aboutsummaryrefslogtreecommitdiff
path: root/tests/pcap
Commit message (Collapse)AuthorAge
* Added HTTP suspicious content securirty risk (useful for tracking trickbot)Luca Deri2021-01-02
|
* Add a connectionless DCE/RPC detection (#1078)rafaliusz2020-12-08
| | | | | | | * Add connectionless DCE/RPC detection * Add DCE/RPC pcap file as well as its test result Co-authored-by: rafal <rafal.burzynski@cryptomage.com>
* Quic fixes (#1067)Ivan Nardi2020-11-22
| | | | | | | * QUIC: fix return value on error path on quic_cipher_init() * QUIC: allow dissection of sessions forcing version negotiation Enhance heuristic to avoid false positives.
* Add Virtual Asssitant (Alexa, Siri) support. (#1057)Zied Aouini2020-11-16
| | | | | | | | | | | | | | | * Add AmazonAlexa protocol. * Add AmazonAlexa test file and result. * Include pcapng as file format. * Rename Category to VirtualAssistant. * Add AppleSiri virtual assistant. * Fix pcapng test files format support. Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com>
* Add Tumblr support. (#1061)Zied Aouini2020-11-16
| | | | | | | * Add Tumblr protocol. * Add Tumblr test file and result. Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com>
* Add Reddit support. (#1060)Zied Aouini2020-11-16
| | | | | | | * Add Reddit protocol. * Add Reddit test file and result. Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com>
* Add Pinterest support. (#1059)Zied Aouini2020-11-16
| | | | | | | * Add Pinterest protocol. * Add Pinterest test file and result. Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com>
* Added support for AmongUs. (#1054)Toni2020-11-09
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Updated ESNI/SNI alarm generation prolicyLuca Deri2020-11-08
|
* :bulb: Add mongodb protocol dissector (#1048)Leonn2020-11-03
|
* QUIC: fix dissection of Initial packets coalesced with 0-RTT one (#1044)Ivan Nardi2020-11-03
| | | | | * QUIC: fix dissection of Initial packets coalesced with 0-RTT one * QUIC: fix a memory leak
* Improve skype detection (#1039)Igor Duarte2020-10-27
| | | | | | | * Add new skype pcap PCAP extracted from SkypeIRC.cap (available in https://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=SkypeIRC.cap) * Improve skype detection
* Added CPHA - CheckPoint High Availability Protocol protocl supportLuca Deri2020-10-22
|
* Fix parsing of DLT_PPP datalink type (#1042)Ivan Nardi2020-10-21
|
* Various optimizations to reduce not-necessary callsLuca Deri2020-09-24
| | | | | Optimized various UDP dissectors Removed dead protocols such as pando and pplive
* Added risks for checkingLuca Deri2020-09-21
| | | | | - invalid DNS traffic (probably carrying exfiltrated data) - TLS traffic with no SNI extension
* QUIC: add support for MVFST EXPERIMENTAL versionNardi Ivan2020-09-20
|
* Reworked MDNS dissector that is not based on the DNS dissectorLuca Deri2020-09-17
|
* Merge pull request #1014 from lnslbrty/improved/teamspeakLuca Deri2020-09-09
|\ | | | | Improved Teamspeak(3) protocol detection.
| * Improved Teamspeak(3) protocol detection.Toni Uhlig2020-09-09
| | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* | Added extension to detect nested subdomains as used in Browsertunnel attack toolLuca Deri2020-09-09
|/ | | | https://github.com/veggiedefender/browsertunnel
* Added pcap file which contains dnscrypt-v1 data and resolver update ↵Toni Uhlig2020-09-07
| | | | | | | | requests/responses (v1/v2). * Renamed dnscrypt.pcap to simple-dnscrypt.pcap Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added dnscrypt-v2-doh resolver test pcaps.Toni Uhlig2020-09-07
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* QUIC: add support for GQUIC T050 and T051Nardi Ivan2020-08-30
| | | | | | QUIC versioning wasn't complex enough without T05X family... These versions are very similar to Q050, but use TLS as their handshake protocol.
* QUIC: minor fixesNardi Ivan2020-08-24
| | | | | | LGTM found a real issue on a boundary check Fix unit tests: a pcap ha been uploaded twice (with different names) Fix compilation when using DPDK (see #990)
* Added som GQUIC and IETF QUIC test pcapsLuca Deri2020-08-22
|
* Major rework of QUIC dissectorNardi Ivan2020-08-21
| | | | | Improve support for GQUIC (up to Q046) and add support for Q050 and (IETF-)QUIC Still no sub-classification for Q050 and QUIC
* Added the ability do identigy as DGA those host/domain names with too many ↵Luca Deri2020-08-21
| | | | | | | consucutive repeated characters such as ckaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa used fr netbios reflection attacks https://www.akamai.com/uk/en/multimedia/documents/state-of-the-internet/ddos-reflection-netbios-name-server-rpc-portmap-sentinel-udp-threat-advisory.pdf
* Added (manipulated) MySQL 8 test pcap.Toni Uhlig2020-08-20
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Suspicious ESNI usage: add a comment and a pcap exampleNardi Ivan2020-08-06
| | | | See: 79b89d286605635f15edfe3c21297aaa3b5f3acf
* Improved HTTP line parsing if request splitted into multiple packets.Toni Uhlig2020-07-05
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fixed heap overflow in tls esni extraction triggered by manipulated packets.Toni Uhlig2020-06-29
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* TLS: extract JA3 signatures in some corner casesNardi Ivan2020-06-28
| | | | | In some (rare) cases, Client Hello message contains lots of cipher suits.
* Fixed off-by-one error in h323.Toni Uhlig2020-06-27
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added malformed packet risk supportLuca Deri2020-06-26
|
* Fixed missing length check in fbzero.Toni Uhlig2020-06-23
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fixed use after free caused by dangling pointerToni Uhlig2020-06-21
| | | | | | * This fix also improved RCE Injection detection Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Merge pull request #920 from lnslbrty/fix/tls-rdn-crashLuca Deri2020-06-19
|\ | | | | Fixed stack overflow caused by missing length check
| * Fixed stack overflow caused by missing length checkToni Uhlig2020-06-18
| | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* | Added GoogleDNS DoH on Android 10Luca Deri2020-06-19
| |
* | Implemented proprietary AnyDesk protocolToni Uhlig2020-06-17
|/ | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added check to avoid producing alerts for known protocol on unknown port ↵Luca Deri2020-05-30
| | | | when using TLS
* Refreshed test pcapLuca Deri2020-05-28
|
* Added support for Encrypted TLS SNI dissectionLuca Deri2020-05-28
| | | | https://datatracker.ietf.org/doc/draft-ietf-tls-sni-encryption/
* Result updateLuca Deri2020-05-27
|
* Added pcap with encrypted SNILuca Deri2020-05-27
| | | | | - https://blog.cloudflare.com/encrypted-sni/ - https://www.inmotionhosting.com/support/website/security/dns-over-https-encrypted-sni-in-firefox/
* Improvements on GotoMeetingLuca Deri2020-05-15
| | | | Added pcap for testing malware
* Added self signed certificate test pcapLuca Deri2020-05-08
|
* Updated automa API to use 32 bit values splits from protocol/categpryLuca Deri2020-05-06
|
* Removed now obsolete MSN protocolLuca Deri2020-05-03
| | | | Added nats.io protocol dissector
Powered by cgit, Themed by Ted Yin.