aboutsummaryrefslogtreecommitdiff
path: root/tests
Commit message (Collapse)AuthorAge
...
* Improved RTSP via HTTP detection. (#1232)Toni2021-07-06
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Improve content match lists (#1226)Ivan Nardi2021-07-05
| | | | | | Add support for Likee app (https://likee.video/) and GitLab Improve detection of Google domains ("gtv1.com" added in 6dd42d19f was likely a typo) Improve Snapchat and Tiktok detection
* Improved Z39.50 detection. (#1225)Toni2021-07-05
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added Z39.50 protocol. (#1219)Toni2021-06-29
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* QUIC: add basic support for fragmented Client Hello (#1216)Ivan Nardi2021-06-24
| | | | Only in-order and non overlapping fragments are handled See #1195
* Addesses partial application matching (#1207)Luca Deri2021-06-21
|
* New testing pcap with syn scan attackLuca2021-06-08
|
* Fixed expected outputLuca Deri2021-06-03
|
* Renamed Skyp in Skype_Teams as the protocol is now shared across these appsLuca Deri2021-06-02
|
* Improved TLS browser detection heuristicsLuca Deri2021-05-19
|
* Added flow risk scoreLuca Deri2021-05-18
|
* Reworked human readeable string search in flowsLuca Deri2021-05-17
| | | | Removed fragment manager code
* Updated protocol categoryLuca Deri2021-05-15
|
* Added TLS certifiacate cachingLuca Deri2021-05-15
| | | | Added Fortigate protocol
* Converted some test .pcapng files to pcap formatLuca Deri2021-05-13
|
* Added browser TLS heuristicLuca Deri2021-05-13
|
* Improved SSL certificate name wildcard handling and risk. #1182 (#1183)Toni2021-05-11
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* TLS: fix another use-of-uninitialized-value error in ClientHello parsing (#1179)Ivan Nardi2021-05-09
| | | | | | | | | | | | Error detected with valgrind. ==13127== Conditional jump or move depends on uninitialised value(s) ==13127== at 0x483EF58: strlen (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==13127== by 0x1A93B6: ndpi_strdup (ndpi_main.c:159) ==13127== by 0x1C07CC: processClientServerHello (tls.c:1678) ==13127== by 0x1C0C4C: processTLSBlock (tls.c:712) ==13127== by 0x1C0C4C: ndpi_search_tls_tcp.part.0 (tls.c:849) See also 8c3674e9
* Fixed invalid DNS dissectionLuca Deri2021-04-26
|
* Removed protocol space in Genshin ImpactLuca Deri2021-04-25
|
* Add Genshin Impact protocol. (#1173)Toni2021-04-25
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Add HP Virtual Machine Group Management (hpvirtgrp) protocol. (#1170)Toni2021-04-20
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* TLS: fix some use-of-uninitialized-value errors in ClientHello parsing (#1169)Ivan Nardi2021-04-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Error detected with valgrind. ==125883== Conditional jump or move depends on uninitialised value(s) ==125883== at 0x438F57: processClientServerHello (tls.c:1421) ==125883== by 0x43B35A: processTLSBlock (tls.c:712) ==125883== by 0x43B1C4: ndpi_search_tls_tcp (tls.c:849) ==125883== by 0x42C60B: check_ndpi_detection_func (ndpi_main.c:4426) ==125883== by 0x42E920: ndpi_detection_process_packet (ndpi_main.c:5301) ==125916== Conditional jump or move depends on uninitialised value(s) ==125916== at 0x438D7D: processClientServerHello (tls.c:1379) ==125916== by 0x43B35A: processTLSBlock (tls.c:712) ==125916== by 0x43B1C4: ndpi_search_tls_tcp (tls.c:849) ==125916== by 0x42C60B: check_ndpi_detection_func (ndpi_main.c:4426) ==125932== Conditional jump or move depends on uninitialised value(s) ==125932== at 0x438C1D: processClientServerHello (tls.c:1298) ==125932== by 0x43B35A: processTLSBlock (tls.c:712) ==125932== by 0x43B1C4: ndpi_search_tls_tcp (tls.c:849) ==125932== by 0x42C60B: check_ndpi_detection_func (ndpi_main.c:4426) ==125950== Conditional jump or move depends on uninitialised value(s) ==125950== at 0x438D4F: processClientServerHello (tls.c:1371) ==125950== by 0x43B35A: processTLSBlock (tls.c:712) ==125950== by 0x43B1C4: ndpi_search_tls_tcp (tls.c:849) ==125950== by 0x42C079: check_ndpi_detection_func (ndpi_main.c:4443)
* Fix detunneling of GTP-U traffic (#1168)Ivan Nardi2021-04-18
| | | | | Fuzzing #1161 exposed some (completely unrelated) issues on GTP-U detunneling code. (see https://github.com/ntop/nDPI/actions/runs/719882047)
* Added NDPI_DESKTOP_OR_FILE_SHARING_SESSION risk to remote protocols for ↵Luca Deri2021-04-12
| | | | remote assistance sessions
* Improved mining resultsLuca Deri2021-03-30
|
* Refactored nDPI subprotocol handling and aimini protocol detection. (#1156)Toni2021-03-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Refactored and merged callback buffer routines for non-udp-tcp / udp / tcp / tcp-wo-payload. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Try to detect one subprotocol if a detected protocol can have one. * This adds a performance overhead due to much more protocol detection routine calls. See #1148 for more information. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Refactor subprotocol handling (1/2). Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Refactor subprotocol handling (2/2). Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Prevent some code duplication by using macros for ndpi_int_one_line_struct string comparision. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Refactored aimini HTTP detection parts (somehow related to #1148). Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Added aimini client/server test pcap. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> * Removed master protocol as it was only used for STUN and via also removed API function ndpi_get_protocol_id_master_proto * Adjusted Python code to conform to the changes made during the refactoring process. Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Better DGA detection (slightly decreased accuracy)Luca Deri2021-03-20
|
* Reworked JA3Luca Deri2021-03-19
|
* Add support for Snapchat voip calls (#1147)Ivan Nardi2021-03-06
| | | | | | | | | * Add support for Snapchat voip calls Snapchat multiplexes some of its audio/video real time traffic with QUIC sessions. The peculiarity of these sessions is that they are Q046 and don't have any SNI. * Fix tests with libgcrypt disabled
* Improved DGA detectionLuca Deri2021-03-03
| | | | | | | | Before Accuracy 66%, Precision 86%, Recall 38% After Accuracy 71%, Precision 89%, Recall 49%
* Added verbose optionLuca2021-03-03
|
* Removed check for knowns protocols (major and app protocols)Luca Deri2021-03-03
|
* Improved DGA detection with trigrams. Disadvantage: slower startup timeLuca Deri2021-03-03
| | | | | Reworked Tor dissector embedded in TLS (fixes #1141) Removed false positive on HTTP User-Agent
* DTLS: improve support (#1146)Ivan Nardi2021-03-02
| | | | | | | * DTLS: add some pcap tests * DTLS: fix parsing of Client/Server Helllo message * DTLS: add parsing of server certificates
* QUIC: fix mvfst-27 test (#1145)Ivan Nardi2021-03-02
| | | | Regardless of its name, quic-mvfst-27 trace doesn't contain mvfst-27 traffic
* Added NDPI_MALICIOUS_SHA1 flow risk. (#1142)Toni2021-02-26
| | | | | | * An external file which contains known malicious SSL certificate SHA-1 hashes can be loaded via ndpi_load_malicious_sha1_file(...) Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Improved DNS dissectorLuca Deri2021-02-26
|
* Modified JA3 fingerprint messageLuca Deri2021-02-24
|
* Added NDPI_MALICIOUS_JA3 flow riskLuca Deri2021-02-22
| | | | Added ndpi_load_malicious_ja3_file() API call
* Implemented TLS Certificate Sibject matchingLuca Deri2021-02-22
| | | | Improved AnyDesk detection
* Added new data for risky domains testLuca Deri2021-02-21
|
* Added risky domain flow-risk supportLuca Deri2021-02-21
|
* Improved nDPI string matching algorithmLuca Deri2021-02-18
|
* STUN improvementsLuca Deri2021-02-10
|
* Fixed CPHA missing protocol initializationLuca Deri2021-02-10
| | | | Improved IEC104 and IRC detection
* IRC test filesLuca Deri2021-02-09
|
* (Temporarely) Disabled fragment manager (#1129)Luca Deri2021-02-05
|
* Partial fix for #1129Luca Deri2021-02-05
|
* Improved (partial) TLS dissectionLuca Deri2021-02-04
|
Powered by cgit, Themed by Ted Yin.