From 3d59a92dd67a5f24fea233963ab49b644075a691 Mon Sep 17 00:00:00 2001 From: 刘学利 Date: Mon, 11 Mar 2024 10:31:48 +0000 Subject: TSG-19861: Support client hello fragment --- test/CMakeLists.txt | 3 +- ...ent.192.168.56.31.53868.74.118.186.107.443.pcap | Bin 0 -> 9609 bytes ...gment.192.168.58.17.49218-23.216.55.29.443.pcap | Bin 0 -> 1412721 bytes .../ssl_client_hello_fragment_result.json | 50 +++++++++++++++++++++ test/ssl_test_plug.cpp | 7 +-- 5 files changed, 54 insertions(+), 6 deletions(-) create mode 100644 test/pcap/client_hello_fragment/1-ssl.client.hello.fragment.192.168.56.31.53868.74.118.186.107.443.pcap create mode 100644 test/pcap/client_hello_fragment/2-sni.client.hello.fragment.192.168.58.17.49218-23.216.55.29.443.pcap create mode 100644 test/pcap/client_hello_fragment/ssl_client_hello_fragment_result.json (limited to 'test') diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt index 6959e78..f7d79de 100644 --- a/test/CMakeLists.txt +++ b/test/CMakeLists.txt @@ -1,4 +1,4 @@ -cmake_minimum_required (VERSION 2.8) +cmake_minimum_required (VERSION 3.0) project(${lib_name}_test) @@ -44,3 +44,4 @@ add_test(NAME RUN_BUG_TEST COMMAND proto_test_main ${CMAKE_CURRENT_SOURCE_DIR}/p add_test(NAME RUN_MULTIPLE_HANDSHAKE_TEST COMMAND proto_test_main ${CMAKE_CURRENT_SOURCE_DIR}/pcap/multiple_handshake/ssl_multiple_handshake_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/pcap/multiple_handshake/ -name *.pcap|sort -V" WORKING_DIRECTORY ${PROTO_TEST_RUN_DIR}) add_test(NAME RUN_CLOSE_CONTAINS_PAYLOAD_TEST COMMAND proto_test_main ${CMAKE_CURRENT_SOURCE_DIR}/pcap/close_contains_payload/ssl_close_contains_payload_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/pcap/close_contains_payload/ -name *.pcap|sort -V" WORKING_DIRECTORY ${PROTO_TEST_RUN_DIR}) add_test(NAME RUN_EXTENSION_EXCEED_16 COMMAND proto_test_main ${CMAKE_CURRENT_SOURCE_DIR}/pcap/extensions_exceed_16/extensions_exceed_16_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/pcap/extensions_exceed_16/ -name *.pcap|sort -V" WORKING_DIRECTORY ${PROTO_TEST_RUN_DIR}) +add_test(NAME RUN_CLIENT_HELLO_FRAGMENT COMMAND proto_test_main ${CMAKE_CURRENT_SOURCE_DIR}/pcap/client_hello_fragment/ssl_client_hello_fragment_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/pcap/client_hello_fragment/ -name *.pcap|sort -V" WORKING_DIRECTORY ${PROTO_TEST_RUN_DIR}) diff --git a/test/pcap/client_hello_fragment/1-ssl.client.hello.fragment.192.168.56.31.53868.74.118.186.107.443.pcap b/test/pcap/client_hello_fragment/1-ssl.client.hello.fragment.192.168.56.31.53868.74.118.186.107.443.pcap new file mode 100644 index 0000000..8e0001c Binary files /dev/null and b/test/pcap/client_hello_fragment/1-ssl.client.hello.fragment.192.168.56.31.53868.74.118.186.107.443.pcap differ diff --git a/test/pcap/client_hello_fragment/2-sni.client.hello.fragment.192.168.58.17.49218-23.216.55.29.443.pcap b/test/pcap/client_hello_fragment/2-sni.client.hello.fragment.192.168.58.17.49218-23.216.55.29.443.pcap new file mode 100644 index 0000000..6782478 Binary files /dev/null and b/test/pcap/client_hello_fragment/2-sni.client.hello.fragment.192.168.58.17.49218-23.216.55.29.443.pcap differ diff --git a/test/pcap/client_hello_fragment/ssl_client_hello_fragment_result.json b/test/pcap/client_hello_fragment/ssl_client_hello_fragment_result.json new file mode 100644 index 0000000..dfbad1a --- /dev/null +++ b/test/pcap/client_hello_fragment/ssl_client_hello_fragment_result.json @@ -0,0 +1,50 @@ +[ + { + "Tuple4": "192.168.56.31.53868>74.118.186.107.443", + "ssl_sni": "sync.targeting.unrulymedia.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "bc93a67ef4492974195865dc0262e65e", + "ssl_ja3s_hash": "b898351eb5e266aefd3723d466935494", + "ssl_cert_version": "v3", + "ssl_cert_Issuer": "Sectigo RSA Domain Validation Secure Server CA;Sectigo Limited;;Salford;;Greater Manchester;GB", + "ssl_cert_IssuerCN": "Sectigo RSA Domain Validation Secure Server CA", + "ssl_cert_IssuerO": "Sectigo Limited", + "ssl_cert_IssuerC": "GB", + "ssl_cert_IssuerP": "Greater Manchester", + "ssl_cert_IssuerL": "Salford", + "ssl_cert_Sub": "*.targeting.unrulymedia.com;;;;;;", + "ssl_cert_SubCN": "*.targeting.unrulymedia.com", + "ssl_cert_SubAltName": "*.targeting.unrulymedia.com;targeting.unrulymedia.com", + "ssl_cert_SerialNum": "0x888d5e51787e0f1f485dc542465d2034", + "ssl_cert_AgID": "1.2.840.113549.1.1.11", + "ssl_cert_From": "230510000000Z", + "ssl_cert_To": "240510235959Z", + "ssl_cert_SSLFPAg": "1.2.840.113549.1.1.11", + "name": "SSL_RESULT_1" + }, + { + "Tuple4": "192.168.58.17.49218>23.216.55.29.443", + "ssl_sni": "www.missionsports.org", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "a69708a64f853c3bcc214c2c5faf84f3", + "ssl_ja3s_hash": "10a2ad147a870ef37af153dea9fe4dd3", + "ssl_cert_version": "v3", + "ssl_cert_Issuer": "DigiCert TLS RSA SHA256 2020 CA1;DigiCert Inc;;;;;US", + "ssl_cert_IssuerCN": "DigiCert TLS RSA SHA256 2020 CA1", + "ssl_cert_IssuerO": "DigiCert Inc", + "ssl_cert_IssuerC": "US", + "ssl_cert_Sub": "a248.e.akamai.net;Akamai Technologies, Inc.;;Cambridge;;Massachusetts;US", + "ssl_cert_SubCN": "a248.e.akamai.net", + "ssl_cert_SubO": "Akamai Technologies, Inc.", + "ssl_cert_SubC": "US", + "ssl_cert_SubP": "Massachusetts", + "ssl_cert_SubL": "Cambridge", + "ssl_cert_SubAltName": "a248.e.akamai.net;*.akamaized.net;*.akamaized-staging.net;*.akamaihd.net;*.akamaihd-staging.net", + "ssl_cert_SerialNum": "0x0d61f7742d583251a2b8d5a26a1dda0b", + "ssl_cert_AgID": "1.2.840.113549.1.1.11", + "ssl_cert_From": "230516000000Z", + "ssl_cert_To": "240515235959Z", + "ssl_cert_SSLFPAg": "1.2.840.113549.1.1.11", + "name": "SSL_RESULT_2" + } +] \ No newline at end of file diff --git a/test/ssl_test_plug.cpp b/test/ssl_test_plug.cpp index c43ea72..9a1d27a 100644 --- a/test/ssl_test_plug.cpp +++ b/test/ssl_test_plug.cpp @@ -62,7 +62,6 @@ extern "C" unsigned char SSL_TEST_PLUG_ENTRY(stSessionInfo *session_info, void * cJSON *ctx = (cJSON *)*pme; struct ssl_stream *a_ssl = (struct ssl_stream *)(session_info->app_info); - struct ssl_ja3_info *ja3_info = NULL; if (session_info->session_state & SESSION_STATE_PENDING) { @@ -101,12 +100,10 @@ extern "C" unsigned char SSL_TEST_PLUG_ENTRY(stSessionInfo *session_info, void * cJSON_AddStringToObject(ctx, "ssl_client_version", ssl_get_version_name(a_ssl->chello->version)); } - ja3_info = ssl_get_ja3_fingerprint(a_tcp, (unsigned char *)a_tcp->ptcpdetail->pdata, (unsigned int)a_tcp->ptcpdetail->datalen, a_tcp->threadnum); - if (ja3_info != NULL && ja3_info->fp != NULL && ja3_info->fp_len > 0) + if(strlen(a_ssl->chello->ja3.md5) >0) { - cJSON_AddStringToObject(ctx, "ssl_ja3_hash", ja3_info->fp); + cJSON_AddStringToObject(ctx, "ssl_ja3_hash", a_ssl->chello->ja3.md5); } - break; case SSL_SERVER_HELLO: if (a_ssl->shello->ja3s.fingerprint_md5 != NULL && a_ssl->shello->ja3s.fingerprint_md5_len > 0) -- cgit v1.2.3