From 879cec94b2e28c2b1a0285a7c56b6c7ff4f0e75d Mon Sep 17 00:00:00 2001
From: Luca Deri <deri@ntop.org>
Date: Tue, 21 Jul 2020 12:06:34 +0200
Subject: User agent detection improvements

---
 src/lib/protocols/http.c | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

(limited to 'src/lib/protocols')

diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c
index 8f74d22ad..2b96e55b4 100644
--- a/src/lib/protocols/http.c
+++ b/src/lib/protocols/http.c
@@ -262,12 +262,18 @@ static void ndpi_check_user_agent(struct ndpi_detection_module_struct *ndpi_stru
 				  char *ua) {
   if((!ua) || (ua[0] == '\0')) return;
 
-  // printf("[%s:%d] ==> '%s'\n", __FILE__, __LINE__, ua);
-
+  // printf("***** [%s:%d] ==> '%s'\n", __FILE__, __LINE__, ua);
+  // printf("***** %u\n", ndpi_check_dga_name(ndpi_struct, NULL, "uclient-fetch]"));
+    
   if((strlen(ua) < 4)
-     || (!strcmp(ua, "test"))
-     || (!strcmp(ua, "<?"))
-     || ndpi_match_bigram(ndpi_struct, &ndpi_struct->bigrams_automa, ua)) {
+     || (!strncmp(ua, "test", 4))
+     || (!strncmp(ua, "<?", 2))
+     || strchr(ua, ';')
+     || strchr(ua, '{')
+     || strchr(ua, '}')
+     || ndpi_check_dga_name(ndpi_struct, NULL, ua)
+     // || ndpi_match_bigram(ndpi_struct, &ndpi_struct->impossible_bigrams_automa, ua)
+     ) {
     NDPI_SET_BIT(flow->risk, NDPI_HTTP_SUSPICIOUS_USER_AGENT);
   }
 }
-- 
cgit v1.2.3