From 72fd94030142d277d969d1a9cff6e9c4d760cdbb Mon Sep 17 00:00:00 2001 From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> Date: Sun, 12 Jan 2025 13:24:27 +0100 Subject: Remove JA3C output from ndpiReader (#2667) Removing JA3C is an big task. Let's start with a simple change having an huge impact on unit tests: remove printing of JA3C information from ndpiReader. This way, when we will delete the actual code, the unit tests diffs should be a lot simpler to look at. Note that the information if the client/server cipher is weak or obsolete is still available via flow risk See: #2551 --- tests/cfgs/default/result/windscribe.pcapng.out | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tests/cfgs/default/result/windscribe.pcapng.out') diff --git a/tests/cfgs/default/result/windscribe.pcapng.out b/tests/cfgs/default/result/windscribe.pcapng.out index b03869317..f42e28a5d 100644 --- a/tests/cfgs/default/result/windscribe.pcapng.out +++ b/tests/cfgs/default/result/windscribe.pcapng.out @@ -29,4 +29,4 @@ JA Host Stats: 1 192.168.12.156 1 - 1 TCP 192.168.12.156:42192 <-> 107.161.86.132:443 [proto: 91.429/TLS.Windscribe][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: VPN/2][12 pkts/3075 bytes <-> 12 pkts/6507 bytes][Goodput ratio: 74/88][1.17 sec][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.358 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 85/65 225/244 91/99][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 256/542 853/1514 219/579][Risk: ** Self-signed Cert **** Weak TLS Cipher **** Missing SNI TLS Extn **** ALPN/SNI Mismatch **][Risk Score: 300][Risk Info: SNI should always be present / h2 / Cipher TLS_RSA_WITH_AES_128_GCM_SHA256 / C=US, ST=CA, L=San Francisco, O=Windscribe, OU=IT][TCP Fingerprint: 2_64_65535_685ad951a756/Android][TLSv1.2][JA3C: 3aed7e7668a1356721767da8740f69ed][JA4: t12d1806h2_102b67c9f592_d0797edaf0d0][JA3S: 00be073a5459cc054724f5808fd7ab67 (WEAK)][Issuer: C=US, ST=CA, L=San Francisco, O=Windscribe, OU=IT Dept., CN=54.153.90.230][Subject: C=US, ST=CA, L=San Francisco, O=Windscribe, OU=IT Dept., CN=54.153.90.230][Certificate SHA-1: A5:6B:13:F0:68:BE:8C:0F:54:C9:15:A7:D6:68:75:F7:3F:49:92:DE][Validity: 2015-02-24 00:26:59 - 2031-07-30 00:26:59][Cipher: TLS_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,21,6,6,6,13,0,6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,6,0,0,0,6,0,0,0,0,0,0,0,0,13,0,0] + 1 TCP 192.168.12.156:42192 <-> 107.161.86.132:443 [proto: 91.429/TLS.Windscribe][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: VPN/2][12 pkts/3075 bytes <-> 12 pkts/6507 bytes][Goodput ratio: 74/88][1.17 sec][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.358 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 85/65 225/244 91/99][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 256/542 853/1514 219/579][Risk: ** Self-signed Cert **** Weak TLS Cipher **** Missing SNI TLS Extn **** ALPN/SNI Mismatch **][Risk Score: 300][Risk Info: SNI should always be present / h2 / Cipher TLS_RSA_WITH_AES_128_GCM_SHA256 / C=US, ST=CA, L=San Francisco, O=Windscribe, OU=IT][TCP Fingerprint: 2_64_65535_685ad951a756/Android][TLSv1.2][JA4: t12d1806h2_102b67c9f592_d0797edaf0d0][JA3S: 00be073a5459cc054724f5808fd7ab67][Issuer: C=US, ST=CA, L=San Francisco, O=Windscribe, OU=IT Dept., CN=54.153.90.230][Subject: C=US, ST=CA, L=San Francisco, O=Windscribe, OU=IT Dept., CN=54.153.90.230][Certificate SHA-1: A5:6B:13:F0:68:BE:8C:0F:54:C9:15:A7:D6:68:75:F7:3F:49:92:DE][Validity: 2015-02-24 00:26:59 - 2031-07-30 00:26:59][Cipher: TLS_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,21,6,6,6,13,0,6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,6,0,0,0,6,0,0,0,0,0,0,0,0,13,0,0] -- cgit v1.2.3