Commit message (Collapse) | Author | Age | ||
---|---|---|---|---|
... | ||||
* | Merge pull request #987 from lnslbrty/update/mysql-protocol-detection | Luca Deri | 2020-08-19 | |
|\ | | | | | Updated MySQL protocol detection to support server version 8. | |||
| * | Updated MySQL protocol detection to support server version 8. | Toni Uhlig | 2020-08-19 | |
| | | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
* | | Added support for SOAP. | Toni Uhlig | 2020-08-18 | |
|/ | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
* | Suspicious ESNI usage: add a comment and a pcap example | Nardi Ivan | 2020-08-06 | |
| | | | | See: 79b89d286605635f15edfe3c21297aaa3b5f3acf | |||
* | Merge pull request #973 from IvanNardi/esni3 | Luca Deri | 2020-08-06 | |
|\ | | | | | Add risk flag about suspicious ESNI usage | |||
| * | Add risk flag about suspicious ESNI usage | Nardi Ivan | 2020-08-05 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In a Client Hello, the presence of both SNI and ESNI may obfuscate the real domain of an HTTPS connection, fooling DPI engines and firewalls, similarly to Domain Fronting. Such technique is reported in a presentation at DEF CON 28: "Domain Fronting is Dead, Long Live Domain Fronting: Using TLS 1.3 to evade censors, bypass network defenses, and blend in with the noise" Full credit for the idea must go the original author At the moment, the only way to get the pdf presention and related video is via https://forum.defcon.org/node/234492 Hopefully a direct link (and an example pcap) will be available soon | |||
* | | Fixed possible memory leak in TLS certificate handling | Luca Deri | 2020-08-05 | |
|/ | ||||
* | Added check on payload lenght during extra packet processing | Luca Deri | 2020-08-04 | |
| | ||||
* | Added memory checks | Luca Deri | 2020-08-02 | |
| | ||||
* | Fixed partial TLS dissection | Luca Deri | 2020-07-30 | |
| | ||||
* | Restored TLS dissection | Luca Deri | 2020-07-30 | |
| | ||||
* | Tiny changes for TLS block lenght dissection | Luca Deri | 2020-07-29 | |
| | ||||
* | TLS dissection improvements | Luca Deri | 2020-07-28 | |
| | ||||
* | Added NDPI_SMB_INSECURE_VERSION for detecting insecure SMB versions (e.g. v1) | Luca Deri | 2020-07-27 | |
| | ||||
* | Boundary check on QUIC | Luca Deri | 2020-07-27 | |
| | ||||
* | Boundary check | Luca Deri | 2020-07-27 | |
| | ||||
* | SSH code cleanup | Luca Deri | 2020-07-25 | |
| | ||||
* | added other ssh implementations to check | MrRadix | 2020-07-24 | |
| | ||||
* | added cipher check | MrRadix | 2020-07-22 | |
| | ||||
* | Resolved conflicts on fetch | MrRadix | 2020-07-22 | |
|\ | ||||
| * | Added changes for handlign SSSH cipher detection | Luca Deri | 2020-07-22 | |
| | | ||||
* | | fixed bug inside set bit macro call | MrRadix | 2020-07-22 | |
| | | ||||
* | | added sscanf error handling | MrRadix | 2020-07-22 | |
| | | ||||
* | | improved performance and legibility | MrRadix | 2020-07-22 | |
| | | ||||
* | | Merge remote-tracking branch 'ntop_origin/dev' into dev | MrRadix | 2020-07-22 | |
|\| | ||||
| * | User agent detection improvements | Luca Deri | 2020-07-21 | |
| | | ||||
* | | improved performance by removing linear scan | MrRadix | 2020-07-22 | |
| | | ||||
* | | added ssh_analyse_signature_version and ssh_has_old_signature for check old ↵ | MrRadix | 2020-07-21 | |
|/ | | | | signature version of ssh | |||
* | Added skeleton for checking SSH signature | Luca Deri | 2020-07-20 | |
| | ||||
* | Fix for invalid boundary check | Luca Deri | 2020-07-17 | |
| | ||||
* | Check for avoiding buffer overflow in netbios dissector | Luca Deri | 2020-07-14 | |
| | ||||
* | Fixed race condition in ndpi_ssl_version2str() caused by static qualifier in ↵ | Toni Uhlig | 2020-07-11 | |
| | | | | | | | | | the version string buffer. * added also GREASE supported tls versions as specified in https://tools.ietf.org/html/draft-davidben-tls-grease-01#page-4 Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
* | Fixed thunder protocol detection heap overflow caused by missing lengthcheck. | Toni Uhlig | 2020-07-08 | |
| | | | | | | * triggered by fuzz traces from wireshark Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
* | Merge pull request #932 from IvanNardi/log | Luca Deri | 2020-07-07 | |
|\ | | | | | Log | |||
| * | Incorporated some feedback | Nardi Ivan | 2020-07-01 | |
| | | ||||
| * | mqtt: add boundary check in log message | Nardi Ivan | 2020-06-26 | |
| | | ||||
| * | Fix compilation with --enable-debug-messages flag | Nardi Ivan | 2020-06-26 | |
| | | | | | | | | | | | | | | | | | | | | | | | | NDPI_LOG* macros dereference ndpi_detection_module_struct object which is private to ndpi library (via NDPI_LIB_COMPILATION define). So we can't use them outside the library itself, i.e. in ndpiReader code Therefore, in files in example/, convert all (rare) uses of NDPI_LOG* macros to a new very simple macro, private to ndpiReader program. If necessary, such macro may be improved. According to a comment in ndpi_define.h, each dissector must define its own NDPI_CURRENT_PROTO macro before including ndpi_api.h file | |||
* | | Improved HTTP line parsing if request splitted into multiple packets. | Toni Uhlig | 2020-07-05 | |
| | | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
* | | Fixed heap overflow in tls esni extraction triggered by manipulated packets. | Toni Uhlig | 2020-06-29 | |
| | | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
* | | TLS: extract JA3 signatures in some corner cases | Nardi Ivan | 2020-06-28 | |
| | | | | | | | | | | In some (rare) cases, Client Hello message contains lots of cipher suits. | |||
* | | Fixed off-by-one error in h323. | Toni Uhlig | 2020-06-27 | |
| | | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
* | | Added malformed packet risk support | Luca Deri | 2020-06-26 | |
|/ | ||||
* | CentOS6 fix (santize won't work as too old system) | lucaderi | 2020-06-25 | |
| | | | | Fixes warning | |||
* | Fixed missing length check in fbzero. | Toni Uhlig | 2020-06-23 | |
| | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
* | Fixes #906 | Luca Deri | 2020-06-22 | |
| | | | | Packet bins are not printed wehn empty | |||
* | Merge pull request #920 from lnslbrty/fix/tls-rdn-crash | Luca Deri | 2020-06-19 | |
|\ | | | | | Fixed stack overflow caused by missing length check | |||
| * | Fixed stack overflow caused by missing length check | Toni Uhlig | 2020-06-18 | |
| | | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
* | | Fixed API documentation: packet tiestamp is expressed in milliseconds | Luca Deri | 2020-06-18 | |
| | | ||||
* | | Added checks for DGA detection | Luca Deri | 2020-06-17 | |
|/ | ||||
* | Added DGA risk for names that look like a DGA | Luca Deri | 2020-06-11 | |
| |