From 7086197047f3b342f650b91374c322615693c888 Mon Sep 17 00:00:00 2001
From: Luca Deri <deri@ntop.org>
Date: Wed, 9 Sep 2020 23:25:19 +0200
Subject: Added extension to detect nested subdomains as used in Browsertunnel
 attack tool https://github.com/veggiedefender/browsertunnel

---
 src/lib/protocols/dns.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/lib/protocols/dns.c')

diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c
index 5e6d01d69..03ac7b9d2 100644
--- a/src/lib/protocols/dns.c
+++ b/src/lib/protocols/dns.c
@@ -301,7 +301,7 @@ static void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, st
     if(j > 0) {
       ndpi_protocol_match_result ret_match;
 
-      ndpi_check_dga_name(ndpi_struct, flow, (char*)flow->host_server_name);
+      ndpi_check_dga_name(ndpi_struct, flow, (char*)flow->host_server_name, 1);
       
       ret.app_protocol = ndpi_match_host_subprotocol(ndpi_struct, flow,
 						     (char *)flow->host_server_name,
-- 
cgit v1.2.3