From 7086197047f3b342f650b91374c322615693c888 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Wed, 9 Sep 2020 23:25:19 +0200 Subject: Added extension to detect nested subdomains as used in Browsertunnel attack tool https://github.com/veggiedefender/browsertunnel --- tests/result/dns_long_domainname.pcap.out | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 tests/result/dns_long_domainname.pcap.out (limited to 'tests/result/dns_long_domainname.pcap.out') diff --git a/tests/result/dns_long_domainname.pcap.out b/tests/result/dns_long_domainname.pcap.out new file mode 100644 index 000000000..fd2e5950f --- /dev/null +++ b/tests/result/dns_long_domainname.pcap.out @@ -0,0 +1,3 @@ +Google 2 262 1 + + 1 UDP 192.168.1.168:65311 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][cat: Web/5][1 pkts/103 bytes <-> 1 pkts/159 bytes][Goodput ratio: 59/73][0.02 sec][Host: gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com][::][Risk: ** Suspicious DGA domain name **][PLAIN TEXT (fhkfhsdkfhsk)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] -- cgit v1.2.3