aboutsummaryrefslogtreecommitdiff
path: root/tests
Commit message (Collapse)AuthorAge
...
* Improved DGA detection with trigrams. Disadvantage: slower startup timeLuca Deri2021-03-03
| | | | | Reworked Tor dissector embedded in TLS (fixes #1141) Removed false positive on HTTP User-Agent
* DTLS: improve support (#1146)Ivan Nardi2021-03-02
| | | | | | | * DTLS: add some pcap tests * DTLS: fix parsing of Client/Server Helllo message * DTLS: add parsing of server certificates
* QUIC: fix mvfst-27 test (#1145)Ivan Nardi2021-03-02
| | | | Regardless of its name, quic-mvfst-27 trace doesn't contain mvfst-27 traffic
* Added NDPI_MALICIOUS_SHA1 flow risk. (#1142)Toni2021-02-26
| | | | | | * An external file which contains known malicious SSL certificate SHA-1 hashes can be loaded via ndpi_load_malicious_sha1_file(...) Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Improved DNS dissectorLuca Deri2021-02-26
|
* Modified JA3 fingerprint messageLuca Deri2021-02-24
|
* Added NDPI_MALICIOUS_JA3 flow riskLuca Deri2021-02-22
| | | | Added ndpi_load_malicious_ja3_file() API call
* Implemented TLS Certificate Sibject matchingLuca Deri2021-02-22
| | | | Improved AnyDesk detection
* Added new data for risky domains testLuca Deri2021-02-21
|
* Added risky domain flow-risk supportLuca Deri2021-02-21
|
* Improved nDPI string matching algorithmLuca Deri2021-02-18
|
* STUN improvementsLuca Deri2021-02-10
|
* Fixed CPHA missing protocol initializationLuca Deri2021-02-10
| | | | Improved IEC104 and IRC detection
* IRC test filesLuca Deri2021-02-09
|
* (Temporarely) Disabled fragment manager (#1129)Luca Deri2021-02-05
|
* Partial fix for #1129Luca Deri2021-02-05
|
* Improved (partial) TLS dissectionLuca Deri2021-02-04
|
* Fix utests when "--disable-gcrypt" flag is used (#1128)Ivan Nardi2021-02-04
| | | Fix: d6684f4b
* Added fuzzy targets conditional in tests/do.sh.in which prevents the fuzzer ↵Toni2021-02-04
| | | | | | | | | from running if nDPI was configured previously --enable-fuzztargets but not for the current config (may produce invalid results). (#1126) * fixed possible NULL pointer dereference for memcpy(), src pointer should never be NULL Signed-off-by: Toni Uhlig <matzeton@googlemail.com> Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com>
* Updated resultsLuca Deri2021-02-03
|
* Added test pcapLuca Deri2021-02-03
|
* Updated results due to the new fragment manager handlerLuca Deri2021-02-03
|
* Added pcap for testing fragments reassemblyLuca Deri2021-02-03
|
* Disable tests that require libgcrypt if --disable-gcrypt set. (#1121)Toni2021-01-21
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Rewored UPnP protocol that in essence was WSD hence it has been renamedLuca2021-01-20
| | | | Cleaned up TLS code for DTLS detection by defining a new DTLS protocol
* Improves STUN dissection removing an invalid termination condition that ↵Luca Deri2021-01-13
| | | | prevented Skype calls to be properly identified
* QUIC: add suppport for DNS-over-QUIC (#1107)Ivan Nardi2021-01-07
| | | | | | | | | Even if it is only an early internet draft, DoQ has already (at least) one deployed implementation. See: https://www.zdnet.com/article/ad-blocker-adguard-deploys-worlds-first-dns-over-quic-resolver/ Draft: https://tools.ietf.org/html/draft-huitema-dprive-dnsoquic-00 In the future, if this protocol will be really used, it might be worth to rename NDPI_PROTOCOL_DOH_DOT in NDPI_PROTOCOL_DOH_DOT_DOQ
* QUIC: improve handling of SNI (#1105)Ivan Nardi2021-01-07
| | | | | | | | | | | | | * QUIC: SNI should be always saved in flow->protos.stun_ssl.ssl.client_requested_server_name Close #1077 * QUIC: fix matching of custom categories * QUIC: add NDPI_TLS_MISSING_SNI support for older GQUIC versions * QUIC: fix serialization * QUIC: add DGA check for older GQUIC versions
* Split HTTP request from response Content-Type. Request Content-Type should ↵Luca Deri2021-01-06
| | | | be present with POSTs and not with other methods such as GET
* QUIC: update to draft-33 (#1104)Ivan Nardi2021-01-04
| | | QUIC (final!?) constants for v1 are defined in draft-33
* Remove FB_ZERO protocol (#1102)Ivan Nardi2021-01-04
| | | | | | FB_ZERO was an experimental protocol run by Facebook. They switched to QUIC/TLS1.3 more than 2 years ago; no one ever used it but them so it is definitely dead. See: https://engineering.fb.com/2018/08/06/security/fizz/
* Added TLS test with long certificateLuca Deri2021-01-04
|
* Added HTTP suspicious content securirty risk (useful for tracking trickbot)Luca Deri2021-01-02
|
* Restored QUIC statsLuca Deri2020-12-30
|
* Fixed output when tLS (nad not QUIC) is usedLuca Deri2020-12-28
|
* Introduced fix on TLS for discarding traffic out of sequence that might ↵Luca Deri2020-12-22
| | | | invalidate dissection
* Improved HTTP dissectionLuca Deri2020-12-16
|
* Add a connectionless DCE/RPC detection (#1078)rafaliusz2020-12-08
| | | | | | | * Add connectionless DCE/RPC detection * Add DCE/RPC pcap file as well as its test result Co-authored-by: rafal <rafal.burzynski@cryptomage.com>
* Fixes #1029Luca Deri2020-11-27
|
* Quic fixes (#1067)Ivan Nardi2020-11-22
| | | | | | | * QUIC: fix return value on error path on quic_cipher_init() * QUIC: allow dissection of sessions forcing version negotiation Enhance heuristic to avoid false positives.
* Updated resultsLuca Deri2020-11-16
|
* Add Virtual Asssitant (Alexa, Siri) support. (#1057)Zied Aouini2020-11-16
| | | | | | | | | | | | | | | * Add AmazonAlexa protocol. * Add AmazonAlexa test file and result. * Include pcapng as file format. * Rename Category to VirtualAssistant. * Add AppleSiri virtual assistant. * Fix pcapng test files format support. Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com>
* Implement DGA detection performances tracking workflow. (#1064)Zied Aouini2020-11-16
| | | | | | | | | | | | | * Implement dga evaluation helper. * Add test set for DGA classification. * Add DGA classification performances tracking as part of Travis. * Add DGA evaluation doc. * Fix CI on OSX. * Add missing backquote.
* Improve subprotocols detection. (#1062)Zied Aouini2020-11-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Improve Spotify detection. * Improve Skype detection. * Improve Microsoft detection. * Fix Microsoft detection categories. * Improve Waze detection. * Improve Apple detection. * Improve WindowsUpdate detection. * Improve TikTok detection. * Improve Teams detection. * Improve Youtube detection. * Improve Messenger detection. * Improve Twitch detection. * Improve Hulu detection. * Improve Facebook detection. * Improve AmazonVideo detection.
* Add Tumblr support. (#1061)Zied Aouini2020-11-16
| | | | | | | * Add Tumblr protocol. * Add Tumblr test file and result. Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com>
* Add Reddit support. (#1060)Zied Aouini2020-11-16
| | | | | | | * Add Reddit protocol. * Add Reddit test file and result. Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com>
* Add Pinterest support. (#1059)Zied Aouini2020-11-16
| | | | | | | * Add Pinterest protocol. * Add Pinterest test file and result. Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com>
* Renumbered AmongUs protocolLuca Deri2020-11-09
|
* Added support for AmongUs. (#1054)Toni2020-11-09
| | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Updated ESNI/SNI alarm generation prolicyLuca Deri2020-11-08
|
Powered by cgit, Themed by Ted Yin.