALuca Deri2020-06-11
|
Powered by cgit, Themed by Ted Yin.