From 484cb7a71951b32e353ba649aa77f636699e8e4e Mon Sep 17 00:00:00 2001 From: liuxueli Date: Tue, 12 Mar 2024 18:20:30 +0800 Subject: Bugfix: tcp ack contains payload and the payload length is less than 6 (ssl header), ec_point_format has multiple values --- test/CMakeLists.txt | 1 + ...ment.36.251.161.167.39777-143.92.57.79.443.pcap | Bin 0 -> 4708 bytes .../ssl_client_hello_fragment_result.json | 8 ++ .../1-tcp_ack_contains_payload.pcap | Bin 0 -> 21756 bytes .../ssl_tcp_ack_contians_payload_result.json | 114 +++++++++++++++++++++ 5 files changed, 123 insertions(+) create mode 100644 test/pcap/client_hello_fragment/3-ssl.client.hello.fragment.36.251.161.167.39777-143.92.57.79.443.pcap create mode 100644 test/pcap/tcp_ack_contians_payload/1-tcp_ack_contains_payload.pcap create mode 100644 test/pcap/tcp_ack_contians_payload/ssl_tcp_ack_contians_payload_result.json (limited to 'test') diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt index f7d79de..d234fca 100644 --- a/test/CMakeLists.txt +++ b/test/CMakeLists.txt @@ -45,3 +45,4 @@ add_test(NAME RUN_MULTIPLE_HANDSHAKE_TEST COMMAND proto_test_main ${CMAKE_CURREN add_test(NAME RUN_CLOSE_CONTAINS_PAYLOAD_TEST COMMAND proto_test_main ${CMAKE_CURRENT_SOURCE_DIR}/pcap/close_contains_payload/ssl_close_contains_payload_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/pcap/close_contains_payload/ -name *.pcap|sort -V" WORKING_DIRECTORY ${PROTO_TEST_RUN_DIR}) add_test(NAME RUN_EXTENSION_EXCEED_16 COMMAND proto_test_main ${CMAKE_CURRENT_SOURCE_DIR}/pcap/extensions_exceed_16/extensions_exceed_16_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/pcap/extensions_exceed_16/ -name *.pcap|sort -V" WORKING_DIRECTORY ${PROTO_TEST_RUN_DIR}) add_test(NAME RUN_CLIENT_HELLO_FRAGMENT COMMAND proto_test_main ${CMAKE_CURRENT_SOURCE_DIR}/pcap/client_hello_fragment/ssl_client_hello_fragment_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/pcap/client_hello_fragment/ -name *.pcap|sort -V" WORKING_DIRECTORY ${PROTO_TEST_RUN_DIR}) +add_test(NAME RUN_ACK_CONTAINS_PAYLOAD COMMAND proto_test_main ${CMAKE_CURRENT_SOURCE_DIR}/pcap/tcp_ack_contians_payload/ssl_tcp_ack_contians_payload_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/pcap/tcp_ack_contians_payload/ -name *.pcap|sort -V" WORKING_DIRECTORY ${PROTO_TEST_RUN_DIR}) diff --git a/test/pcap/client_hello_fragment/3-ssl.client.hello.fragment.36.251.161.167.39777-143.92.57.79.443.pcap b/test/pcap/client_hello_fragment/3-ssl.client.hello.fragment.36.251.161.167.39777-143.92.57.79.443.pcap new file mode 100644 index 0000000..f81b4fe Binary files /dev/null and b/test/pcap/client_hello_fragment/3-ssl.client.hello.fragment.36.251.161.167.39777-143.92.57.79.443.pcap differ diff --git a/test/pcap/client_hello_fragment/ssl_client_hello_fragment_result.json b/test/pcap/client_hello_fragment/ssl_client_hello_fragment_result.json index dfbad1a..b392285 100644 --- a/test/pcap/client_hello_fragment/ssl_client_hello_fragment_result.json +++ b/test/pcap/client_hello_fragment/ssl_client_hello_fragment_result.json @@ -46,5 +46,13 @@ "ssl_cert_To": "240515235959Z", "ssl_cert_SSLFPAg": "1.2.840.113549.1.1.11", "name": "SSL_RESULT_2" + }, + { + "Tuple4": "36.251.161.167.39777>143.92.57.79.443", + "ssl_sni": "a.ywgyuv.cn", + "ssl_ech": "1", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "c3db97da3b30171e5cf9de314584b555", + "name": "SSL_RESULT_3" } ] \ No newline at end of file diff --git a/test/pcap/tcp_ack_contians_payload/1-tcp_ack_contains_payload.pcap b/test/pcap/tcp_ack_contians_payload/1-tcp_ack_contains_payload.pcap new file mode 100644 index 0000000..199f7ee Binary files /dev/null and b/test/pcap/tcp_ack_contians_payload/1-tcp_ack_contains_payload.pcap differ diff --git a/test/pcap/tcp_ack_contians_payload/ssl_tcp_ack_contians_payload_result.json b/test/pcap/tcp_ack_contians_payload/ssl_tcp_ack_contians_payload_result.json new file mode 100644 index 0000000..9632ce8 --- /dev/null +++ b/test/pcap/tcp_ack_contians_payload/ssl_tcp_ack_contians_payload_result.json @@ -0,0 +1,114 @@ +[ + { + "Tuple4": "36.251.161.167.39018>143.92.57.79.443", + "ssl_sni": "a.ywgyuv.cn", + "ssl_ech": "1", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "6f7971785f5cbbcb21819b6639f0e8f7", + "name": "SSL_RESULT_1" + }, + { + "Tuple4": "36.251.161.167.39025>143.92.57.79.443", + "ssl_sni": "a.ywgyuv.cn", + "ssl_ech": "1", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "0ac1d260c0b1f0e3bf645d6580ea6343", + "name": "SSL_RESULT_2" + }, + { + "Tuple4": "36.251.161.167.39112>143.92.57.79.443", + "ssl_sni": "a.ywgyuv.cn", + "ssl_ech": "1", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "ca54aeeb513ecacf4d7bc22c5d8f0b75", + "name": "SSL_RESULT_3" + }, + { + "Tuple4": "36.251.161.167.39423>143.92.57.79.443", + "ssl_sni": "a.ywgyuv.cn", + "ssl_ech": "1", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "9e41793e6f0a1696bedc0876465e1f42", + "name": "SSL_RESULT_4" + }, + { + "Tuple4": "36.251.161.167.39680>143.92.57.79.443", + "ssl_sni": "a.ywgyuv.cn", + "ssl_ech": "1", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "47c3fabcf1bc65a32a9d3fb8e70ab79d", + "name": "SSL_RESULT_5" + }, + { + "Tuple4": "36.251.161.167.39809>143.92.57.79.443", + "ssl_sni": "a.ywgyuv.cn", + "ssl_ech": "1", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "04331a57b3e122e689c373712edf42c0", + "name": "SSL_RESULT_6" + }, + { + "Tuple4": "36.251.161.167.39816>143.92.57.79.443", + "ssl_sni": "a.ywgyuv.cn", + "ssl_ech": "1", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "34c3efe4e6565e8eef2eaaeb7c12a1a6", + "name": "SSL_RESULT_7" + }, + { + "Tuple4": "36.251.161.167.39820>143.92.57.79.443", + "ssl_sni": "a.ywgyuv.cn", + "ssl_ech": "1", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cc97290a5bb4651489fe7a88e93ace90", + "name": "SSL_RESULT_8" + }, + { + "Tuple4": "36.251.161.167.39825>143.92.57.79.443", + "ssl_sni": "a.ywgyuv.cn", + "ssl_ech": "1", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "4e6ae21ce8b876dc7cad2f5ca9a60b23", + "name": "SSL_RESULT_9" + }, + { + "Tuple4": "36.251.161.167.39832>143.92.57.79.443", + "ssl_sni": "a.ywgyuv.cn", + "ssl_ech": "1", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "89cb560e9ee2d33728756a2d4d7b2900", + "name": "SSL_RESULT_10" + }, + { + "Tuple4": "36.251.161.167.39850>143.92.57.79.443", + "ssl_sni": "a.ywgyuv.cn", + "ssl_ech": "1", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "7324d30178b21f4c3a60550ef43d5ab0", + "name": "SSL_RESULT_11" + }, + { + "Tuple4": "36.251.161.167.39867>143.92.57.79.443", + "ssl_sni": "a.ywgyuv.cn", + "ssl_ech": "1", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "53fed08198669268c271fc320627c0c4", + "name": "SSL_RESULT_12" + }, + { + "Tuple4": "36.251.161.167.39777>143.92.57.79.443", + "ssl_sni": "a.ywgyuv.cn", + "ssl_ech": "1", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "c3db97da3b30171e5cf9de314584b555", + "name": "SSL_RESULT_13" + }, + { + "Tuple4": "36.251.161.167.39810>143.92.57.79.443", + "ssl_sni": "a.ywgyuv.cn", + "ssl_ech": "1", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "ff194650bab04e7b4cd55e66fd91c010", + "name": "SSL_RESULT_14" + } +] \ No newline at end of file -- cgit v1.2.3