gfwleak/stellar-ssl-decoder
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Feature: certificate decode

Browse Source
This commit is contained in:
liuxueli
2024-08-06 05:51:48 +00:00
parent 91ec4d1ee3
commit 4b3d68bc66
30 changed files with 3107 additions and 222 deletions
Download Patch File Download Diff File Expand all files Collapse all files

66
test/CMakeLists.txt
View File

@@ -4,7 +4,7 @@ aux_source_directory(${PROJECT_SOURCE_DIR}/deps/yyjson DEPS_SRC)
add_library(${PROJECT_NAME}_test_plug SHARED ssl_decoder_test.cpp ${DEPS_SRC})
add_dependencies(${PROJECT_NAME}_test_plug ${PROJECT_NAME})
target_link_libraries(${PROJECT_NAME}_test_plug cjson)
target_link_libraries(${PROJECT_NAME}_test_plug cjson -Wl,--no-whole-archive openssl-crypto-static -Wl,--no-whole-archive openssl-ssl-static)
set_target_properties(${PROJECT_NAME}_test_plug PROPERTIES PREFIX "")
add_executable(ssl_decoder_perf_test
@@ -12,9 +12,10 @@ add_executable(ssl_decoder_perf_test
ssl_decoder_perf_dummy.cpp
${DEPS_SRC} ssl_decoder_test.cpp
${PROJECT_SOURCE_DIR}/src/ssl_decoder.cpp
${PROJECT_SOURCE_DIR}/src/ssl_export.cpp
)
target_link_libraries(ssl_decoder_perf_test fieldstat4 pthread cjson -Wl,--no-whole-archive openssl-crypto-static -Wl,--no-whole-archive openssl-ssl-static)
target_link_libraries(ssl_decoder_perf_test fieldstat4 pthread cjson -Wl,--no-whole-archive openssl-crypto-static -Wl,--no-whole-archive openssl-ssl-static -ldl)
set(TEST_RUN_DIR ${CMAKE_CURRENT_BINARY_DIR}/sapp)
set(TEST_MAIN ${TEST_RUN_DIR}/plugin_test_main)
@@ -47,46 +48,27 @@ add_test(NAME UPDATE_TEST_SO COMMAND sh -c "cp ${CMAKE_CURRENT_BINARY_DIR}/${PRO
add_test(NAME MKDIR_PLUG_CONF COMMAND sh -c "mkdir -p ${TEST_RUN_DIR}/etc/ssl/")
add_test(NAME UPDATE_PLUG_CONF COMMAND sh -c "cp ${PROJECT_SOURCE_DIR}/bin/${PROJECT_NAME}.toml ${TEST_RUN_DIR}/etc/ssl/${PROJECT_NAME}.toml")
# set_tests_properties(INSTALL_TEST_MAIN INSTALL_STELLAR UPDATE_SAPP_LOG COPY_CONFLIST COPY_INF COPY_TEST_MAIN COPY_SPEC UPDATE_PLUG_SO UPDATE_TEST_SO MKDIR_PLUG_CONF UPDATE_PLUG_CONF PROPERTIES FIXTURES_SETUP TestFixture)
set_tests_properties(INSTALL_TEST_MAIN INSTALL_STELLAR UPDATE_SAPP_LOG COPY_CONFLIST COPY_INF COPY_TEST_MAIN COPY_SPEC UPDATE_PLUG_SO UPDATE_TEST_SO MKDIR_PLUG_CONF UPDATE_PLUG_CONF PROPERTIES FIXTURES_SETUP TestFixture)
# # run tests
# add_test(NAME MKDIR_METRICS COMMAND sh -c "mkdir -p ${TEST_RUN_DIR}/metrics/")
# add_test(NAME ssl_QUERY COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/query/query_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/query/ -name *.pcap|sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR})
# add_test(NAME ssl_CNAME COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/cname/cname_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/cname/ -name *.pcap|sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR})
# add_test(NAME ssl_NSEC_RR COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/nsec/nsec_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/nsec/ -name *.pcap|sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR})
# add_test(NAME ssl_NSEC_10_1_RR COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/nsec_10_1/nsec_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/nsec_10_1/ -name *.pcap|sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR})
# add_test(NAME ssl_NSEC3_RR COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/nsec3/nsec3_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/nsec3/ -name *.pcap|sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR})
# add_test(NAME ssl_PTR COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/ptr/ptr_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/ptr/ -name *.pcap|sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR})
# add_test(NAME ssl_SRV COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/srv/srv_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/srv/ -name *.pcap|sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR})
# add_test(NAME ssl_TXT COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/txt/txt_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/txt/ -name *.pcap|sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR})
# add_test(NAME ssl_HTTPS COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/https/https_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/https/ -name *.pcap|sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR})
# add_test(NAME ssl_CERT1 COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/cernet1/cernet1_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/cernet1/ -name *.pcap|sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR})
# add_test(NAME ssl_CERT2 COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/cernet2/cernet2_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/cernet2/ -name *.pcap|sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR})
# add_test(NAME ssl_SEC COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/sslsec/sslsec_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/sslsec/ -name *.pcap|sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR})
# add_test(NAME ssl_TCP_MULTI_TRANSCATION COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/multi_transcation/multi_transcation_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/multi_transcation/ -name *.pcap|sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR})
# add_test(NAME ssl_TCP_MULTI_PKT_TRANS_2BYTES COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/multi_pkt_trans_2bytes/multi_pkt_trans_2bytes_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/multi_pkt_trans_2bytes/ -name *.pcap|sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR})
# add_test(NAME ssl_TCP_LOST_PKT COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/tcp_lost_pkt/lost_pkt_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/tcp_lost_pkt/ -name *.pcap|sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR})
# add_test(NAME ssl_MULTI_SESSION COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/multi_session/multi_session_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/multi_session/ -name *.pcap|sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR})
# add_test(NAME ssl_NS_NSEC3_RRSIG_A_OPT COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/ns_nsec3_rrsig_a_opt/ns_nsec3_rrsig_a_opt_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/ns_nsec3_rrsig_a_opt/ -name *.pcap|sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR})
# add_test(NAME ssl_PORT5353 COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/port5353/port5353_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/port5353/ -name *.pcap|sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR})
add_test(NAME RUN_SSL_TEST COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/ssl/ssl_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/ssl -name '*.pcap' | sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR})
add_test(NAME RUN_E21_BUG_E21_TEST COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/e21/ssl_e21_target_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/e21/ -name '*.pcap' | sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR})
add_test(NAME RUN_E21_BUG_XXG_TEST COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/xxg/ssl_xxg_target_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/xxg/ -name '*.pcap' | sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR})
add_test(NAME RUN_BUG_TEST COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/bug/ssl_bug_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/bug/ -name '*.pcap' | sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR})
add_test(NAME RUN_MULTIPLE_HANDSHAKE_TEST COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/multiple_handshake/ssl_multiple_handshake_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/multiple_handshake/ -name '*.pcap' | sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR})
add_test(NAME RUN_CLOSE_CONTAINS_PAYLOAD_TEST COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/close_contains_payload/ssl_close_contains_payload_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/close_contains_payload/ -name '*.pcap' | sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR})
add_test(NAME RUN_EXTENSION_EXCEED_16 COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/extensions_exceed_16/extensions_exceed_16_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/extensions_exceed_16/ -name '*.pcap' | sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR})
add_test(NAME RUN_CLIENT_HELLO_FRAGMENT COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/client_hello_fragment/ssl_client_hello_fragment_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/client_hello_fragment/ -name '*.pcap' | sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR})
add_test(NAME RUN_ACK_CONTAINS_PAYLOAD COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/tcp_ack_contians_payload/ssl_tcp_ack_contians_payload_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/tcp_ack_contians_payload/ -name '*.pcap' | sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR})
# set_tests_properties(ssl_QUERY
# ssl_CNAME
# ssl_NSEC_RR
# ssl_NSEC_10_1_RR
# ssl_NSEC3_RR
# ssl_PTR
# ssl_SRV
# ssl_TXT
# ssl_HTTPS
# ssl_CERT1
# ssl_CERT2
# ssl_SEC
# ssl_TCP_MULTI_TRANSCATION
# ssl_TCP_MULTI_PKT_TRANS_2BYTES
# ssl_TCP_LOST_PKT
# ssl_MULTI_SESSION
# ssl_NS_NSEC3_RRSIG_A_OPT
# ssl_PORT5353
# PROPERTIES FIXTURES_REQUIRED TestFixture
# )
set_tests_properties(RUN_SSL_TEST
RUN_E21_BUG_E21_TEST
RUN_E21_BUG_XXG_TEST
RUN_BUG_TEST
RUN_MULTIPLE_HANDSHAKE_TEST
RUN_CLOSE_CONTAINS_PAYLOAD_TEST
RUN_EXTENSION_EXCEED_16
RUN_CLIENT_HELLO_FRAGMENT
RUN_ACK_CONTAINS_PAYLOAD
PROPERTIES FIXTURES_REQUIRED TestFixture
)

BIN
test/case/bug/1-ssl-192.168.50.52.17434.15.197.193.217.443.pcap Normal file
View File

Binary file not shown.

23
test/case/bug/ssl_bug_result.json Normal file
View File

@@ -0,0 +1,23 @@
[
{
"Tuple4": "192.168.50.52.17434>15.197.193.217.443",
"ssl_sni": "match.adsrvr.org",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"ssl_ja3s_hash": "8d2a028aa94425f76ced7826b1f39039",
"ssl_cert_version": "v3",
"ssl_cert_Issuer": "GlobalSign GCC R3 DV TLS CA 2020;GlobalSign nv-sa;;;;;BE",
"ssl_cert_IssuerCN": "GlobalSign GCC R3 DV TLS CA 2020",
"ssl_cert_IssuerO": "GlobalSign nv-sa",
"ssl_cert_IssuerC": "BE",
"ssl_cert_Sub": "*.adsrvr.org;;;;;;",
"ssl_cert_SubCN": "*.adsrvr.org",
"ssl_cert_SubAltName": "*.adsrvr.org;adsrvr.org",
"ssl_cert_SerialNum": "0x2ddaa6f359d4ce458fe983f1",
"ssl_cert_AgID": "1.2.840.113549.1.1.11",
"ssl_cert_From": "220331203750Z",
"ssl_cert_To": "230502203749Z",
"ssl_cert_SSLFPAg": "1.2.840.113549.1.1.11",
"name": "SSL_RESULT_1"
}
]

BIN
test/case/client_hello_fragment/1-ssl.client.hello.fragment.192.168.56.31.53868.74.118.186.107.443.pcap Normal file
View File

Binary file not shown.

BIN
test/case/client_hello_fragment/2-sni.client.hello.fragment.192.168.58.17.49218-23.216.55.29.443.pcap Normal file
View File

Binary file not shown.

BIN
test/case/client_hello_fragment/3-ssl.client.hello.fragment.36.251.161.167.39777-143.92.57.79.443.pcap Normal file
View File

Binary file not shown.

58
test/case/client_hello_fragment/ssl_client_hello_fragment_result.json Normal file
View File

@@ -0,0 +1,58 @@
[
{
"Tuple4": "192.168.56.31.53868>74.118.186.107.443",
"ssl_sni": "sync.targeting.unrulymedia.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "bc93a67ef4492974195865dc0262e65e",
"ssl_ja3s_hash": "b898351eb5e266aefd3723d466935494",
"ssl_cert_version": "v3",
"ssl_cert_Issuer": "Sectigo RSA Domain Validation Secure Server CA;Sectigo Limited;;Salford;;Greater Manchester;GB",
"ssl_cert_IssuerCN": "Sectigo RSA Domain Validation Secure Server CA",
"ssl_cert_IssuerO": "Sectigo Limited",
"ssl_cert_IssuerC": "GB",
"ssl_cert_IssuerP": "Greater Manchester",
"ssl_cert_IssuerL": "Salford",
"ssl_cert_Sub": "*.targeting.unrulymedia.com;;;;;;",
"ssl_cert_SubCN": "*.targeting.unrulymedia.com",
"ssl_cert_SubAltName": "*.targeting.unrulymedia.com;targeting.unrulymedia.com",
"ssl_cert_SerialNum": "0x888d5e51787e0f1f485dc542465d2034",
"ssl_cert_AgID": "1.2.840.113549.1.1.11",
"ssl_cert_From": "230510000000Z",
"ssl_cert_To": "240510235959Z",
"ssl_cert_SSLFPAg": "1.2.840.113549.1.1.11",
"name": "SSL_RESULT_1"
},
{
"Tuple4": "192.168.58.17.49218>23.216.55.29.443",
"ssl_sni": "www.missionsports.org",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "a69708a64f853c3bcc214c2c5faf84f3",
"ssl_ja3s_hash": "10a2ad147a870ef37af153dea9fe4dd3",
"ssl_cert_version": "v3",
"ssl_cert_Issuer": "DigiCert TLS RSA SHA256 2020 CA1;DigiCert Inc;;;;;US",
"ssl_cert_IssuerCN": "DigiCert TLS RSA SHA256 2020 CA1",
"ssl_cert_IssuerO": "DigiCert Inc",
"ssl_cert_IssuerC": "US",
"ssl_cert_Sub": "a248.e.akamai.net;Akamai Technologies, Inc.;;Cambridge;;Massachusetts;US",
"ssl_cert_SubCN": "a248.e.akamai.net",
"ssl_cert_SubO": "Akamai Technologies, Inc.",
"ssl_cert_SubC": "US",
"ssl_cert_SubP": "Massachusetts",
"ssl_cert_SubL": "Cambridge",
"ssl_cert_SubAltName": "a248.e.akamai.net;*.akamaized.net;*.akamaized-staging.net;*.akamaihd.net;*.akamaihd-staging.net",
"ssl_cert_SerialNum": "0x0d61f7742d583251a2b8d5a26a1dda0b",
"ssl_cert_AgID": "1.2.840.113549.1.1.11",
"ssl_cert_From": "230516000000Z",
"ssl_cert_To": "240515235959Z",
"ssl_cert_SSLFPAg": "1.2.840.113549.1.1.11",
"name": "SSL_RESULT_2"
},
{
"Tuple4": "36.251.161.167.39777>143.92.57.79.443",
"ssl_sni": "a.ywgyuv.cn",
"ssl_ech": "1",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "c3db97da3b30171e5cf9de314584b555",
"name": "SSL_RESULT_3"
}
]

BIN
test/case/close_contains_payload/1-TachyonVPN-192.168.50.28.63669-18.163.185.193.443.pcap Normal file
View File

Binary file not shown.

28
test/case/close_contains_payload/ssl_close_contains_payload_result.json Normal file
View File

@@ -0,0 +1,28 @@
[
{
"Tuple4": "192.168.50.28.63669>18.163.185.193.443",
"ssl_sni": "www.firefox.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "45b1a0eca9605cd8789cd7e1a5ccd9b0",
"ssl_ja3s_hash": "9a1de6823a92d66172ce93d309e73e4e",
"ssl_cert_version": "v3",
"ssl_cert_Issuer": "DigiCert SHA2 Secure Server CA;DigiCert Inc;;;;;US",
"ssl_cert_IssuerCN": "DigiCert SHA2 Secure Server CA",
"ssl_cert_IssuerO": "DigiCert Inc",
"ssl_cert_IssuerC": "US",
"ssl_cert_Sub": "redirect-san.mozilla.org;Mozilla Corporation;WebOps;Mountain View;;California;US",
"ssl_cert_SubCN": "redirect-san.mozilla.org",
"ssl_cert_SubO": "Mozilla Corporation",
"ssl_cert_SubC": "US",
"ssl_cert_SubP": "California",
"ssl_cert_SubL": "Mountain View",
"ssl_cert_SubU": "WebOps",
"ssl_cert_SubAltName": "leandatapractices.org;leandatapractices.com;mozilla-podcasts.org;mozilla.com;gv.dev;getfirefox.com;geckoview.dev;firefoxquantum.com;firefox.com;taskcluster.net;contributejson.org;www.firefox.com;masterfirefoxos.mozilla.org;mobilepartners.mozilla.org;www.leandatapractices.org;www.leandatapractices.com;www.getfirefox.com;mozilla.org.uk;webwewant.mozilla.org;thehub.mozilla.com;nightly.mozilla.org;pontoon.mozillalabs.com;videos.mozilla.org;videos-cdn.mozilla.net;treestatus.mozilla.org;techspeakers.mozilla.org;redirect-san.mozilla.org;input.mozilla.com;join.mozilla.org;content.mozilla.org;activations.mozilla.org;addons.mozilla.com;airmo.mozilla.org;ask.mozilla.org;aurora.mozilla.org;beta.mozilla.org;careers.mozilla.com;designlanguage.mozilla.org;input.mozilla.org;dnt.mozilla.org;events.mozilla.org;forums.mozilla.org;friends.mozilla.org;git.mozilla.org;hub.mozilla.com;hub.mozilla.org;activations.mozilla.com;www.mozilla.com",
"ssl_cert_SerialNum": "0x019d2b994ec99445c735d2a6d739e43a",
"ssl_cert_AgID": "1.2.840.113549.1.1.11",
"ssl_cert_From": "200406000000Z",
"ssl_cert_To": "210414120000Z",
"ssl_cert_SSLFPAg": "1.2.840.113549.1.1.11",
"name": "SSL_RESULT_1"
}
]

BIN
test/case/e21/1-E21-target.com-196.188.136.150-151.101.2.187.443.pcap Normal file
View File

Binary file not shown.

502
test/case/e21/ssl_e21_target_result.json Normal file
View File

@@ -0,0 +1,502 @@
[
{
"Tuple4": "10.10.10.162.55173>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_1"
},
{
"Tuple4": "10.10.10.162.55174>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_2"
},
{
"Tuple4": "10.10.10.162.55176>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_3"
},
{
"Tuple4": "10.10.10.162.55177>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_4"
},
{
"Tuple4": "10.10.10.162.55178>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_5"
},
{
"Tuple4": "10.10.10.162.55179>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_6"
},
{
"Tuple4": "10.10.10.162.55180>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_7"
},
{
"Tuple4": "10.10.10.162.55181>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_8"
},
{
"Tuple4": "10.10.10.162.55182>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_9"
},
{
"Tuple4": "10.10.10.162.55184>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_10"
},
{
"Tuple4": "10.10.10.162.55214>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_11"
},
{
"Tuple4": "10.10.10.162.55215>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_12"
},
{
"Tuple4": "10.10.10.162.55183>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"ssl_ja3s_hash": "16c0b3e6a7b8173c16d944cfeaeee9cf",
"ssl_cert_version": "v3",
"ssl_cert_Issuer": "GlobalSign Atlas R3 OV TLS CA H2 2021;GlobalSign nv-sa;;;;;BE",
"ssl_cert_IssuerCN": "GlobalSign Atlas R3 OV TLS CA H2 2021",
"ssl_cert_IssuerO": "GlobalSign nv-sa",
"ssl_cert_IssuerC": "BE",
"ssl_cert_Sub": "sites.target.com;Target Corporation;;Minneapolis;;Minnesota;US",
"ssl_cert_SubCN": "sites.target.com",
"ssl_cert_SubO": "Target Corporation",
"ssl_cert_SubC": "US",
"ssl_cert_SubP": "Minnesota",
"ssl_cert_SubL": "Minneapolis",
"ssl_cert_SubCN": "sites.target.com",
"ssl_cert_SubAltName": "sites.target.com;affiliate.target.com;android.studioconnect.live;api.studioconnect.live;apollo-metrics.target.com;assethub.partnersonline.com;assethub.target.com;awesomeshop.target.com;bex.partnersonline.com;bex.target.com;cartster.target.com;cartwheel.target.com;cartwheelws-secure.target.com;circle.target.com;connect.roundel.com;connectedcommerce.target.com;corporate.target.com;developer.target.com;dojo.target.com;doppler.partnersonline.com;elevate.target.com;extgargantua.partnersonline.com;factorial.partnersonline.com;finds.target.com;gql.studioconnect.live;greenfield.partnersonline.com;greenfield.target.com;hrocdocrequest.target.com;iccon.target.com;incubator.target.com;india.target.com;ios.studioconnect.live;jira.target.com;launchpad.partnersonline.com;launchpad.target.com;leads.studioconnect.live;m.target.com;marketinghub.target.com;mercury.partnersonline.com;mickra.target.com;mickradashboard.target.com;mvs.partnersonline.com;mytime.target.com;nic.target;openhouse.target.com;opensource.target.com;osmosis.partnersonline.com;partnersonline.com;pcn.partnersonline.com;peg.partnersonline.com;photosubmission.target.com;pid.partnersonline.com;plus.target.com;pmworkorderadmin.partnersonline.com;poladmin.partnersonline.com;pop.partnersonline.com;qmp.partnersonline.com;qr.target.com;r2d2.target.com;rdmplus.target.com;recognize.target.com;redcard.target.com;redirect.studioconnect.live;rik.roundel.com;roundel.com;rubix.partnersonline.com;rubix.target.com;security.target.com;servicetech.target.com;sm.partnersonline.com;spark.partnersonline.com;spark.target.com;studioconnect.live;stylehub.target.com;synergy.partnersonline.com;target.com;targetmedianetwork.target.com;targetopenhouse.com;tepagent.target.com;tgt-files.target.com;tgtdriver.partnersonline.com;ti-event-prod.target.com;tiam.target.com;tiiam.target.com;tvi.partnersonline.com;viewpoint.target.com;weeklyad.target.com;www.partnersonline.com;www.roundel.com;www.target.com;www.targetopenhouse.com",
"ssl_cert_SerialNum": "0x012ede33fc9283773396e9b1ff995262",
"ssl_cert_AgID": "1.2.840.113549.1.1.11",
"ssl_cert_From": "210928164609Z",
"ssl_cert_To": "221030164608Z",
"ssl_cert_SSLFPAg": "1.2.840.113549.1.1.11",
"name": "SSL_RESULT_13"
},
{
"Tuple4": "10.10.10.162.55242>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"ssl_ja3s_hash": "16c0b3e6a7b8173c16d944cfeaeee9cf",
"ssl_cert_version": "v3",
"ssl_cert_Issuer": "GlobalSign Atlas R3 OV TLS CA H2 2021;GlobalSign nv-sa;;;;;BE",
"ssl_cert_IssuerCN": "GlobalSign Atlas R3 OV TLS CA H2 2021",
"ssl_cert_IssuerO": "GlobalSign nv-sa",
"ssl_cert_IssuerC": "BE",
"ssl_cert_Sub": "sites.target.com;Target Corporation;;Minneapolis;;Minnesota;US",
"ssl_cert_SubCN": "sites.target.com",
"ssl_cert_SubO": "Target Corporation",
"ssl_cert_SubC": "US",
"ssl_cert_SubP": "Minnesota",
"ssl_cert_SubL": "Minneapolis",
"ssl_cert_SubCN": "sites.target.com",
"ssl_cert_SubAltName": "sites.target.com;affiliate.target.com;android.studioconnect.live;api.studioconnect.live;apollo-metrics.target.com;assethub.partnersonline.com;assethub.target.com;awesomeshop.target.com;bex.partnersonline.com;bex.target.com;cartster.target.com;cartwheel.target.com;cartwheelws-secure.target.com;circle.target.com;connect.roundel.com;connectedcommerce.target.com;corporate.target.com;developer.target.com;dojo.target.com;doppler.partnersonline.com;elevate.target.com;extgargantua.partnersonline.com;factorial.partnersonline.com;finds.target.com;gql.studioconnect.live;greenfield.partnersonline.com;greenfield.target.com;hrocdocrequest.target.com;iccon.target.com;incubator.target.com;india.target.com;ios.studioconnect.live;jira.target.com;launchpad.partnersonline.com;launchpad.target.com;leads.studioconnect.live;m.target.com;marketinghub.target.com;mercury.partnersonline.com;mickra.target.com;mickradashboard.target.com;mvs.partnersonline.com;mytime.target.com;nic.target;openhouse.target.com;opensource.target.com;osmosis.partnersonline.com;partnersonline.com;pcn.partnersonline.com;peg.partnersonline.com;photosubmission.target.com;pid.partnersonline.com;plus.target.com;pmworkorderadmin.partnersonline.com;poladmin.partnersonline.com;pop.partnersonline.com;qmp.partnersonline.com;qr.target.com;r2d2.target.com;rdmplus.target.com;recognize.target.com;redcard.target.com;redirect.studioconnect.live;rik.roundel.com;roundel.com;rubix.partnersonline.com;rubix.target.com;security.target.com;servicetech.target.com;sm.partnersonline.com;spark.partnersonline.com;spark.target.com;studioconnect.live;stylehub.target.com;synergy.partnersonline.com;target.com;targetmedianetwork.target.com;targetopenhouse.com;tepagent.target.com;tgt-files.target.com;tgtdriver.partnersonline.com;ti-event-prod.target.com;tiam.target.com;tiiam.target.com;tvi.partnersonline.com;viewpoint.target.com;weeklyad.target.com;www.partnersonline.com;www.roundel.com;www.target.com;www.targetopenhouse.com",
"ssl_cert_SerialNum": "0x012ede33fc9283773396e9b1ff995262",
"ssl_cert_AgID": "1.2.840.113549.1.1.11",
"ssl_cert_From": "210928164609Z",
"ssl_cert_To": "221030164608Z",
"ssl_cert_SSLFPAg": "1.2.840.113549.1.1.11",
"name": "SSL_RESULT_14"
},
{
"Tuple4": "10.10.10.162.55241>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_15"
},
{
"Tuple4": "10.10.10.162.55274>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_16"
},
{
"Tuple4": "10.10.10.162.55273>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_17"
},
{
"Tuple4": "10.10.10.162.55279>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_18"
},
{
"Tuple4": "10.10.10.162.55282>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_19"
},
{
"Tuple4": "10.10.10.162.55283>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_20"
},
{
"Tuple4": "10.10.10.162.55284>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_21"
},
{
"Tuple4": "10.10.10.162.55285>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_22"
},
{
"Tuple4": "10.10.10.162.55286>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_23"
},
{
"Tuple4": "10.10.10.162.55287>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_24"
},
{
"Tuple4": "10.10.10.162.55288>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_25"
},
{
"Tuple4": "10.10.10.162.55289>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_26"
},
{
"Tuple4": "10.10.10.162.55296>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_27"
},
{
"Tuple4": "10.10.10.162.55297>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_28"
},
{
"Tuple4": "10.10.10.162.55298>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_29"
},
{
"Tuple4": "10.10.10.162.55299>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_30"
},
{
"Tuple4": "10.10.10.162.55300>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_31"
},
{
"Tuple4": "10.10.10.162.55301>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_32"
},
{
"Tuple4": "10.10.10.162.55306>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_33"
},
{
"Tuple4": "10.10.10.162.55307>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_34"
},
{
"Tuple4": "10.10.10.162.55308>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_35"
},
{
"Tuple4": "10.10.10.162.55309>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_36"
},
{
"Tuple4": "10.10.10.162.55311>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_37"
},
{
"Tuple4": "10.10.10.162.55312>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_38"
},
{
"Tuple4": "10.10.10.162.55321>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_39"
},
{
"Tuple4": "10.10.10.162.55322>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_40"
},
{
"Tuple4": "10.10.10.162.55323>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_41"
},
{
"Tuple4": "10.10.10.162.55324>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_42"
},
{
"Tuple4": "10.10.10.162.55325>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_43"
},
{
"Tuple4": "10.10.10.162.55326>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_44"
},
{
"Tuple4": "10.10.10.162.55327>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_45"
},
{
"Tuple4": "10.10.10.162.55328>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_46"
},
{
"Tuple4": "10.10.10.162.55330>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_47"
},
{
"Tuple4": "10.10.10.162.55331>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_48"
},
{
"Tuple4": "10.10.10.162.55332>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_49"
},
{
"Tuple4": "10.10.10.162.55334>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_50"
},
{
"Tuple4": "10.10.10.162.55336>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_51"
},
{
"Tuple4": "10.10.10.162.55337>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_52"
},
{
"Tuple4": "10.10.10.162.55338>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_53"
},
{
"Tuple4": "10.10.10.162.55343>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_54"
},
{
"Tuple4": "10.10.10.162.55344>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_55"
},
{
"Tuple4": "10.10.10.162.55345>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_56"
},
{
"Tuple4": "10.10.10.162.55346>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_57"
},
{
"Tuple4": "10.10.10.162.55349>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_58"
},
{
"Tuple4": "10.10.10.162.55348>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_59"
},
{
"Tuple4": "10.10.10.162.55352>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_60"
},
{
"Tuple4": "10.10.10.162.55353>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_61"
},
{
"Tuple4": "10.10.10.162.55356>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_62"
},
{
"Tuple4": "10.10.10.162.55357>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_63"
},
{
"Tuple4": "10.10.10.162.55359>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_64"
},
{
"Tuple4": "10.10.10.162.55358>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_65"
},
{
"Tuple4": "10.10.10.162.55364>151.101.2.187.443",
"ssl_sni": "www.target.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"name": "SSL_RESULT_66"
}
]

BIN
test/case/extensions_exceed_16/1-ssl.ex.exceed16-192.168.64.8.53446-185.63.190.2.443.pcap Normal file
View File

Binary file not shown.

10
test/case/extensions_exceed_16/extensions_exceed_16_result.json Normal file
View File

@@ -0,0 +1,10 @@
[
{
"Tuple4": "192.168.64.8.53466>185.63.190.2.443",
"ssl_sni": "fermer.ru",
"ssl_ech": "1",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "afa0d02228072fc4b02a7772a668c64a",
"name": "SSL_RESULT_1"
}
]

BIN
test/case/multiple_handshake/3-ssl-with-cert.pcap Normal file
View File

Binary file not shown.

23
test/case/multiple_handshake/ssl_multiple_handshake_result.json Normal file
View File

@@ -0,0 +1,23 @@
[
{
"Tuple4": "192.168.32.27.52705>202.89.233.101.443",
"ssl_sni": "cn.bing.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9",
"ssl_ja3s_hash": "67bfe5d15ae567fb35fd7837f0116eec",
"ssl_cert_version": "v3",
"ssl_cert_Issuer": "Microsoft RSA TLS CA 02;Microsoft Corporation;;;;;US",
"ssl_cert_IssuerCN": "Microsoft RSA TLS CA 02",
"ssl_cert_IssuerO": "Microsoft Corporation",
"ssl_cert_IssuerC": "US",
"ssl_cert_Sub": "www.bing.com;;;;;;",
"ssl_cert_SubCN": "www.bing.com",
"ssl_cert_SubAltName": "www.bing.com;dict.bing.com.cn;*.platform.bing.com;*.bing.com;bing.com;ieonline.microsoft.com;*.windowssearch.com;cn.ieonline.microsoft.com;*.origin.bing.com;*.mm.bing.net;*.api.bing.com;ecn.dev.virtualearth.net;*.cn.bing.net;*.cn.bing.com;ssl-api.bing.com;ssl-api.bing.net;*.api.bing.net;*.bingapis.com;bingsandbox.com;feedback.microsoft.com;insertmedia.bing.office.net;r.bat.bing.com;*.r.bat.bing.com;*.dict.bing.com.cn;*.dict.bing.com;*.ssl.bing.com;*.appex.bing.com;*.platform.cn.bing.com;wp.m.bing.com;*.m.bing.com;global.bing.com;windowssearch.com;search.msn.com;*.bingsandbox.com;*.api.tiles.ditu.live.com;*.ditu.live.com;*.t0.tiles.ditu.live.com;*.t1.tiles.ditu.live.com;*.t2.tiles.ditu.live.com;*.t3.tiles.ditu.live.com;*.tiles.ditu.live.com;3d.live.com;api.search.live.com;beta.search.live.com;cnweb.search.live.com;dev.live.com;ditu.live.com;farecast.live.com;image.live.com;images.live.com;local.live.com.au;localsearch.live.com;ls4d.search.live.com;mail.live.com;mapindia.live.com;local.live.com;maps.live.com;maps.live.com.au;mindia.live.com;news.live.com;origin.cnweb.search.live.com;preview.local.live.com;search.live.com;test.maps.live.com;video.live.com;videos.live.com;virtualearth.live.com;wap.live.com;webmaster.live.com;webmasters.live.com;www.local.live.com.au;www.maps.live.com.au",
"ssl_cert_SerialNum": "0x7f0012e261129541195fac1a6000000012e261",
"ssl_cert_AgID": "1.2.840.113549.1.1.11",
"ssl_cert_From": "210706015313Z",
"ssl_cert_To": "220106015313Z",
"ssl_cert_SSLFPAg": "1.2.840.113549.1.1.11",
"name": "SSL_RESULT_1"
}
]

BIN
test/case/ssl/1-ssl-sun9-20.userapi.com-90.143.182.94.55835-93.186.227.131.443.pcap Normal file
View File

Binary file not shown.

BIN
test/case/ssl/2-ssl-v1.3-esni-192.168.50.38.52391-104.16.123.96.443.pcap Normal file
View File

Binary file not shown.

BIN
test/case/ssl/3-tls_ech.pcap Normal file
View File

Binary file not shown.

53
test/case/ssl/ssl_result.json Normal file
View File

@@ -0,0 +1,53 @@
[
{
"Tuple4": "192.168.50.38.52391>104.16.123.96.443",
"ssl_sni": "ESNI",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "62a4a00de930bd0a5bee0309cc8362ed",
"ssl_ja3s_hash": "eb1d94daa7e0344597e756a1fb6e7054",
"name": "SSL_RESULT_1"
},
{
"Tuple4": "192.168.2.102.56768>34.138.246.121.443",
"ssl_sni": "public.tls-ech.dev",
"ssl_ech": "1",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "a195b9c006fcb23ab9a2343b0871e362",
"ssl_ja3s_hash": "2b0648ab686ee45e0e7c35fcfb0eea7e",
"name": "SSL_RESULT_2"
},
{
"Tuple4": "90.143.182.94.55835>93.186.227.131.443",
"ssl_sni": "sun9-20.userapi.com",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "6f5e62edfa5933b1332ddf8b9fb3ef9d",
"ssl_ja3s_hash": "2d1eb5817ece335c24904f516ad5da12",
"ssl_cert_version": "v3",
"ssl_cert_Issuer": "GlobalSign Organization Validation CA - SHA256 - G2;GlobalSign nv-sa;;;;;BE",
"ssl_cert_IssuerCN": "GlobalSign Organization Validation CA - SHA256 - G2",
"ssl_cert_IssuerO": "GlobalSign nv-sa",
"ssl_cert_IssuerC": "BE",
"ssl_cert_Sub": "*.userapi.com;V Kontakte LLC;;Saint-Petersburg;;Saint-Petersburg;RU",
"ssl_cert_SubCN": "*.userapi.com",
"ssl_cert_SubO": "V Kontakte LLC",
"ssl_cert_SubC": "RU",
"ssl_cert_SubP": "Saint-Petersburg",
"ssl_cert_SubL": "Saint-Petersburg",
"ssl_cert_SubAltName": "*.userapi.com;vk.me;*.vk-cdn.net;*.vkuserlive.com;*.vkuserlive.net;*.vkuseraudio.net;*.vkuseraudio.com;*.vkuservideo.net;*.vkuservideo.com;*.vk.me;userapi.com",
"ssl_cert_SerialNum": "0x5afa3a189e6a5c11e1e18b0f",
"ssl_cert_AgID": "1.2.840.113549.1.1.11",
"ssl_cert_From": "180717083809Z",
"ssl_cert_To": "190714162604Z",
"ssl_cert_SSLFPAg": "1.2.840.113549.1.1.11",
"name": "SSL_RESULT_3"
},
{
"Tuple4": "192.168.2.102.56776>34.138.246.121.443",
"ssl_sni": "public.tls-ech.dev",
"ssl_ech": "1",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "a195b9c006fcb23ab9a2343b0871e362",
"ssl_ja3s_hash": "2b0648ab686ee45e0e7c35fcfb0eea7e",
"name": "SSL_RESULT_4"
}
]

BIN
test/case/tcp_ack_contians_payload/1-tcp_ack_contains_payload.pcap Normal file
View File

Binary file not shown.

114
test/case/tcp_ack_contians_payload/ssl_tcp_ack_contians_payload_result.json Normal file
View File

@@ -0,0 +1,114 @@
[
{
"Tuple4": "36.251.161.167.39018>143.92.57.79.443",
"ssl_sni": "a.ywgyuv.cn",
"ssl_ech": "1",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "6f7971785f5cbbcb21819b6639f0e8f7",
"name": "SSL_RESULT_1"
},
{
"Tuple4": "36.251.161.167.39025>143.92.57.79.443",
"ssl_sni": "a.ywgyuv.cn",
"ssl_ech": "1",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "0ac1d260c0b1f0e3bf645d6580ea6343",
"name": "SSL_RESULT_2"
},
{
"Tuple4": "36.251.161.167.39112>143.92.57.79.443",
"ssl_sni": "a.ywgyuv.cn",
"ssl_ech": "1",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "ca54aeeb513ecacf4d7bc22c5d8f0b75",
"name": "SSL_RESULT_3"
},
{
"Tuple4": "36.251.161.167.39423>143.92.57.79.443",
"ssl_sni": "a.ywgyuv.cn",
"ssl_ech": "1",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "9e41793e6f0a1696bedc0876465e1f42",
"name": "SSL_RESULT_4"
},
{
"Tuple4": "36.251.161.167.39680>143.92.57.79.443",
"ssl_sni": "a.ywgyuv.cn",
"ssl_ech": "1",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "47c3fabcf1bc65a32a9d3fb8e70ab79d",
"name": "SSL_RESULT_5"
},
{
"Tuple4": "36.251.161.167.39809>143.92.57.79.443",
"ssl_sni": "a.ywgyuv.cn",
"ssl_ech": "1",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "04331a57b3e122e689c373712edf42c0",
"name": "SSL_RESULT_6"
},
{
"Tuple4": "36.251.161.167.39816>143.92.57.79.443",
"ssl_sni": "a.ywgyuv.cn",
"ssl_ech": "1",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "34c3efe4e6565e8eef2eaaeb7c12a1a6",
"name": "SSL_RESULT_7"
},
{
"Tuple4": "36.251.161.167.39820>143.92.57.79.443",
"ssl_sni": "a.ywgyuv.cn",
"ssl_ech": "1",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "cc97290a5bb4651489fe7a88e93ace90",
"name": "SSL_RESULT_8"
},
{
"Tuple4": "36.251.161.167.39825>143.92.57.79.443",
"ssl_sni": "a.ywgyuv.cn",
"ssl_ech": "1",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "4e6ae21ce8b876dc7cad2f5ca9a60b23",
"name": "SSL_RESULT_9"
},
{
"Tuple4": "36.251.161.167.39832>143.92.57.79.443",
"ssl_sni": "a.ywgyuv.cn",
"ssl_ech": "1",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "89cb560e9ee2d33728756a2d4d7b2900",
"name": "SSL_RESULT_10"
},
{
"Tuple4": "36.251.161.167.39850>143.92.57.79.443",
"ssl_sni": "a.ywgyuv.cn",
"ssl_ech": "1",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "7324d30178b21f4c3a60550ef43d5ab0",
"name": "SSL_RESULT_11"
},
{
"Tuple4": "36.251.161.167.39867>143.92.57.79.443",
"ssl_sni": "a.ywgyuv.cn",
"ssl_ech": "1",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "53fed08198669268c271fc320627c0c4",
"name": "SSL_RESULT_12"
},
{
"Tuple4": "36.251.161.167.39777>143.92.57.79.443",
"ssl_sni": "a.ywgyuv.cn",
"ssl_ech": "1",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "c3db97da3b30171e5cf9de314584b555",
"name": "SSL_RESULT_13"
},
{
"Tuple4": "36.251.161.167.39810>143.92.57.79.443",
"ssl_sni": "a.ywgyuv.cn",
"ssl_ech": "1",
"ssl_client_version": "TLS1.2",
"ssl_ja3_hash": "ff194650bab04e7b4cd55e66fd91c010",
"name": "SSL_RESULT_14"
}
]

BIN
test/case/xxg/1-18-target.com.pcap Normal file
View File

Binary file not shown.

1493
test/case/xxg/ssl_xxg_target_result.json Normal file
View File

File diff suppressed because it is too large Load Diff

141
test/ssl_decoder_test.cpp
View File

@@ -10,6 +10,7 @@ extern "C"
{
#include "cJSON.h"
#include "yyjson/yyjson.h"
#include "ssl_decoder.h"
#include "toml/toml.h"
@@ -25,17 +26,20 @@ extern "C"
#define ssl_DECODER_TEST_TOML_PATH "./etc/ssl/ssl_decoder.toml"
struct ssl_decoder_test_context
{
yyjson_mut_doc *doc;
yyjson_mut_val *ssl_object;
};
struct ssl_decoder_test_plugin_env
{
int plugin_id;
int topic_id;
int result_index;
int commit_result_enable;
int decode_resource_record_enable;
int export_resource_record_enable;
};
extern "C" void perf_resource_record_decode(struct ssl_message *ssl_msg);
extern "C" int commit_test_result_json(cJSON *node, const char *name);
void ssl_real_result_write_file(char *result_str)
@@ -50,17 +54,86 @@ void ssl_real_result_write_file(char *result_str)
void ssl_decoder_test_message_cb(struct session *ss, int topic_id, const void *msg, void *per_session_ctx, void *plugin_env_str)
{
struct ssl_message *ssl_msg=(struct ssl_message *)msg;
if(ssl_msg==NULL)
{
return;
}
struct ssl_decoder_test_context *per_ss_ctx=(struct ssl_decoder_test_context *)per_session_ctx;
enum ssl_message_type msg_type=ssl_message_type_get(ssl_msg);
switch(msg_type)
{
case SSL_MESSAGE_CLIENT_HELLO:
{
yyjson_mut_obj_add_str(per_ss_ctx->doc ,per_ss_ctx->ssl_object, "ssl_client_version", ssl_message_readable_version_get0(ssl_msg));
char *sni=NULL;
size_t sni_sz=0;
ssl_message_sni_get0(ssl_msg, &sni, &sni_sz);
yyjson_mut_obj_add_strn(per_ss_ctx->doc ,per_ss_ctx->ssl_object, "ssl_sni", sni, sni_sz);
char *ja3=NULL;
size_t ja3_sz=0;
ssl_message_ja3hash_get0(ssl_msg, &ja3, &ja3_sz);
yyjson_mut_obj_add_strn(per_ss_ctx->doc ,per_ss_ctx->ssl_object, "ssl_ja3_hash", ja3, ja3_sz);
int32_t esni_flag=ssl_message_esni_is_true(ssl_msg);
yyjson_mut_obj_add_int(per_ss_ctx->doc ,per_ss_ctx->ssl_object, "ssl_esni", esni_flag);
int32_t ech_flag=ssl_message_ech_is_true(ssl_msg);
yyjson_mut_obj_add_int(per_ss_ctx->doc ,per_ss_ctx->ssl_object, "ssl_ech", ech_flag);
}
break;
case SSL_MESSAGE_SERVER_HELLO:
{
yyjson_mut_obj_add_str(per_ss_ctx->doc ,per_ss_ctx->ssl_object, "ssl_server_version", ssl_message_readable_version_get0(ssl_msg));
char *ja3s=NULL;
size_t ja3s_sz=0;
ssl_message_ja3shash_get0(ssl_msg, &ja3s, &ja3s_sz);
yyjson_mut_obj_add_strn(per_ss_ctx->doc ,per_ss_ctx->ssl_object, "ssl_ja3s_hash", ja3s, ja3s_sz);
}
break;
case SSL_MESSAGE_CERTIFICATE:
break;
case SSL_PROTECTED_PAYLOAD:
break;
default:
break;
}
}
void *ssl_decoder_test_per_session_context_new(struct session *sess, void *plugin_env)
void *ssl_decoder_test_per_session_context_new(struct session *ss, void *plugin_env)
{
return NULL;
struct ssl_decoder_test_context *per_ss_ctx=(struct ssl_decoder_test_context *)calloc(1, sizeof(struct ssl_decoder_test_context));
per_ss_ctx->doc=yyjson_mut_doc_new(0);
per_ss_ctx->ssl_object=yyjson_mut_obj(per_ss_ctx->doc);
return (void *)per_ss_ctx;
}
void ssl_decoder_test_per_session_context_free(struct session *sess, void *session_ctx, void *plugin_env)
void ssl_decoder_test_per_session_context_free(struct session *ss, void *per_session_ctx, void *plugin_env_str)
{
struct ssl_decoder_test_plugin_env *plugin_env=(struct ssl_decoder_test_plugin_env *)plugin_env_str;
struct ssl_decoder_test_context *per_ss_ctx=(struct ssl_decoder_test_context *)per_session_ctx;
if(per_ss_ctx==NULL)
{
return;
}
yyjson_mut_doc_set_root(per_ss_ctx->doc, per_ss_ctx->ssl_object);
char *json_str=yyjson_mut_write(per_ss_ctx->doc, 0, 0);
yyjson_mut_doc_free(per_ss_ctx->doc);
char result_name[16]="";
sprintf(result_name, "SSL_RESULT_%d", plugin_env->result_index++);
cJSON *real_result=cJSON_Parse(json_str);
commit_test_result_json(real_result, result_name);
free(json_str);
free(per_ss_ctx);
}
int32_t ssl_decoder_test_config_load(const char *cfg_path, struct ssl_decoder_test_plugin_env *plugin_env)
@@ -125,62 +198,6 @@ int32_t ssl_decoder_test_config_load(const char *cfg_path, struct ssl_decoder_te
}
}
toml_table_t *perf_tbl=toml_table_in(test_tbl, "perf");
if(NULL==perf_tbl)
{
fprintf(stderr, "[%s:%d] config file: %s has no key: [decoder.ssl.test.perf]", __FUNCTION__, __LINE__, cfg_path);
toml_free(root);
return -1;
}
// decode_resource_record_enable
toml_datum_t decode_resource_record_enable_val=toml_string_in(perf_tbl, "decode_resource_record_enable");
if(decode_resource_record_enable_val.ok==0)
{
plugin_env->decode_resource_record_enable=0;
fprintf(stderr, "[%s:%d] config file: %s has no key: [decoder.ssl.test.decode_resource_record_enable]", __FUNCTION__, __LINE__, cfg_path);
}
else
{
if(memcmp("no", decode_resource_record_enable_val.u.s, strlen("no"))==0)
{
plugin_env->decode_resource_record_enable=0;
}
else if(memcmp("yes", decode_resource_record_enable_val.u.s, strlen("yes"))==0)
{
plugin_env->decode_resource_record_enable=1;
}
else
{
plugin_env->decode_resource_record_enable=1;
fprintf(stderr, "[%s:%d] config file: %s key: [decoder.ssl.test.decode_resource_record_enable] value is not yes or no", __FUNCTION__, __LINE__, cfg_path);
}
}
// export_resource_record_enable
toml_datum_t export_resource_record_enable_val=toml_string_in(perf_tbl, "export_resource_record_enable");
if(export_resource_record_enable_val.ok==0)
{
plugin_env->export_resource_record_enable=0;
fprintf(stderr, "[%s:%d] config file: %s has no key: [decoder.ssl.test.export_resource_record_enable]", __FUNCTION__, __LINE__, cfg_path);
}
else
{
if(memcmp("no", export_resource_record_enable_val.u.s, strlen("no"))==0)
{
plugin_env->export_resource_record_enable=0;
}
else if(memcmp("yes", export_resource_record_enable_val.u.s, strlen("yes"))==0)
{
plugin_env->export_resource_record_enable=1;
}
else
{
plugin_env->export_resource_record_enable=1;
fprintf(stderr, "[%s:%d] config file: %s key: [decoder.ssl.test.export_resource_record_enable] value is not yes or no", __FUNCTION__, __LINE__, cfg_path);
}
}
toml_free(root);
return ret;