2025-09-14 21:52:36 +00:00
|
|
|
|
# 【M22项目】Giti VPN特征提取
|
|
|
|
|
|
|
|
|
|
|
|
| ID | Creation Date | Assignee | Status |
|
|
|
|
|
|
|----|----------------|----------|--------|
|
|
|
|
|
|
| OSS-328 | 2024-07-24T14:34:21.000+0800 | 钮昌 | 完成 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
|
|
1、Giti VPN特征提取
|
|
|
|
|
|
|
|
|
|
|
|
2、可以使用44.228环境进行特征提取,BJ环境进行误封测试
|
|
|
|
|
|
|
|
|
|
|
|
3、[https://docs.geedge.net/pages/viewpage.action?pageId=129101971]
|
|
|
|
|
|
|
|
|
|
|
|
4、[~niuchang] 和[~wangshiyang] 一起进行这个软件的特征提取**wangshiyang** commented on *2024-07-25T18:11:28.206+0800*:
|
|
|
|
|
|
|
|
|
|
|
|
使用fiddler解密,发现Giti VPN打开软件去访问[www.ggitgpnv.info|http://www.ggitgpnv.info/]域名进行初始化,点击连接也会去访问[www.ggitgpnv.info|http://www.ggitgpnv.info/]域名,获取到一个以GvgfvgiTI24.xyz(不区分大小写)结尾的域名,与该域名通信;使用$[www.ggitgpnv.info|http://www.ggitgpnv.info/]和*.GvgfvgiTI24.xyz两个域名特征即可阻断VPN;在228环境测试无CT。
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2025-09-14 22:26:17 +00:00
|
|
|
|
# Attachments
|
2025-09-14 21:52:36 +00:00
|
|
|
|
|
