aboutsummaryrefslogtreecommitdiff
path: root/tests
Commit message (Collapse)AuthorAge
...
| * | Improved Teamspeak(3) protocol detection.Toni Uhlig2020-09-09
| |/ | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* / Added extension to detect nested subdomains as used in Browsertunnel attack toolLuca Deri2020-09-09
|/ | | | https://github.com/veggiedefender/browsertunnel
* Added pcap file which contains dnscrypt-v1 data and resolver update ↵Toni Uhlig2020-09-07
| | | | | | | | requests/responses (v1/v2). * Renamed dnscrypt.pcap to simple-dnscrypt.pcap Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added dnscrypt-v2-doh resolver test pcaps.Toni Uhlig2020-09-07
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fixed false positive detection for Skype.SkypeCall (affects at least Cisco ↵Toni Uhlig2020-09-02
| | | | | | HSRP and RADIUS). Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Merge pull request #999 from IvanNardi/quicLuca Deri2020-08-30
|\ | | | | QUIC: add support for GQUIC T050 and T051
| * QUIC: add support for GQUIC T050 and T051Nardi Ivan2020-08-30
| | | | | | | | | | | | QUIC versioning wasn't complex enough without T05X family... These versions are very similar to Q050, but use TLS as their handshake protocol.
* | Added new risk for NDPI_UNSAFE_PROTOCOL that identifies protocols that are ↵Luca Deri2020-08-30
|/ | | | not condidered safe/secure
* Stddev calculation changesLuca Deri2020-08-30
|
* Fixed false positive in suspicous user agentLuca Deri2020-08-30
| | | | Optimized stddev calculation
* QUIC: minor fixesNardi Ivan2020-08-24
| | | | | | LGTM found a real issue on a boundary check Fix unit tests: a pcap ha been uploaded twice (with different names) Fix compilation when using DPDK (see #990)
* Creared IoT-Scada categoryLuca Deri2020-08-23
| | | | Minor dnp3 changes
* Added som GQUIC and IETF QUIC test pcapsLuca Deri2020-08-22
|
* Add sub-classification for GQUIC >= Q050 and (IETF-)QUICNardi Ivan2020-08-21
| | | | | | | | | | | Add QUIC payload and header decryption: most of the crypto code has been "copied-and-incolled" from Wireshark. That code has been clearly marked as such. All credits for that code should go to the original authors. I tried to keep the Wireshark code as similar as possible to the original, comments included, to ease future backporting of fixes. Inevitably, glibc data types and data structures, tvbuff abstraction and allocation functions have been converted.
* Major rework of QUIC dissectorNardi Ivan2020-08-21
| | | | | Improve support for GQUIC (up to Q046) and add support for Q050 and (IETF-)QUIC Still no sub-classification for Q050 and QUIC
* Added new check for detecting suspicious (too long) namesLuca Deri2020-08-21
|
* Added the ability do identigy as DGA those host/domain names with too many ↵Luca Deri2020-08-21
| | | | | | | consucutive repeated characters such as ckaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa used fr netbios reflection attacks https://www.akamai.com/uk/en/multimedia/documents/state-of-the-internet/ddos-reflection-netbios-name-server-rpc-portmap-sentinel-udp-threat-advisory.pdf
* MySQL8 updateLuca Deri2020-08-21
|
* Added (manipulated) MySQL 8 test pcap.Toni Uhlig2020-08-20
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Merge pull request #974 from IvanNardi/esni4Luca Deri2020-08-13
|\ | | | | Suspicious ESNI usage: add a comment and a pcap example
| * Suspicious ESNI usage: add a comment and a pcap exampleNardi Ivan2020-08-06
| | | | | | | | See: 79b89d286605635f15edfe3c21297aaa3b5f3acf
* | Fixes invalid detection on traffic on non standard portsLuca Deri2020-08-12
|/
* Added new traffic category for connectivity check detectionLuca Deri2020-08-04
|
* Fixed partial TLS dissectionLuca Deri2020-07-30
|
* Changed due to bin size extensionLuca Deri2020-07-30
|
* TLS dissection improvementsLuca Deri2020-07-28
|
* Added NDPI_SMB_INSECURE_VERSION for detecting insecure SMB versions (e.g. v1)Luca Deri2020-07-27
|
* SSH code cleanupLuca Deri2020-07-25
|
* User agent detection improvementsLuca Deri2020-07-21
|
* Fixed makefile error messageLuca Deri2020-07-13
| | | | Code hardedning fix
* Fixed race condition in ndpi_ssl_version2str() caused by static qualifier in ↵Toni Uhlig2020-07-11
| | | | | | | | | the version string buffer. * added also GREASE supported tls versions as specified in https://tools.ietf.org/html/draft-davidben-tls-grease-01#page-4 Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Updated test results due to bin changesLuca Deri2020-07-09
|
* Merge pull request #951 from lnslbrty/fix/ossfuzzerLuca Deri2020-07-06
|\ | | | | ossfuzz.sh: do not use wildcards for fuzzer e.g. fuzz/fuzz*
| * ossfuzz.sh: do not use wildcards for fuzzer e.g. fuzz/fuzz*Toni Uhlig2020-07-05
| | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* | Merge pull request #950 from lnslbrty/improved/http-line-parsingLuca Deri2020-07-06
|\ \ | | | | | | Improved HTTP line parsing if request splitted into multiple packets.
| * | Improved HTTP line parsing if request splitted into multiple packets.Toni Uhlig2020-07-05
| |/ | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* | Merge pull request #940 from lnslbrty/fix/small-and-optimistic-improvmentsLuca Deri2020-07-06
|\ \ | |/ |/| Fixed CodeInspector issues.
| * Fixed CodeInspector issues.Toni Uhlig2020-07-05
| | | | | | | | | | | | | | | | | | * Added compiler search list for AC_PROG_CC, AM_PROG_CC_C_O, AC_PROG_CXX, AC_PROG_CC_STDC for Mac OS X only The list rendered the AX_CHECK_COMPILE_FLAG([-fsanitize=fuzzer]) useless as it did use clang for AX_CHECK_COMPILE_FLAG but gcc during the compile process. Seems broken somehow. Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* | Merge pull request #943 from lnslbrty/fix/missing-lengthcheck-in-tls-esniLuca Deri2020-07-01
|\ \ | | | | | | Fixed heap overflow in tls esni extraction triggered by manipulated p…
| * | Fixed heap overflow in tls esni extraction triggered by manipulated packets.Toni Uhlig2020-06-29
| |/ | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* / Copy&Paste ./tests/ossfuzz.sh from https://github.com/google/oss-fuzz/pull/4041Toni Uhlig2020-06-29
|/ | | | | | | | * Changing the OSS-Fuzz script from our side is much more easier then opening a PR to google/oss-fuzz every time we have to change a single line. * https://github.com/google/oss-fuzz/pull/4041 will be updated once this PR is merged Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Improved fuzz_ndpi_reader which supports now SMP/MT w/o race-coniditions.Toni Uhlig2020-06-29
| | | | | | | ./tests/do.sh can supports SMP/MT via environment variables. Removed -fno-sanitize=shift as well, was fixed by 317d3ffd. Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Update test resultsNardi Ivan2020-06-28
|
* DNP3: add missing initializationNardi Ivan2020-06-28
|
* TLS: extract JA3 signatures in some corner casesNardi Ivan2020-06-28
| | | | | In some (rare) cases, Client Hello message contains lots of cipher suits.
* Fixed off-by-one error in h323.Toni Uhlig2020-06-27
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* fixed fuzzing tests in a way that ./tests/do.sh is now able to use corpus ↵Toni Uhlig2020-06-27
| | | | | | *.pcap files from ./tests/pcap Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added malformed packet risk supportLuca Deri2020-06-26
|
* Merge pull request #927 from lnslbrty/fix/fbzero-missing-length-checkLuca Deri2020-06-24
|\ | | | | Fixed missing length check in fbzero.
| * Fixed missing length check in fbzero.Toni Uhlig2020-06-23
| | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Powered by cgit, Themed by Ted Yin.