gfwleak/tango-tsg-master
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

修复扫描mail协议ID失败的BUG

Browse Source 
判断出是SSL协议之后再调用生成JA3指纹的函数
This commit is contained in:
liuxueli
2020-09-21 20:23:11 +08:00
parent e57ad7f8ec
commit 50ea6dc7d9
2 changed files with 58 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
src/tsg_entry.cpp
View File

@@ -507,11 +507,29 @@ static int identify_application_protocol(struct streaminfo *a_stream, struct _id
if(g_tsg_para.proto_flag&(1<<PROTO_SSL)) //ssl if(g_tsg_para.proto_flag&(1<<PROTO_SSL)) //ssl
{ {
enum chello_parse_result chello_status = CHELLO_PARSE_INVALID_FORMAT;
struct ssl_chello *chello = NULL;
chello=ssl_chello_parse((unsigned char *)a_stream->ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen, &chello_status);
if(chello_status==CHELLO_PARSE_SUCCESS)
{
identify_info->proto=PROTO_SSL;
if(chello->sni==NULL)
{
identify_info->domain_len = 0;
}
else
{
identify_info->domain_len = strnlen(chello->sni, sizeof(identify_info->domain) - 1);
strncpy(identify_info->domain, chello->sni, identify_info->domain_len);
}
ssl_chello_free(chello);
struct _ssl_ja3_info_t *ja3_info=NULL; struct _ssl_ja3_info_t *ja3_info=NULL;
ja3_info=ssl_get_ja3_fingerprint(a_stream, (unsigned char *)a_stream->ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen, a_stream->threadnum); ja3_info=ssl_get_ja3_fingerprint(a_stream, (unsigned char *)a_stream->ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen, a_stream->threadnum);
if(ja3_info!=NULL) if(ja3_info!=NULL)
{ {
identify_info->proto=PROTO_SSL;
if(ja3_info->sni==NULL || ja3_info->sni_len<=0) if(ja3_info->sni==NULL || ja3_info->sni_len<=0)
{ {
identify_info->domain_len = 0; identify_info->domain_len = 0;
@@ -531,30 +549,11 @@ static int identify_application_protocol(struct streaminfo *a_stream, struct _id
return 1; return 1;
} }
#if 0
enum chello_parse_result chello_status = CHELLO_PARSE_INVALID_FORMAT;
struct ssl_chello *chello = NULL;
chello=ssl_chello_parse((unsigned char *)a_stream->ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen, &chello_status);
if(chello_status==CHELLO_PARSE_SUCCESS)
{
identify_info->proto=PROTO_SSL;
if(chello->sni==NULL)
{
identify_info->domain_len = 0;
}
else
{
identify_info->domain_len = strnlen(chello->sni, sizeof(identify_info->domain) - 1);
strncpy(identify_info->domain, chello->sni, identify_info->domain_len);
}
ssl_chello_free(chello);
return 1; return 1;
} }
ssl_chello_free(chello); ssl_chello_free(chello);
#endif
} }
if(g_tsg_para.proto_flag&(1<<PROTO_FTP)) //ftp if(g_tsg_para.proto_flag&(1<<PROTO_FTP)) //ftp
@@ -713,6 +712,8 @@ extern "C" char TSG_MASTER_TCP_ENTRY(struct streaminfo *a_tcp, void **pme, int t
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HIT_ADDR], 0, FS_OP_ADD, 1); FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HIT_ADDR], 0, FS_OP_ADD, 1);
} }
if(identify_info.proto==PROTO_HTTP || identify_info.proto==PROTO_SSL)
{
ret=tsg_scan_shared_policy(g_tsg_maat_feather, &identify_info, all_result+hit_num, MAX_RESULT_NUM-hit_num, &mid, thread_seq); ret=tsg_scan_shared_policy(g_tsg_maat_feather, &identify_info, all_result+hit_num, MAX_RESULT_NUM-hit_num, &mid, thread_seq);
if(ret>0) if(ret>0)
{ {
@@ -744,6 +745,7 @@ extern "C" char TSG_MASTER_TCP_ENTRY(struct streaminfo *a_tcp, void **pme, int t
printaddr(&a_tcp->addr, thread_seq) printaddr(&a_tcp->addr, thread_seq)
); );
} }
}
if(mid!=NULL) if(mid!=NULL)
{ {

1
src/tsg_rule.cpp
View File

@@ -103,6 +103,7 @@ static int proto_str2id(tsg_protocol_t proto)
case PROTO_TCP: return 100; case PROTO_TCP: return 100;
case PROTO_UDP: return 101; case PROTO_UDP: return 101;
case PROTO_HTTP: return 106; case PROTO_HTTP: return 106;
case PROTO_MAIL: return 110;
case PROTO_IMAP: return 110; case PROTO_IMAP: return 110;
case PROTO_POP3: return 110;//116 case PROTO_POP3: return 110;//116
case PROTO_SMTP: return 110;//122 case PROTO_SMTP: return 110;//122