diff options
| author | liuxueli <[email protected]> | 2024-08-06 08:04:00 +0000 |
|---|---|---|
| committer | liuxueli <[email protected]> | 2024-08-26 07:09:48 +0000 |
| commit | 2963165b5e981bbfe799efe815e49ed4d0f4aff9 (patch) | |
| tree | 65395bdfbfafec09b61dabf401cc475a48a6d4b3 | |
| parent | 4b3d68bc667299a0ae383435fd5e60ddd04cb5e8 (diff) | |
Feature: add gtest casedev
25 files changed, 2896 insertions, 2032 deletions
diff --git a/bin/ssl_decoder.toml b/bin/ssl_decoder.toml index 77569cd..509e611 100644 --- a/bin/ssl_decoder.toml +++ b/bin/ssl_decoder.toml @@ -9,4 +9,7 @@ port=[443] stat_per_thread_enable="no" stat_name="SSL_DECODER" stat_interval_time_s=5 -stat_output="metrics/ssl_decoder_local_stat.json"
\ No newline at end of file +stat_output="metrics/ssl_decoder_local_stat.json" + +[decoder.ssl.test] +commit_result_enable="yes"
\ No newline at end of file diff --git a/include/ssl_decoder.h b/include/ssl_decoder.h index 8d0ab05..3c3016e 100644 --- a/include/ssl_decoder.h +++ b/include/ssl_decoder.h @@ -12,10 +12,10 @@ extern "C" enum ssl_message_type { - SSL_MESSAGE_CLIENT_HELLO, + SSL_MESSAGE_CLIENT_HELLO=0x1, SSL_MESSAGE_SERVER_HELLO, SSL_MESSAGE_CERTIFICATE, - SSL_PROTECTED_PAYLOAD, + SSL_MESSAGE_ENCRYPTED_APPLICATION, SSL_MSG_MAX, }; @@ -23,6 +23,7 @@ struct ssl_message; enum ssl_message_type ssl_message_type_get(const struct ssl_message *msg); // SSL_MESSAGE_CLIENT_HELLO +int32_t ssl_message_is_fragment(const struct ssl_message *msg); int32_t ssl_message_esni_is_true(const struct ssl_message *msg); int32_t ssl_message_ech_is_true(const struct ssl_message *msg); @@ -53,8 +54,8 @@ void ssl_message_validity_before_get0(const struct ssl_message *msg, char **valu void ssl_message_validity_after_get0(const struct ssl_message *msg, char **value, size_t *value_sz); void ssl_message_issuer_serial_number_get0(const struct ssl_message *msg, char **value, size_t *value_sz); void ssl_message_subject_public_key_algorithm_get0(const struct ssl_message *msg, char **value, size_t *value_sz); -void ssl_message_ssl_algorithm_identifier_get0(const struct ssl_message *msg, char **value, size_t *value_sz); -void ssl_message_ssl_signature_algorithm_id_get0(const struct ssl_message *msg, char **value, size_t *value_sz); +void ssl_message_algorithm_identifier_get0(const struct ssl_message *msg, char **value, size_t *value_sz); +void ssl_message_signature_algorithm_id_get0(const struct ssl_message *msg, char **value, size_t *value_sz); /** * @brief loop reading all domain of subject_alter. @@ -81,7 +82,7 @@ void ssl_rdn_sequence_state_or_province_get0(struct ssl_rdn_sequence *rdn, char void ssl_rdn_sequence_organizational_unit_get0(struct ssl_rdn_sequence *rdn, char **value, size_t *value_sz); void ssl_rdn_sequence_list_get0(struct ssl_rdn_sequence *rdn, char **value, size_t *value_sz); -// SSL_PROTECTED_PAYLOAD +// SSL_MESSAGE_ENCRYPTED_APPLICATION void ssl_message_protected_payload_get0(const struct ssl_message *msg, char **value, size_t *value_sz); #ifdef __cplusplus diff --git a/src/ssl_decoder.cpp b/src/ssl_decoder.cpp index ffbbe17..059ae77 100644 --- a/src/ssl_decoder.cpp +++ b/src/ssl_decoder.cpp @@ -38,8 +38,29 @@ extern "C" #include "ssl_internal.h" #include "ssl_decoder.h" +#define SSL_TRUNK_MESSAGE_TOPIC "SSL_TRUNK_MESSAGE" + UT_icd UT_ssl_hello_extension_icd={sizeof(struct ssl_decoder_ltv), NULL, NULL, NULL}; +#define SSL_TRUNK_MAGIC 0x5a5a5a5a +enum SSL_TRUNK_TYPE +{ + SSL_TRUNK_TYPE_NONE=0, + SSL_TRUNK_TYPE_MOVE, + SSL_TRUNK_TYPE_APPEND, + SSL_TRUNK_TYPE_FREE, + SSL_TRUNK_TYPE_MAX, +}; + +struct ssl_trunk_message +{ + uint32_t magic; + enum SSL_TRUNK_TYPE type; + struct ssl_record_trunk *record_trunk; + uint8_t *pdata; + size_t pdata_sz; +}; + struct ssl_certificate_chain { uint8_t *data; @@ -62,9 +83,10 @@ struct ssl_record_header struct ssl_record_trunk { - struct ssl_record_header header; - size_t cache_len; - uint8_t* cache_buff; + uint8_t is_contains_header; + struct ssl_record_header record_hdr; + size_t data_sz; + uint8_t *data; }; #define SSL_NAME_MAX 256 @@ -96,6 +118,8 @@ struct ssl_decoder_plugin_env int32_t n_net_port; int32_t max_cache_len; struct message_schema ssl; + struct message_schema ptrunk; + struct message_schema strunk; struct message_schema tcp_stream; struct ssl_decoder_stat stat; }; @@ -106,6 +130,75 @@ struct ssl_decoder_context struct ssl_record_trunk record_trunk; }; +int32_t ssl_read_u8(uint8_t *pdata, size_t pdata_sz, size_t *pdata_offset, uint8_t *value) +{ + if(pdata_sz<(*pdata_offset)+1) + { + return SSL_DECODER_FALSE; + } + + if(value!=NULL) + { + *value=(uint8_t)pdata[(*pdata_offset)]; + } + + (*pdata_offset)++; + return SSL_DECODER_TRUE; +} + +int32_t ssl_read_be_u16(uint8_t *pdata, size_t pdata_sz, size_t *pdata_offset, uint16_t *value) +{ + if(pdata_sz<(*pdata_offset)+2) + { + return SSL_DECODER_FALSE; + } + + if(value!=NULL) + { + *value=((uint16_t)pdata[*pdata_offset] << 8) | (uint16_t)pdata[*pdata_offset+1]; + } + + (*pdata_offset)+=2; + return SSL_DECODER_TRUE; +} + +int32_t ssl_read_be_u24(uint8_t *pdata, size_t pdata_sz, size_t *pdata_offset, uint8_t *value) +{ + if(pdata_sz<(*pdata_offset)+3) + { + return SSL_DECODER_FALSE; + } + + if(value!=NULL) + { + ssl_read_u8(pdata, pdata_sz, pdata_offset, &value[2]); + ssl_read_u8(pdata, pdata_sz, pdata_offset, &value[1]); + ssl_read_u8(pdata, pdata_sz, pdata_offset, &value[0]); + } + else + { + (*pdata_offset)+=3; + } + + return SSL_DECODER_TRUE; +} + +int32_t ssl_read_be_u32(uint8_t *pdata, size_t pdata_sz, size_t *pdata_offset, uint32_t *value) +{ + if(pdata_sz<(*pdata_offset)+4) + { + return SSL_DECODER_FALSE; + } + + if(value!=NULL) + { + *value=ntohl(*(uint32_t *)(pdata+(*pdata_offset))); + } + + (*pdata_offset)+=4; + return SSL_DECODER_TRUE; +} + void ssl_hello_md5sum(struct ssl_decoder_ltv *ltv, const char *str, size_t str_sz) { MD5_CTX ctx; @@ -150,123 +243,160 @@ void ssl_trunk_free(struct ssl_record_trunk *record_trunk) { if(record_trunk!=NULL) { - if(record_trunk->cache_buff!=NULL) + if(record_trunk->data!=NULL) { - FREE(record_trunk->cache_buff); - record_trunk->cache_buff=NULL; + FREE(record_trunk->data); } - record_trunk={0}; + record_trunk->data=NULL; + record_trunk->data_sz=0; + record_trunk->is_contains_header=SSL_DECODER_TRUE; + record_trunk->record_hdr={0}; } } -void ssl_trunk_cache(struct ssl_record_trunk *record_trunk, uint8_t *fragment, size_t fragment_sz) +void ssl_trunk_cache(struct ssl_record_trunk *record_trunk, enum SSL_TRUNK_TYPE type, uint8_t *fragment, size_t fragment_sz) { - if(fragment==NULL || fragment_sz==0) + if(record_trunk==NULL || fragment==NULL || fragment_sz==0) { return ; } - if(record_trunk->cache_buff==NULL) - { - record_trunk->cache_buff=(uint8_t *)malloc(fragment_sz); - } - - memmove(record_trunk->cache_buff+record_trunk->cache_len, fragment, fragment_sz); - record_trunk->cache_len+=fragment_sz; + switch(type) + { + case SSL_TRUNK_TYPE_MOVE: + { + uint8_t *tmp=(uint8_t *)malloc(fragment_sz); + memcpy(tmp, fragment, fragment_sz); + if(record_trunk->data!=NULL) + { + FREE(record_trunk->data); + } + record_trunk->data=tmp; + record_trunk->data_sz=fragment_sz; + } + break; + case SSL_TRUNK_TYPE_APPEND: + record_trunk->data=(record_trunk->data==NULL) ? (uint8_t *)malloc(fragment_sz) : (uint8_t *)realloc(record_trunk->data, record_trunk->data_sz+fragment_sz); + memcpy(record_trunk->data+record_trunk->data_sz, fragment, fragment_sz); + record_trunk->data_sz+=fragment_sz; + break; + default: + break; + } } int32_t is_trunk_cache(struct ssl_record_trunk *record_trunk) { - return ((record_trunk->cache_len>0) ? SSL_DECODER_TRUE : SSL_DECODER_FALSE); + return ((record_trunk->data_sz>0) ? SSL_DECODER_TRUE : SSL_DECODER_FALSE); } -void ssl_recod_buff_get0(struct ssl_record_trunk *record_trunk, uint8_t **record_buff, size_t *record_buff_sz) +int32_t ssl_record_header_get(struct ssl_record_header *record_hdr, uint8_t *pdata, size_t pdata_sz, size_t *pdata_offset) { - if(!is_trunk_cache(record_trunk) || (*record_buff_sz)<=SSL_RECORD_HEADER_SZ) - { - return ; - } + if(pdata_sz<(*pdata_offset)+SSL_RECORD_HEADER_SZ) + { + return SSL_DECODER_FALSE; + } - ssl_trunk_cache(record_trunk, (*record_buff), (*record_buff_sz)); + ssl_read_u8(pdata, pdata_sz, pdata_offset, &(record_hdr->content_type)); + ssl_read_be_u16(pdata, pdata_sz, pdata_offset, &(record_hdr->version)); + ssl_read_be_u16(pdata, pdata_sz, pdata_offset, &(record_hdr->total_len)); - (*record_buff)=record_trunk->cache_buff; - (*record_buff_sz)=record_trunk->cache_len; + return SSL_DECODER_TRUE; } -void ssl_handshake_server_key_exchange_decode() +void ssl_recod_buff_get0(struct ssl_record_trunk *record_trunk, uint8_t **record_buff, size_t *record_buff_sz) { + if(!is_trunk_cache(record_trunk) && (*record_buff_sz)>SSL_RECORD_HEADER_SZ) + { + return ; + } -} - - -int32_t ssl_read_u8(uint8_t *pdata, size_t pdata_sz, size_t *pdata_offset, uint8_t *value) -{ - if(pdata_sz<(*pdata_offset)+1) + if(record_trunk->is_contains_header==SSL_DECODER_TRUE) { - return SSL_DECODER_FALSE; + ssl_trunk_cache(record_trunk, SSL_TRUNK_TYPE_APPEND, (*record_buff), (*record_buff_sz)); } - - if(value!=NULL) + else { - *value=(uint8_t)pdata[(*pdata_offset)]; + size_t offset=0; + struct ssl_record_header record_hdr={0}; + ssl_record_header_get(&record_hdr, *record_buff, *record_buff_sz, &offset); + if(record_hdr.content_type!=record_trunk->record_hdr.content_type) + { + ssl_trunk_free(record_trunk); + return ; + } + + if((*record_buff_sz)<SSL_RECORD_HEADER_SZ) + { + return ; + } + + ssl_trunk_cache(record_trunk, SSL_TRUNK_TYPE_APPEND, (*record_buff)+SSL_RECORD_HEADER_SZ, (*record_buff_sz)-SSL_RECORD_HEADER_SZ); } - - (*pdata_offset)++; - return SSL_DECODER_TRUE; + + + (*record_buff)=record_trunk->data; + (*record_buff_sz)=record_trunk->data_sz; } -int32_t ssl_read_be_u16(uint8_t *pdata, size_t pdata_sz, size_t *pdata_offset, uint16_t *value) +void ssl_trunk_message_segment_data_cb(struct session *ss, int32_t topic_id, const void *msg, void *per_session_ctx, void *penv) { - if(pdata_sz<(*pdata_offset)+2) + struct ssl_trunk_message *trunk_msg=(struct ssl_trunk_message *)msg; + if(trunk_msg==NULL || trunk_msg->magic!=SSL_TRUNK_MAGIC) { - return SSL_DECODER_FALSE; + return ; } - - if(value!=NULL) + + switch(trunk_msg->type) { - *value=((uint16_t)pdata[*pdata_offset] << 8) | (uint16_t)pdata[*pdata_offset+1]; + case SSL_TRUNK_TYPE_MOVE: + ssl_trunk_cache(trunk_msg->record_trunk, SSL_TRUNK_TYPE_MOVE, trunk_msg->pdata, trunk_msg->pdata_sz); + break; + case SSL_TRUNK_TYPE_APPEND: + ssl_trunk_cache(trunk_msg->record_trunk, SSL_TRUNK_TYPE_APPEND, trunk_msg->pdata, trunk_msg->pdata_sz); + break; + case SSL_TRUNK_TYPE_FREE: + ssl_trunk_free(trunk_msg->record_trunk); + break; + default: + break; } - - (*pdata_offset)+=2; - return SSL_DECODER_TRUE; } -int32_t ssl_read_be_u24(uint8_t *pdata, size_t pdata_sz, size_t *pdata_offset, uint8_t *value) +void ssl_trunk_message_publish(struct ssl_decoder_plugin_env *plugin_env, struct session *ss, struct ssl_record_trunk *record_trunk, uint8_t *pdata, size_t pdata_sz) { - if(pdata_sz<(*pdata_offset)+3) - { - return SSL_DECODER_FALSE; + struct ssl_trunk_message *message=(struct ssl_trunk_message *)malloc(sizeof(struct ssl_trunk_message)); + message->magic=SSL_TRUNK_MAGIC; + message->record_trunk=record_trunk; + message->pdata=pdata; + message->pdata_sz=pdata_sz; + if(pdata_sz==0) + { + message->type=SSL_TRUNK_TYPE_FREE; } - - if(value!=NULL) + else { - ssl_read_u8(pdata, pdata_sz, pdata_offset, &value[2]); - ssl_read_u8(pdata, pdata_sz, pdata_offset, &value[1]); - ssl_read_u8(pdata, pdata_sz, pdata_offset, &value[0]); + message->type=((is_trunk_cache(record_trunk)) ? SSL_TRUNK_TYPE_MOVE : SSL_TRUNK_TYPE_APPEND); } - else + + if(((long long)pdata_sz) <0) { - (*pdata_offset)+=3; + abort(); } - - return SSL_DECODER_TRUE; + + session_mq_publish_message(ss, plugin_env->ptrunk.topic_id, (void *)message); } -int32_t ssl_read_be_u32(uint8_t *pdata, size_t pdata_sz, size_t *pdata_offset, uint32_t *value) +void ssl_trunk_message_free(struct session *sess, void *msg, void *msg_free_arg) { - if(pdata_sz<(*pdata_offset)+4) - { - return SSL_DECODER_FALSE; - } - - if(value!=NULL) + struct ssl_trunk_message *trunk_msg=(struct ssl_trunk_message *)msg; + if(trunk_msg==NULL) { - *value=ntohl(*(uint32_t *)(pdata+(*pdata_offset))); + return ; } - - (*pdata_offset)+=4; - return SSL_DECODER_TRUE; + + FREE(trunk_msg); } int32_t ssl_decoder_ltv_get(struct ssl_decoder_ltv *ltv, uint16_t type, uint8_t *pdata, size_t pdata_sz, size_t *pdata_offset) @@ -723,7 +853,7 @@ struct ssl_client_hello *ssl_handshake_client_hello_decode(uint8_t *pdata, size_ utarray_push_back(chello->extensions, <v); - switch(ltv.type) + switch(ltv.vtype) { case SERVER_NAME_EXT_TYPE: { @@ -900,7 +1030,7 @@ int32_t ssl_client_hello_ja3_generate(struct ssl_client_hello *chello) return SSL_DECODER_TRUE; } -void ssl_message_publish(struct ssl_decoder_plugin_env *plugin_env, struct session *ss, enum ssl_message_type type, void *data) +void ssl_message_publish(struct ssl_decoder_plugin_env *plugin_env, struct session *ss, enum ssl_message_type type, void *data, size_t data_sz) { struct ssl_message *message=(struct ssl_message *)malloc(sizeof(struct ssl_message)); message->magic=SSL_MESSAGE_MAGIC; @@ -908,11 +1038,11 @@ void ssl_message_publish(struct ssl_decoder_plugin_env *plugin_env, struct sessi message->ss=ss; message->plugin_env=plugin_env; message->data=data; + message->data_sz=data_sz; session_mq_publish_message(ss, plugin_env->ssl.topic_id, (void *)message); } - void ssl_message_free(struct session *sess, void *msg, void *msg_free_arg) { struct ssl_message *message=(struct ssl_message *)msg; @@ -932,6 +1062,8 @@ void ssl_message_free(struct session *sess, void *msg, void *msg_free_arg) { utarray_free(chello->extensions); } + + FREE(message->data); } break; case SSL_MESSAGE_SERVER_HELLO: @@ -941,6 +1073,8 @@ void ssl_message_free(struct session *sess, void *msg, void *msg_free_arg) { utarray_free(shello->extensions); } + + FREE(message->data); } break; case SSL_MESSAGE_CERTIFICATE: @@ -955,103 +1089,112 @@ void ssl_message_free(struct session *sess, void *msg, void *msg_free_arg) { FREE(certificate->subject_key.value); } + + FREE(message->data); } break; default: break; } - - FREE(message->data); } FREE(message); } - -void ssl_handshake_decode(struct ssl_decoder_plugin_env *plugin_env, struct session *ss, uint8_t *pdata, size_t pdata_sz, size_t *pdata_offset) +int32_t ssl_handshake_decode(struct ssl_decoder_plugin_env *plugin_env, struct session *ss, uint8_t *pdata, size_t pdata_sz, size_t *pdata_offset, size_t total_sz) { if(pdata==NULL || ((*pdata_offset)+1>pdata_sz)) { - return ; + return SSL_DECODER_FALSE; } - struct ssl_handshake_type *handshake_type=(struct ssl_handshake_type *)(pdata+(*pdata_offset)); - (*pdata_offset)+=sizeof(struct ssl_handshake_type); - - int32_t total_len=0; - int32_t ret=ssl_read_be_u24(pdata, pdata_sz, pdata_offset, (uint8_t *)&total_len); - if(ret==SSL_DECODER_FALSE || total_len<0 || total_len+(*pdata_offset)>pdata_sz) + size_t hd_offset=0; + while(total_sz>hd_offset && pdata_sz>(*pdata_offset)) { - return ; - } + struct ssl_handshake_type *handshake_type=(struct ssl_handshake_type *)(pdata+(*pdata_offset)); + if(handshake_type->content_type==SSL_HANDSHAKE_ENCRYPTED_MESSAGE) + { + hd_offset=total_sz; + (*pdata_offset)+=total_sz; + return SSL_DECODER_TRUE; + } - switch(handshake_type->content_type) - { - case SSL_HANDSHAKE_CLIENT_HELLO: - { - struct ssl_client_hello *chello=ssl_handshake_client_hello_decode(pdata, pdata_sz, pdata_offset); - ssl_client_hello_ja3_generate(chello); - ssl_message_publish(plugin_env, ss, SSL_MESSAGE_CLIENT_HELLO, (void *)chello); - } - break; - case SSL_HANDSHAKE_SERVER_HELLO: - { - struct ssl_server_hello *shello=ssl_handshake_server_hello_decode(pdata, pdata_sz, pdata_offset); - ssl_server_hello_ja3s_generate(shello); - ssl_message_publish(plugin_env, ss, SSL_MESSAGE_SERVER_HELLO, (void *)shello); - } - break; - case SSL_HANDSHAKE_CERTIFICATE: - { - int32_t cert_total_len=0; - ret=ssl_read_be_u24(pdata, pdata_sz, pdata_offset, (uint8_t *)&cert_total_len); - if(ret==SSL_DECODER_FALSE || cert_total_len<0 || cert_total_len+(*pdata_offset)>pdata_sz || (cert_total_len+3)!=total_len) - { - return ; - } + (*pdata_offset)+=sizeof(struct ssl_handshake_type); - struct ssl_certificate_chain cert_unit[SSL_CERTIFICATE_NUM_MAX]; - uint32_t cert_count=ssl_handshake_certificate_count_get(pdata, pdata_sz, pdata_offset, cert_unit, SSL_CERTIFICATE_NUM_MAX); + int32_t total_len=0; + int32_t ret=ssl_read_be_u24(pdata, pdata_sz, pdata_offset, (uint8_t *)&total_len); + if(ret==SSL_DECODER_FALSE) + { + return SSL_DECODER_CONTINUE; + } - for(uint32_t i=0, cert_offset=0; i<cert_count; i++, cert_offset++) - { - struct ssl_certificate *certificate=(struct ssl_certificate *)CALLOC(struct ssl_certificate, 1); + if(total_len<0) + { + return SSL_DECODER_FALSE; + } - certificate->type=ssl_handshake_certificate_type_get(cert_count, cert_offset); - int32_t state=ssl_x509_certificate_detail_decode(certificate, cert_unit[i].data, cert_unit[i].data_sz); - if(state==SSL_DECODER_FALSE) + if(total_len+(*pdata_offset)>pdata_sz) + { + return SSL_DECODER_CONTINUE; + } + + size_t offset=(*pdata_offset); + (*pdata_offset)+=total_len; + hd_offset+=total_len+4; + + switch(handshake_type->content_type) + { + case SSL_HANDSHAKE_CLIENT_HELLO: + { + struct ssl_client_hello *chello=ssl_handshake_client_hello_decode(pdata, pdata_sz, &offset); + ssl_client_hello_ja3_generate(chello); + ssl_message_publish(plugin_env, ss, SSL_MESSAGE_CLIENT_HELLO, (void *)chello, sizeof(struct ssl_client_hello)); + } + break; + case SSL_HANDSHAKE_SERVER_HELLO: + { + struct ssl_server_hello *shello=ssl_handshake_server_hello_decode(pdata, pdata_sz, &offset); + ssl_server_hello_ja3s_generate(shello); + ssl_message_publish(plugin_env, ss, SSL_MESSAGE_SERVER_HELLO, (void *)shello, sizeof(struct ssl_server_hello)); + } + break; + case SSL_HANDSHAKE_CERTIFICATE: + { + int32_t cert_total_len=0; + ret=ssl_read_be_u24(pdata, pdata_sz, &offset, (uint8_t *)&cert_total_len); + if(ret==SSL_DECODER_FALSE || cert_total_len<0 || cert_total_len+offset>pdata_sz || (cert_total_len+3)!=total_len) { - FREE(certificate); - return ; + break; } - ssl_message_publish(plugin_env, ss, SSL_MESSAGE_CERTIFICATE, (void *)certificate); - } - } - break; - case SSL_HANDSHAKE_SERVER_KEY_EXCHANGE: - // ssl_handshake_server_key_exchange_decode(); - break; - default: - break; - } -} + struct ssl_certificate_chain cert_unit[SSL_CERTIFICATE_NUM_MAX]; + uint32_t cert_count=ssl_handshake_certificate_count_get(pdata, pdata_sz, &offset, cert_unit, SSL_CERTIFICATE_NUM_MAX); -int32_t ssl_record_header_get(struct ssl_record_header *record_hdr, uint8_t *pdata, size_t pdata_sz, size_t *pdata_offset) -{ - if(pdata_sz<(*pdata_offset)+SSL_RECORD_HEADER_SZ) - { - return SSL_DECODER_FALSE; - } + for(uint32_t i=0, cert_offset=0; i<cert_count; i++, cert_offset++) + { + struct ssl_certificate *certificate=(struct ssl_certificate *)CALLOC(struct ssl_certificate, 1); - ssl_read_u8(pdata, pdata_sz, pdata_offset, &(record_hdr->content_type)); - ssl_read_be_u16(pdata, pdata_sz, pdata_offset, &(record_hdr->version)); - ssl_read_be_u16(pdata, pdata_sz, pdata_offset, &(record_hdr->total_len)); + certificate->type=ssl_handshake_certificate_type_get(cert_count, cert_offset); + int32_t state=ssl_x509_certificate_detail_decode(certificate, cert_unit[i].data, cert_unit[i].data_sz); + if(state==SSL_DECODER_FALSE) + { + FREE(certificate); + break; + } + + ssl_message_publish(plugin_env, ss, SSL_MESSAGE_CERTIFICATE, (void *)certificate, sizeof(struct ssl_certificate)); + } + } + break; + case SSL_HANDSHAKE_SERVER_KEY_EXCHANGE: + default: + break; + } + } return SSL_DECODER_TRUE; } - void ssl_tcp_stream_session_segment_data_cb(struct session *ss, int32_t topic_id, const void *msg, void *per_session_ctx, void *penv) { size_t pdata_offset=0; @@ -1063,48 +1206,84 @@ void ssl_tcp_stream_session_segment_data_cb(struct session *ss, int32_t topic_id return ; } - /* - * fragment: - 1: less than SSL_RECORD_HEADER_SZ - 2: less than the length of the message - */ - - struct ssl_decoder_context *per_ss_ctx=(struct ssl_decoder_context *)(per_session_ctx); - + // fragment: 1: less than SSL_RECORD_HEADER_SZ; 2: less than the length of the message; 3: multiple record messages + struct ssl_decoder_plugin_env *plugin_env=(struct ssl_decoder_plugin_env *)penv; + struct ssl_decoder_context *per_ss_ctx=(struct ssl_decoder_context *)(per_session_ctx); ssl_recod_buff_get0(&(per_ss_ctx->record_trunk), &pdata, &pdata_sz); if(pdata_sz<=SSL_RECORD_HEADER_SZ) { return ; } - struct ssl_record_header record_hdr={0}; - ssl_record_header_get(&record_hdr, pdata, pdata_sz, &pdata_offset); - if(!is_trunk_cache(&(per_ss_ctx->record_trunk)) && pdata_sz<record_hdr.total_len) + while(pdata_sz>pdata_offset) { - ssl_trunk_cache(&(per_ss_ctx->record_trunk), pdata, pdata_sz); - return ; - } + struct ssl_record_header record_hdr={0}; + if(per_ss_ctx->record_trunk.is_contains_header==SSL_DECODER_TRUE) + { + ssl_record_header_get(&record_hdr, pdata, pdata_sz, &pdata_offset); + } + else + { + record_hdr=per_ss_ctx->record_trunk.record_hdr; + record_hdr.total_len=pdata_sz; + } - struct ssl_decoder_plugin_env *plugin_env=(struct ssl_decoder_plugin_env *)penv; + int32_t ret=SSL_DECODER_TRUE; + size_t offset=pdata_offset; + switch(record_hdr.content_type) + { + case SSL_CONTENT_TYPE_HANDSHAKE: + if(pdata_sz-pdata_offset<record_hdr.total_len) + { + pdata_offset-=5; + ret=SSL_DECODER_FALSE; + per_ss_ctx->record_trunk.record_hdr=record_hdr; + per_ss_ctx->record_trunk.is_contains_header=SSL_DECODER_TRUE; + break; + } + else + { + ret=ssl_handshake_decode(plugin_env, ss, pdata, pdata_sz, &offset, record_hdr.total_len); + pdata_offset=((ret==SSL_DECODER_FALSE) ? pdata_sz : pdata_offset); + } + break; + case SSL_CONTENT_TYPE_APPLICATION_DATA: + ssl_message_publish(plugin_env, ss, SSL_MESSAGE_ENCRYPTED_APPLICATION, (void *)(pdata+offset), record_hdr.total_len); + offset+=record_hdr.total_len; + break; + case SSL_CONTENT_TYPE_ALERT: + case SSL_CONTENT_TYPE_CHANGE_CIPHER_SPEC: + offset+=record_hdr.total_len; + break; + default: + offset+=record_hdr.total_len; + if(per_ss_ctx->identify_pkt_count++>=plugin_env->max_identify_pkt) + { + stellar_session_plugin_dettach_current_session(ss); + return ; + } + break; + } - switch(record_hdr.content_type) - { - case SSL_CONTENT_TYPE_HANDSHAKE: - ssl_handshake_decode(plugin_env, ss, pdata, pdata_sz, &pdata_offset); - break; - case SSL_CONTENT_TYPE_ALERT: - break; - case SSL_CONTENT_TYPE_APPLICATION_DATA: - break; - case SSL_CONTENT_TYPE_CHANGE_CIPHER_SPEC: + if(ret==SSL_DECODER_FALSE) + { break; - default: - if(per_ss_ctx->identify_pkt_count++>=plugin_env->max_identify_pkt) - { - stellar_session_plugin_dettach_current_session(ss); - return ; - } + } + + if(ret==SSL_DECODER_CONTINUE) + { + //pdata_offset-=5; + per_ss_ctx->record_trunk.record_hdr=record_hdr; + per_ss_ctx->record_trunk.is_contains_header=SSL_DECODER_FALSE; break; + } + + pdata_offset+=record_hdr.total_len; + } + + if(is_trunk_cache(&(per_ss_ctx->record_trunk)) || pdata_sz>pdata_offset) + { + ssl_trunk_message_publish(plugin_env, ss, &(per_ss_ctx->record_trunk), pdata+pdata_offset, pdata_sz-pdata_offset); } } @@ -1118,7 +1297,9 @@ void *ssl_decoder_per_session_context_new(struct session *ss, void *penv) return NULL; } - return CALLOC(struct ssl_decoder_context, 1); + struct ssl_decoder_context *per_ss_ctx=(struct ssl_decoder_context *)CALLOC(struct ssl_decoder_context, 1); + per_ss_ctx->record_trunk.is_contains_header=SSL_DECODER_TRUE; + return (void *)per_ss_ctx; } void ssl_decoder_per_session_context_free(struct session *ss, void *per_session_ctx, void *penv) @@ -1194,37 +1375,6 @@ int32_t ssl_decoder_config_load(const char *cfg_path, struct ssl_decoder_plugin_ plugin_env->net_port[i]=ntohs(int_val.u.i); } - // toml_table_t *limited_tbl=toml_table_in(ssl_tbl, "limited"); - // if(NULL==limited_tbl) - // { - // fprintf(stderr, "[%s:%d] config file: %s has no key: [decoder.ssl.limited]", __FUNCTION__, __LINE__, cfg_path); - // toml_free(root); - // return -1; - // } - - // toml_datum_t max_rr_num_val=toml_int_in(limited_tbl, "max_rr_num"); - // if(max_rr_num_val.ok==0) - // { - // fprintf(stderr, "[%s:%d] config file: %s has no key: [decoder.ssl.limited.max_rr_num]", __FUNCTION__, __LINE__, cfg_path); - // ret=-1; - // } - // else - // { - // plugin_env->max_rr_num=max_rr_num_val.u.i; - // } - - // // max_cache_trans_num - // toml_datum_t max_cache_trans_num_val=toml_int_in(limited_tbl, "max_cache_trans_num"); - // if(max_cache_trans_num_val.ok==0) - // { - // fprintf(stderr, "[%s:%d] config file: %s has no key: [decoder.ssl.limited.max_cache_trans_num]", __FUNCTION__, __LINE__, cfg_path); - // ret=-1; - // } - // else - // { - // plugin_env->max_cache_trans_num=max_cache_trans_num_val.u.i; - // } - toml_table_t *local_stat_tbl=toml_table_in(ssl_tbl, "local_stat"); if(NULL==local_stat_tbl) { @@ -1354,21 +1504,38 @@ extern "C" void *ssl_decoder_init(struct stellar *st) plugin_env->ssl.free_cb=ssl_message_free; plugin_env->ssl.on_cb=NULL; plugin_env->ssl.topic_name=SSL_DECODER_MESSAGE_TOPIC; - plugin_env->ssl.topic_id=stellar_session_mq_get_topic_id(st, plugin_env->ssl.topic_name); + plugin_env->ssl.topic_id=stellar_session_mq_get_topic_id(plugin_env->st, plugin_env->ssl.topic_name); if(plugin_env->ssl.topic_id<0) { - plugin_env->ssl.topic_id=stellar_session_mq_create_topic(st, plugin_env->ssl.topic_name, ssl_message_free, NULL); + plugin_env->ssl.topic_id=stellar_session_mq_create_topic(plugin_env->st, plugin_env->ssl.topic_name, ssl_message_free, NULL); } + plugin_env->ptrunk.free_cb=ssl_trunk_message_free; + plugin_env->ptrunk.on_cb=NULL; + plugin_env->ptrunk.topic_name=SSL_TRUNK_MESSAGE_TOPIC; + plugin_env->ptrunk.topic_id=stellar_session_mq_get_topic_id(plugin_env->st, plugin_env->ptrunk.topic_name); + if(plugin_env->ptrunk.topic_id<0) + { + plugin_env->ptrunk.topic_id=stellar_session_mq_create_topic(plugin_env->st, plugin_env->ptrunk.topic_name, ssl_trunk_message_free, NULL); + } + + plugin_env->strunk.free_cb=NULL; + plugin_env->strunk.on_cb=ssl_trunk_message_segment_data_cb; + plugin_env->strunk.topic_name=SSL_TRUNK_MESSAGE_TOPIC; + plugin_env->strunk.topic_id=stellar_session_mq_get_topic_id(plugin_env->st, plugin_env->strunk.topic_name); + plugin_env->strunk.sub_id=stellar_session_mq_subscribe(plugin_env->st, plugin_env->strunk.topic_id, plugin_env->strunk.on_cb, plugin_env->plugin_id); + plugin_env->tcp_stream.free_cb=NULL; plugin_env->tcp_stream.on_cb=ssl_tcp_stream_session_segment_data_cb; plugin_env->tcp_stream.topic_name=TOPIC_TCP_STREAM; plugin_env->tcp_stream.topic_id=stellar_session_mq_get_topic_id(plugin_env->st, plugin_env->tcp_stream.topic_name); plugin_env->tcp_stream.sub_id=stellar_session_mq_subscribe(plugin_env->st, plugin_env->tcp_stream.topic_id, plugin_env->tcp_stream.on_cb, plugin_env->plugin_id); - printf("ssl_decoder_init: plugin_id: %d, topic: [{name: %s -> id: %d}, {name: %s -> id: %d}] \n", + printf("ssl_decoder_init: plugin_id: %d, topic: [{name: %s -> id: %d}, {name: %s -> id: %d}, {name: %s -> id: %d}, {name: %s -> id: %d}] \n", plugin_env->plugin_id, plugin_env->ssl.topic_name, plugin_env->ssl.topic_id, + plugin_env->ptrunk.topic_name, plugin_env->ptrunk.topic_id, + plugin_env->strunk.topic_name, plugin_env->strunk.topic_id, plugin_env->tcp_stream.topic_name, plugin_env->tcp_stream.topic_id ); diff --git a/src/ssl_export.cpp b/src/ssl_export.cpp index a87bf2e..248ff1b 100644 --- a/src/ssl_export.cpp +++ b/src/ssl_export.cpp @@ -18,7 +18,7 @@ int32_t ssl_message_esni_is_true(const struct ssl_message *msg) return -1; } - return ((msg->chello->esni==NULL) ? 1 : 0); + return ((msg->chello->esni==NULL) ? 0 : 1); } int32_t ssl_message_ech_is_true(const struct ssl_message *msg) @@ -28,7 +28,7 @@ int32_t ssl_message_ech_is_true(const struct ssl_message *msg) return -1; } - return ((msg->chello->ech==NULL) ? 1 : 0); + return ((msg->chello->ech==NULL) ? 0 : 1); } void ssl_message_sni_get0(const struct ssl_message *msg, char **value, size_t *value_sz) @@ -71,6 +71,26 @@ const char *ssl_message_readable_version_get0(const struct ssl_message *msg) } version=msg->shello->version; break; + case SSL_MESSAGE_CERTIFICATE: + if(msg->certificate==NULL) + { + return NULL; + } + + switch(msg->certificate->version) + { + case 0: + return "v1"; + case 1: + return "v2"; + case 2: + return "v3"; + case 3: + return "v4"; + default: + break; + } + return NULL; default: return NULL; } @@ -78,19 +98,19 @@ const char *ssl_message_readable_version_get0(const struct ssl_message *msg) switch(version) { case SSL_DECODER_VERSION_SSL_V2_0: - return "SSLv2.0"; + return "SSL2.0"; case SSL_DECODER_VERSION_SSL_V3_0: - return "SSLv3.0"; + return "SSL3.0"; case SSL_DECODER_VERSION_TLS_V1_0: - return "TLSv1.0"; + return "TLS1.0"; case SSL_DECODER_VERSION_TLS_V1_1: - return "TLSv1.1"; + return "TLS1.1"; case SSL_DECODER_VERSION_TLS_V1_2: - return "TLSv1.2"; + return "TLS1.2"; case SSL_DECODER_VERSION_TLS_V1_3: - return "TLSv1.3"; + return "TLS1.3"; case SSL_DECODER_VERSION_TLCP_V1_0: - return "TLCPv1.0"; + return "TLCP1.0"; default: break; } @@ -151,102 +171,212 @@ int ssl_message_reset_extensions_iter(struct ssl_message *msg) enum ssl_certificate_type ssl_certificate_type_get(const struct ssl_message *msg) { - return ((msg==NULL || msg->magic!=SSL_MESSAGE_MAGIC || msg->type!=SSL_MESSAGE_CERTIFICATE) ? msg->certificate->type : SSL_CERTIFICATE_TYPE_UNKNOWN); + return ((msg==NULL || msg->magic!=SSL_MESSAGE_MAGIC || msg->type!=SSL_MESSAGE_CERTIFICATE) ? SSL_CERTIFICATE_TYPE_UNKNOWN : msg->certificate->type); } void ssl_message_validity_before_get0(const struct ssl_message *msg, char **value, size_t *value_sz) { + if(msg==NULL || msg->magic!=SSL_MESSAGE_MAGIC || msg->type!=SSL_MESSAGE_CERTIFICATE) + { + return; + } + *value=(char *)msg->certificate->validity.before; + *value_sz=strlen(msg->certificate->validity.before); } void ssl_message_validity_after_get0(const struct ssl_message *msg, char **value, size_t *value_sz) { + if(msg==NULL || msg->magic!=SSL_MESSAGE_MAGIC || msg->type!=SSL_MESSAGE_CERTIFICATE) + { + return; + } + *value=(char *)msg->certificate->validity.after; + *value_sz=strlen(msg->certificate->validity.after); } void ssl_message_issuer_serial_number_get0(const struct ssl_message *msg, char **value, size_t *value_sz) { + if(msg==NULL || msg->magic!=SSL_MESSAGE_MAGIC || msg->type!=SSL_MESSAGE_CERTIFICATE) + { + return; + } + *value=(char *)msg->certificate->serial.value; + *value_sz=msg->certificate->serial.len; } void ssl_message_subject_public_key_algorithm_get0(const struct ssl_message *msg, char **value, size_t *value_sz) { + if(msg==NULL || msg->magic!=SSL_MESSAGE_MAGIC || msg->type!=SSL_MESSAGE_CERTIFICATE) + { + return; + } + *value=(char *)msg->certificate->subject_key.value; + *value_sz=msg->certificate->subject_key.len; } -void ssl_message_ssl_algorithm_identifier_get0(const struct ssl_message *msg, char **value, size_t *value_sz) +void ssl_message_algorithm_identifier_get0(const struct ssl_message *msg, char **value, size_t *value_sz) { + if(msg==NULL || msg->magic!=SSL_MESSAGE_MAGIC || msg->type!=SSL_MESSAGE_CERTIFICATE) + { + return; + } + *value=(char *)msg->certificate->algorithm_identifier.value; + *value_sz=msg->certificate->algorithm_identifier.len; } -void ssl_message_ssl_signature_algorithm_id_get0(const struct ssl_message *msg, char **value, size_t *value_sz) +void ssl_message_signature_algorithm_id_get0(const struct ssl_message *msg, char **value, size_t *value_sz) { + if(msg==NULL || msg->magic!=SSL_MESSAGE_MAGIC || msg->type!=SSL_MESSAGE_CERTIFICATE) + { + return; + } + *value=(char *)msg->certificate->signature_algorithm.value; + *value_sz=msg->certificate->signature_algorithm.len; } void ssl_message_subject_alter_next(const struct ssl_message *msg, char **value, size_t *value_sz) { + if(msg==NULL || msg->magic!=SSL_MESSAGE_MAGIC || msg->type!=SSL_MESSAGE_CERTIFICATE) + { + return; + } + if(msg->certificate->subject_alter.num==0 || msg->certificate->subject_alter.offset>=msg->certificate->subject_alter.num) + { + *value=NULL; + *value_sz=0; + return; + } + + *value=(char *)msg->certificate->subject_alter.name[msg->certificate->subject_alter.offset]; + *value_sz=strlen(msg->certificate->subject_alter.name[msg->certificate->subject_alter.offset]); + msg->certificate->subject_alter.offset++; } int ssl_message_reset_subject_alter_iter(struct ssl_message *msg) { + if(msg==NULL || msg->magic!=SSL_MESSAGE_MAGIC || msg->type!=SSL_MESSAGE_CERTIFICATE) + { + return -1; + } + + msg->certificate->subject_alter.offset=0; return 0; } struct ssl_rdn_sequence *ssl_message_issuer_rdn_sequence_get0(const struct ssl_message *msg) { - return ((msg==NULL || msg->magic!=SSL_MESSAGE_MAGIC || msg->type!=SSL_MESSAGE_CERTIFICATE) ? &(msg->certificate->issuer) : NULL); + return ((msg==NULL || msg->magic!=SSL_MESSAGE_MAGIC || msg->type!=SSL_MESSAGE_CERTIFICATE) ? NULL : &(msg->certificate->issuer)); } struct ssl_rdn_sequence *ssl_message_subject_rdn_sequence_get0(const struct ssl_message *msg) { - return ((msg==NULL || msg->magic!=SSL_MESSAGE_MAGIC || msg->type!=SSL_MESSAGE_CERTIFICATE) ? &(msg->certificate->subject) : NULL); + return ((msg==NULL || msg->magic!=SSL_MESSAGE_MAGIC || msg->type!=SSL_MESSAGE_CERTIFICATE) ? NULL : &(msg->certificate->subject)); } void ssl_rdn_sequence_common_get0(struct ssl_rdn_sequence *rdn, char **value, size_t *value_sz) { + if(rdn==NULL) + { + return; + } + *value_sz=strlen(rdn->common); + *value=(((*value_sz)>0) ? rdn->common : NULL); } void ssl_rdn_sequence_country_get0(struct ssl_rdn_sequence *rdn, char **value, size_t *value_sz) { + if(rdn==NULL) + { + return; + } + *value_sz=strlen(rdn->country); + *value=(((*value_sz)>0) ? rdn->country : NULL); } void ssl_rdn_sequence_locality_get0(struct ssl_rdn_sequence *rdn, char **value, size_t *value_sz) { + if(rdn==NULL) + { + return; + } + *value_sz=strlen(rdn->locality); + *value=(((*value_sz)>0) ? rdn->locality : NULL); } void ssl_rdn_sequence_postal_code_get0(struct ssl_rdn_sequence *rdn, char **value, size_t *value_sz) { + if(rdn==NULL) + { + return; + } + *value_sz=strlen(rdn->postal_code); + *value=(((*value_sz)>0) ? rdn->postal_code : NULL); } void ssl_rdn_sequence_organization_get0(struct ssl_rdn_sequence *rdn, char **value, size_t *value_sz) { + if(rdn==NULL) + { + return; + } + *value_sz=strlen(rdn->organization); + *value=(((*value_sz)>0) ? rdn->organization : NULL); } void ssl_rdn_sequence_street_address_get0(struct ssl_rdn_sequence *rdn, char **value, size_t *value_sz) { + if(rdn==NULL) + { + return; + } + *value_sz=strlen(rdn->street_address); + *value=(((*value_sz)>0) ? rdn->street_address : NULL); } void ssl_rdn_sequence_state_or_province_get0(struct ssl_rdn_sequence *rdn, char **value, size_t *value_sz) { + if(rdn==NULL) + { + return; + } + *value_sz=strlen(rdn->state_or_Province); + *value=(((*value_sz)>0) ? rdn->state_or_Province : NULL); } void ssl_rdn_sequence_organizational_unit_get0(struct ssl_rdn_sequence *rdn, char **value, size_t *value_sz) { + if(rdn==NULL) + { + return; + } + *value_sz=strlen(rdn->organizational_unit); + *value=(((*value_sz)>0) ? rdn->organizational_unit : NULL); } void ssl_rdn_sequence_list_get0(struct ssl_rdn_sequence *rdn, char **value, size_t *value_sz) { + if(rdn==NULL) + { + return; + } + *value_sz=strlen(rdn->rdn_sequence_list); + *value=(((*value_sz)>0) ? rdn->rdn_sequence_list : NULL); } void ssl_message_protected_payload_get0(const struct ssl_message *msg, char **value, size_t *value_sz) diff --git a/src/ssl_internal.h b/src/ssl_internal.h index 2891b68..99af3ae 100644 --- a/src/ssl_internal.h +++ b/src/ssl_internal.h @@ -6,19 +6,21 @@ #include <uthash/utarray.h> #include "ssl_decoder.h" -#define SSL_DECODER_TOML_PATH "conf/ssl/ssl_decoder.toml" +#define SSL_DECODER_TOML_PATH "etc/ssl/ssl_decoder.toml" #define SSL_DECODER_FALSE 0 #define SSL_DECODER_TRUE 1 +#define SSL_DECODER_CONTINUE 2 #define SSL_UUID_BYTES_SZ 16 #define SSL_RANDOM_TIME_LEN 4 #define SSL_RANDOM_SIZE 28 -#define SSL_HANDSHAKE_CLIENT_HELLO 1 -#define SSL_HANDSHAKE_SERVER_HELLO 2 -#define SSL_HANDSHAKE_CERTIFICATE 11 +#define SSL_HANDSHAKE_ENCRYPTED_MESSAGE 0 +#define SSL_HANDSHAKE_CLIENT_HELLO 1 +#define SSL_HANDSHAKE_SERVER_HELLO 2 +#define SSL_HANDSHAKE_CERTIFICATE 11 #define SSL_HANDSHAKE_SERVER_KEY_EXCHANGE 12 #define SSL_CONTENT_TYPE_HANDSHAKE 0x16 @@ -116,6 +118,7 @@ struct ssl_new_session_ticket struct ssl_subject_alter_name { int num; + int offset; char (*name)[MAX_ALTER_NAME_LEN]; }; @@ -193,6 +196,7 @@ struct ssl_message char uuid_bytes[SSL_UUID_BYTES_SZ]; struct session *ss; struct ssl_decoder_plugin_env *plugin_env; + size_t data_sz; union { struct ssl_client_hello *chello; @@ -200,5 +204,4 @@ struct ssl_message struct ssl_certificate *certificate; void *data; }; - }; diff --git a/src/version.map b/src/version.map index ed97cda..512217a 100644 --- a/src/version.map +++ b/src/version.map @@ -13,6 +13,27 @@ global: *ssl_message_ja3shash_get0*; *ssl_message_extensions_next*; *ssl_message_reset_extensions_iter*; + *ssl_certificate_type_get*; + *ssl_message_validity_before_get0*; + *ssl_message_validity_after_get0*; + *ssl_message_issuer_serial_number_get0*; + *ssl_message_subject_public_key_algorithm_get0*; + *ssl_message_algorithm_identifier_get0*; + *ssl_message_signature_algorithm_id_get0*; + *ssl_message_subject_alter_next*; + *ssl_message_reset_subject_alter_iter*; + *ssl_message_issuer_rdn_sequence_get0*; + *ssl_message_subject_rdn_sequence_get0*; + *ssl_rdn_sequence_common_get0*; + *ssl_rdn_sequence_country_get0*; + *ssl_rdn_sequence_locality_get0*; + *ssl_rdn_sequence_postal_code_get0*; + *ssl_rdn_sequence_organization_get0*; + *ssl_rdn_sequence_street_address_get0*; + *ssl_rdn_sequence_state_or_province_get0*; + *ssl_rdn_sequence_organizational_unit_get0*; + *ssl_rdn_sequence_list_get0*; + *ssl_message_protected_payload_get0; *GIT*; }; local: *; diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt index 97845cd..ea47d79 100644 --- a/test/CMakeLists.txt +++ b/test/CMakeLists.txt @@ -58,7 +58,9 @@ add_test(NAME RUN_BUG_TEST COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case add_test(NAME RUN_MULTIPLE_HANDSHAKE_TEST COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/multiple_handshake/ssl_multiple_handshake_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/multiple_handshake/ -name '*.pcap' | sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR}) add_test(NAME RUN_CLOSE_CONTAINS_PAYLOAD_TEST COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/close_contains_payload/ssl_close_contains_payload_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/close_contains_payload/ -name '*.pcap' | sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR}) add_test(NAME RUN_EXTENSION_EXCEED_16 COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/extensions_exceed_16/extensions_exceed_16_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/extensions_exceed_16/ -name '*.pcap' | sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR}) -add_test(NAME RUN_CLIENT_HELLO_FRAGMENT COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/client_hello_fragment/ssl_client_hello_fragment_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/client_hello_fragment/ -name '*.pcap' | sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR}) +add_test(NAME RUN_CLIENT_HELLO_FRAGMENT1 COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/client_hello_fragment1/ssl_client_hello_fragment_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/client_hello_fragment1/ -name '*.pcap' | sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR}) +add_test(NAME RUN_CLIENT_HELLO_FRAGMENT2 COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/client_hello_fragment2/ssl_client_hello_fragment_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/client_hello_fragment2/ -name '*.pcap' | sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR}) +add_test(NAME RUN_CLIENT_HELLO_FRAGMENT3 COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/client_hello_fragment3/ssl_client_hello_fragment_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/client_hello_fragment3/ -name '*.pcap' | sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR}) add_test(NAME RUN_ACK_CONTAINS_PAYLOAD COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/tcp_ack_contians_payload/ssl_tcp_ack_contians_payload_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/tcp_ack_contians_payload/ -name '*.pcap' | sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR}) set_tests_properties(RUN_SSL_TEST @@ -68,7 +70,9 @@ set_tests_properties(RUN_SSL_TEST RUN_MULTIPLE_HANDSHAKE_TEST RUN_CLOSE_CONTAINS_PAYLOAD_TEST RUN_EXTENSION_EXCEED_16 - RUN_CLIENT_HELLO_FRAGMENT + RUN_CLIENT_HELLO_FRAGMENT1 + RUN_CLIENT_HELLO_FRAGMENT2 + RUN_CLIENT_HELLO_FRAGMENT3 RUN_ACK_CONTAINS_PAYLOAD PROPERTIES FIXTURES_REQUIRED TestFixture )
\ No newline at end of file diff --git a/test/case/bug/ssl_bug_result.json b/test/case/bug/ssl_bug_result.json index 75cec24..79135e7 100644 --- a/test/case/bug/ssl_bug_result.json +++ b/test/case/bug/ssl_bug_result.json @@ -4,20 +4,23 @@ "ssl_sni": "match.adsrvr.org", "ssl_client_version": "TLS1.2", "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "ssl_server_version": "TLS1.2", "ssl_ja3s_hash": "8d2a028aa94425f76ced7826b1f39039", "ssl_cert_version": "v3", - "ssl_cert_Issuer": "GlobalSign GCC R3 DV TLS CA 2020;GlobalSign nv-sa;;;;;BE", - "ssl_cert_IssuerCN": "GlobalSign GCC R3 DV TLS CA 2020", - "ssl_cert_IssuerO": "GlobalSign nv-sa", - "ssl_cert_IssuerC": "BE", - "ssl_cert_Sub": "*.adsrvr.org;;;;;;", - "ssl_cert_SubCN": "*.adsrvr.org", - "ssl_cert_SubAltName": "*.adsrvr.org;adsrvr.org", - "ssl_cert_SerialNum": "0x2ddaa6f359d4ce458fe983f1", - "ssl_cert_AgID": "1.2.840.113549.1.1.11", - "ssl_cert_From": "220331203750Z", - "ssl_cert_To": "230502203749Z", - "ssl_cert_SSLFPAg": "1.2.840.113549.1.1.11", + "ssl_cert_issuer": "GlobalSign GCC R3 DV TLS CA 2020;GlobalSign nv-sa;;;;;BE", + "ssl_cert_issuer_common": "GlobalSign GCC R3 DV TLS CA 2020", + "ssl_cert_issuer_organization": "GlobalSign nv-sa", + "ssl_cert_issuer_country": "BE", + "ssl_cert_subject": "*.adsrvr.org;;;;;;", + "ssl_cert_subject_common": "*.adsrvr.org", + "ssl_cert_subject_alt_name": "*.adsrvr.org;adsrvr.org;", + "ssl_cert_serial_number": "0x2ddaa6f359d4ce458fe983f1", + "ssl_cert_signature_algorithm": "1.2.840.113549.1.1.11", + "ssl_cert_validity_before": "220331203750Z", + "ssl_cert_validity_after": "230502203749Z", + "ssl_cert_algorithm_identifier": "1.2.840.113549.1.1.11", "name": "SSL_RESULT_1" } ]
\ No newline at end of file diff --git a/test/case/client_hello_fragment/ssl_client_hello_fragment_result.json b/test/case/client_hello_fragment/ssl_client_hello_fragment_result.json deleted file mode 100644 index b392285..0000000 --- a/test/case/client_hello_fragment/ssl_client_hello_fragment_result.json +++ /dev/null @@ -1,58 +0,0 @@ -[ - { - "Tuple4": "192.168.56.31.53868>74.118.186.107.443", - "ssl_sni": "sync.targeting.unrulymedia.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "bc93a67ef4492974195865dc0262e65e", - "ssl_ja3s_hash": "b898351eb5e266aefd3723d466935494", - "ssl_cert_version": "v3", - "ssl_cert_Issuer": "Sectigo RSA Domain Validation Secure Server CA;Sectigo Limited;;Salford;;Greater Manchester;GB", - "ssl_cert_IssuerCN": "Sectigo RSA Domain Validation Secure Server CA", - "ssl_cert_IssuerO": "Sectigo Limited", - "ssl_cert_IssuerC": "GB", - "ssl_cert_IssuerP": "Greater Manchester", - "ssl_cert_IssuerL": "Salford", - "ssl_cert_Sub": "*.targeting.unrulymedia.com;;;;;;", - "ssl_cert_SubCN": "*.targeting.unrulymedia.com", - "ssl_cert_SubAltName": "*.targeting.unrulymedia.com;targeting.unrulymedia.com", - "ssl_cert_SerialNum": "0x888d5e51787e0f1f485dc542465d2034", - "ssl_cert_AgID": "1.2.840.113549.1.1.11", - "ssl_cert_From": "230510000000Z", - "ssl_cert_To": "240510235959Z", - "ssl_cert_SSLFPAg": "1.2.840.113549.1.1.11", - "name": "SSL_RESULT_1" - }, - { - "Tuple4": "192.168.58.17.49218>23.216.55.29.443", - "ssl_sni": "www.missionsports.org", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "a69708a64f853c3bcc214c2c5faf84f3", - "ssl_ja3s_hash": "10a2ad147a870ef37af153dea9fe4dd3", - "ssl_cert_version": "v3", - "ssl_cert_Issuer": "DigiCert TLS RSA SHA256 2020 CA1;DigiCert Inc;;;;;US", - "ssl_cert_IssuerCN": "DigiCert TLS RSA SHA256 2020 CA1", - "ssl_cert_IssuerO": "DigiCert Inc", - "ssl_cert_IssuerC": "US", - "ssl_cert_Sub": "a248.e.akamai.net;Akamai Technologies, Inc.;;Cambridge;;Massachusetts;US", - "ssl_cert_SubCN": "a248.e.akamai.net", - "ssl_cert_SubO": "Akamai Technologies, Inc.", - "ssl_cert_SubC": "US", - "ssl_cert_SubP": "Massachusetts", - "ssl_cert_SubL": "Cambridge", - "ssl_cert_SubAltName": "a248.e.akamai.net;*.akamaized.net;*.akamaized-staging.net;*.akamaihd.net;*.akamaihd-staging.net", - "ssl_cert_SerialNum": "0x0d61f7742d583251a2b8d5a26a1dda0b", - "ssl_cert_AgID": "1.2.840.113549.1.1.11", - "ssl_cert_From": "230516000000Z", - "ssl_cert_To": "240515235959Z", - "ssl_cert_SSLFPAg": "1.2.840.113549.1.1.11", - "name": "SSL_RESULT_2" - }, - { - "Tuple4": "36.251.161.167.39777>143.92.57.79.443", - "ssl_sni": "a.ywgyuv.cn", - "ssl_ech": "1", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "c3db97da3b30171e5cf9de314584b555", - "name": "SSL_RESULT_3" - } -]
\ No newline at end of file diff --git a/test/case/client_hello_fragment/1-ssl.client.hello.fragment.192.168.56.31.53868.74.118.186.107.443.pcap b/test/case/client_hello_fragment1/1-ssl.client.hello.fragment.192.168.56.31.53868.74.118.186.107.443.pcap Binary files differindex 8e0001c..8e0001c 100644 --- a/test/case/client_hello_fragment/1-ssl.client.hello.fragment.192.168.56.31.53868.74.118.186.107.443.pcap +++ b/test/case/client_hello_fragment1/1-ssl.client.hello.fragment.192.168.56.31.53868.74.118.186.107.443.pcap diff --git a/test/case/client_hello_fragment1/ssl_client_hello_fragment_result.json b/test/case/client_hello_fragment1/ssl_client_hello_fragment_result.json new file mode 100644 index 0000000..343d5e3 --- /dev/null +++ b/test/case/client_hello_fragment1/ssl_client_hello_fragment_result.json @@ -0,0 +1,28 @@ +[ + { + "Tuple4": "192.168.56.31.53868>74.118.186.107.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "sync.targeting.unrulymedia.com", + "ssl_ja3_hash": "bc93a67ef4492974195865dc0262e65e", + "ssl_esni": 0, + "ssl_ech": 0, + "ssl_server_version": "TLS1.2", + "ssl_ja3s_hash": "b898351eb5e266aefd3723d466935494", + "ssl_cert_version": "v3", + "ssl_cert_issuer": "Sectigo RSA Domain Validation Secure Server CA;Sectigo Limited;;Salford;;Greater Manchester;GB", + "ssl_cert_issuer_common": "Sectigo RSA Domain Validation Secure Server CA", + "ssl_cert_issuer_organization": "Sectigo Limited", + "ssl_cert_issuer_country": "GB", + "ssl_cert_issuer_state_or_Province": "Greater Manchester", + "ssl_cert_issuer_locality": "Salford", + "ssl_cert_subject": "*.targeting.unrulymedia.com;;;;;;", + "ssl_cert_subject_common": "*.targeting.unrulymedia.com", + "ssl_cert_subject_alt_name": "*.targeting.unrulymedia.com;targeting.unrulymedia.com;", + "ssl_cert_serial_number": "0x888d5e51787e0f1f485dc542465d2034", + "ssl_cert_signature_algorithm": "1.2.840.113549.1.1.11", + "ssl_cert_validity_before": "230510000000Z", + "ssl_cert_validity_after": "240510235959Z", + "ssl_cert_algorithm_identifier": "1.2.840.113549.1.1.11", + "name": "SSL_RESULT_1" + } +]
\ No newline at end of file diff --git a/test/case/client_hello_fragment/2-sni.client.hello.fragment.192.168.58.17.49218-23.216.55.29.443.pcap b/test/case/client_hello_fragment2/2-sni.client.hello.fragment.192.168.58.17.49218-23.216.55.29.443.pcap Binary files differindex 6782478..6782478 100644 --- a/test/case/client_hello_fragment/2-sni.client.hello.fragment.192.168.58.17.49218-23.216.55.29.443.pcap +++ b/test/case/client_hello_fragment2/2-sni.client.hello.fragment.192.168.58.17.49218-23.216.55.29.443.pcap diff --git a/test/case/client_hello_fragment2/ssl_client_hello_fragment_result.json b/test/case/client_hello_fragment2/ssl_client_hello_fragment_result.json new file mode 100644 index 0000000..ccb8d4c --- /dev/null +++ b/test/case/client_hello_fragment2/ssl_client_hello_fragment_result.json @@ -0,0 +1,30 @@ +[ + { + "Tuple4": "192.168.58.17.49218>23.216.55.29.443", + "ssl_sni": "www.missionsports.org", + "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, + "ssl_ja3_hash": "a69708a64f853c3bcc214c2c5faf84f3", + "ssl_server_version": "TLS1.2", + "ssl_ja3s_hash": "10a2ad147a870ef37af153dea9fe4dd3", + "ssl_cert_version": "v3", + "ssl_cert_issuer": "DigiCert TLS RSA SHA256 2020 CA1;DigiCert Inc;;;;;US", + "ssl_cert_issuer_common": "DigiCert TLS RSA SHA256 2020 CA1", + "ssl_cert_issuer_organization": "DigiCert Inc", + "ssl_cert_issuer_country": "US", + "ssl_cert_subject": "a248.e.akamai.net;Akamai Technologies, Inc.;;Cambridge;;Massachusetts;US", + "ssl_cert_subject_common": "a248.e.akamai.net", + "ssl_cert_subject_organization": "Akamai Technologies, Inc.", + "ssl_cert_subject_country": "US", + "ssl_cert_subject_state_or_Province": "Massachusetts", + "ssl_cert_subject_locality": "Cambridge", + "ssl_cert_subject_alt_name": "a248.e.akamai.net;*.akamaized.net;*.akamaized-staging.net;*.akamaihd.net;*.akamaihd-staging.net;", + "ssl_cert_serial_number": "0x0d61f7742d583251a2b8d5a26a1dda0b", + "ssl_cert_signature_algorithm": "1.2.840.113549.1.1.11", + "ssl_cert_validity_before": "230516000000Z", + "ssl_cert_validity_after": "240515235959Z", + "ssl_cert_algorithm_identifier": "1.2.840.113549.1.1.11", + "name": "SSL_RESULT_1" + } +]
\ No newline at end of file diff --git a/test/case/client_hello_fragment/3-ssl.client.hello.fragment.36.251.161.167.39777-143.92.57.79.443.pcap b/test/case/client_hello_fragment3/3-ssl.client.hello.fragment.36.251.161.167.39777-143.92.57.79.443.pcap Binary files differindex f81b4fe..f81b4fe 100644 --- a/test/case/client_hello_fragment/3-ssl.client.hello.fragment.36.251.161.167.39777-143.92.57.79.443.pcap +++ b/test/case/client_hello_fragment3/3-ssl.client.hello.fragment.36.251.161.167.39777-143.92.57.79.443.pcap diff --git a/test/case/client_hello_fragment3/ssl_client_hello_fragment_result.json b/test/case/client_hello_fragment3/ssl_client_hello_fragment_result.json new file mode 100644 index 0000000..6e80d68 --- /dev/null +++ b/test/case/client_hello_fragment3/ssl_client_hello_fragment_result.json @@ -0,0 +1,11 @@ +[ + { + "Tuple4": "36.251.161.167.39777>143.92.57.79.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "a.ywgyuv.cn", + "ssl_ja3_hash": "c3db97da3b30171e5cf9de314584b555", + "ssl_esni": 0, + "ssl_ech": 1, + "name": "SSL_RESULT_1" + } +]
\ No newline at end of file diff --git a/test/case/close_contains_payload/ssl_close_contains_payload_result.json b/test/case/close_contains_payload/ssl_close_contains_payload_result.json index 6f2fb4d..f3fd838 100644 --- a/test/case/close_contains_payload/ssl_close_contains_payload_result.json +++ b/test/case/close_contains_payload/ssl_close_contains_payload_result.json @@ -4,25 +4,28 @@ "ssl_sni": "www.firefox.com", "ssl_client_version": "TLS1.2", "ssl_ja3_hash": "45b1a0eca9605cd8789cd7e1a5ccd9b0", + "ssl_esni": 0, + "ssl_ech": 0, + "ssl_server_version": "TLS1.2", "ssl_ja3s_hash": "9a1de6823a92d66172ce93d309e73e4e", - "ssl_cert_version": "v3", - "ssl_cert_Issuer": "DigiCert SHA2 Secure Server CA;DigiCert Inc;;;;;US", - "ssl_cert_IssuerCN": "DigiCert SHA2 Secure Server CA", - "ssl_cert_IssuerO": "DigiCert Inc", - "ssl_cert_IssuerC": "US", - "ssl_cert_Sub": "redirect-san.mozilla.org;Mozilla Corporation;WebOps;Mountain View;;California;US", - "ssl_cert_SubCN": "redirect-san.mozilla.org", - "ssl_cert_SubO": "Mozilla Corporation", - "ssl_cert_SubC": "US", - "ssl_cert_SubP": "California", - "ssl_cert_SubL": "Mountain View", - "ssl_cert_SubU": "WebOps", - "ssl_cert_SubAltName": "leandatapractices.org;leandatapractices.com;mozilla-podcasts.org;mozilla.com;gv.dev;getfirefox.com;geckoview.dev;firefoxquantum.com;firefox.com;taskcluster.net;contributejson.org;www.firefox.com;masterfirefoxos.mozilla.org;mobilepartners.mozilla.org;www.leandatapractices.org;www.leandatapractices.com;www.getfirefox.com;mozilla.org.uk;webwewant.mozilla.org;thehub.mozilla.com;nightly.mozilla.org;pontoon.mozillalabs.com;videos.mozilla.org;videos-cdn.mozilla.net;treestatus.mozilla.org;techspeakers.mozilla.org;redirect-san.mozilla.org;input.mozilla.com;join.mozilla.org;content.mozilla.org;activations.mozilla.org;addons.mozilla.com;airmo.mozilla.org;ask.mozilla.org;aurora.mozilla.org;beta.mozilla.org;careers.mozilla.com;designlanguage.mozilla.org;input.mozilla.org;dnt.mozilla.org;events.mozilla.org;forums.mozilla.org;friends.mozilla.org;git.mozilla.org;hub.mozilla.com;hub.mozilla.org;activations.mozilla.com;www.mozilla.com", - "ssl_cert_SerialNum": "0x019d2b994ec99445c735d2a6d739e43a", - "ssl_cert_AgID": "1.2.840.113549.1.1.11", - "ssl_cert_From": "200406000000Z", - "ssl_cert_To": "210414120000Z", - "ssl_cert_SSLFPAg": "1.2.840.113549.1.1.11", + "ssl_cert_version": "v3", + "ssl_cert_issuer": "DigiCert SHA2 Secure Server CA;DigiCert Inc;;;;;US", + "ssl_cert_issuer_common": "DigiCert SHA2 Secure Server CA", + "ssl_cert_issuer_organization": "DigiCert Inc", + "ssl_cert_issuer_country": "US", + "ssl_cert_subject": "redirect-san.mozilla.org;Mozilla Corporation;WebOps;Mountain View;;California;US", + "ssl_cert_subject_common": "redirect-san.mozilla.org", + "ssl_cert_subject_organization": "Mozilla Corporation", + "ssl_cert_subject_country": "US", + "ssl_cert_subject_state_or_Province": "California", + "ssl_cert_subject_locality": "Mountain View", + "ssl_cert_subject_organizational_unit": "WebOps", + "ssl_cert_subject_alt_name": "leandatapractices.org;leandatapractices.com;mozilla-podcasts.org;mozilla.com;gv.dev;getfirefox.com;geckoview.dev;firefoxquantum.com;firefox.com;taskcluster.net;contributejson.org;www.firefox.com;masterfirefoxos.mozilla.org;mobilepartners.mozilla.org;www.leandatapractices.org;www.leandatapractices.com;www.getfirefox.com;mozilla.org.uk;webwewant.mozilla.org;thehub.mozilla.com;nightly.mozilla.org;pontoon.mozillalabs.com;videos.mozilla.org;videos-cdn.mozilla.net;treestatus.mozilla.org;techspeakers.mozilla.org;redirect-san.mozilla.org;input.mozilla.com;join.mozilla.org;content.mozilla.org;activations.mozilla.org;addons.mozilla.com;airmo.mozilla.org;ask.mozilla.org;aurora.mozilla.org;beta.mozilla.org;careers.mozilla.com;designlanguage.mozilla.org;input.mozilla.org;dnt.mozilla.org;events.mozilla.org;forums.mozilla.org;friends.mozilla.org;git.mozilla.org;hub.mozilla.com;hub.mozilla.org;activations.mozilla.com;www.mozilla.com;", + "ssl_cert_serial_number": "0x019d2b994ec99445c735d2a6d739e43a", + "ssl_cert_signature_algorithm": "1.2.840.113549.1.1.11", + "ssl_cert_validity_before": "200406000000Z", + "ssl_cert_validity_after": "210414120000Z", + "ssl_cert_algorithm_identifier": "1.2.840.113549.1.1.11", "name": "SSL_RESULT_1" } ]
\ No newline at end of file diff --git a/test/case/e21/ssl_e21_target_result.json b/test/case/e21/ssl_e21_target_result.json index 6b8547e..7cca86b 100644 --- a/test/case/e21/ssl_e21_target_result.json +++ b/test/case/e21/ssl_e21_target_result.json @@ -1,501 +1,633 @@ [ { - "Tuple4": "10.10.10.162.55173>151.101.2.187.443", + "Tuple4": "10.10.10.162.55359>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_1" }, { - "Tuple4": "10.10.10.162.55174>151.101.2.187.443", + "Tuple4": "10.10.10.162.55358>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_2" }, { - "Tuple4": "10.10.10.162.55176>151.101.2.187.443", + "Tuple4": "10.10.10.162.55364>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_3" }, { - "Tuple4": "10.10.10.162.55177>151.101.2.187.443", + "Tuple4": "10.10.10.162.55183>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_server_version": "TLS1.2", + "ssl_ja3s_hash": "16c0b3e6a7b8173c16d944cfeaeee9cf", + "ssl_cert_version": "v3", + "ssl_cert_issuer": "GlobalSign Atlas R3 OV TLS CA H2 2021;GlobalSign nv-sa;;;;;BE", + "ssl_cert_issuer_common": "GlobalSign Atlas R3 OV TLS CA H2 2021", + "ssl_cert_issuer_organization": "GlobalSign nv-sa", + "ssl_cert_issuer_country": "BE", + "ssl_cert_subject": "sites.target.com;Target Corporation;;Minneapolis;;Minnesota;US", + "ssl_cert_subject_common": "sites.target.com", + "ssl_cert_subject_organization": "Target Corporation", + "ssl_cert_subject_country": "US", + "ssl_cert_subject_state_or_Province": "Minnesota", + "ssl_cert_subject_locality": "Minneapolis", + "ssl_cert_subject_alt_name": "sites.target.com;affiliate.target.com;android.studioconnect.live;api.studioconnect.live;apollo-metrics.target.com;assethub.partnersonline.com;assethub.target.com;awesomeshop.target.com;bex.partnersonline.com;bex.target.com;cartster.target.com;cartwheel.target.com;cartwheelws-secure.target.com;circle.target.com;connect.roundel.com;connectedcommerce.target.com;corporate.target.com;developer.target.com;dojo.target.com;doppler.partnersonline.com;elevate.target.com;extgargantua.partnersonline.com;factorial.partnersonline.com;finds.target.com;gql.studioconnect.live;greenfield.partnersonline.com;greenfield.target.com;hrocdocrequest.target.com;iccon.target.com;incubator.target.com;india.target.com;ios.studioconnect.live;jira.target.com;launchpad.partnersonline.com;launchpad.target.com;leads.studioconnect.live;m.target.com;marketinghub.target.com;mercury.partnersonline.com;mickra.target.com;mickradashboard.target.com;mvs.partnersonline.com;mytime.target.com;nic.target;openhouse.target.com;opensource.target.com;osmosis.partnersonline.com;partnersonline.com;pcn.partnersonline.com;peg.partnersonline.com;photosubmission.target.com;pid.partnersonline.com;plus.target.com;pmworkorderadmin.partnersonline.com;poladmin.partnersonline.com;pop.partnersonline.com;qmp.partnersonline.com;qr.target.com;r2d2.target.com;rdmplus.target.com;recognize.target.com;redcard.target.com;redirect.studioconnect.live;rik.roundel.com;roundel.com;rubix.partnersonline.com;rubix.target.com;security.target.com;servicetech.target.com;sm.partnersonline.com;spark.partnersonline.com;spark.target.com;studioconnect.live;stylehub.target.com;synergy.partnersonline.com;target.com;targetmedianetwork.target.com;targetopenhouse.com;tepagent.target.com;tgt-files.target.com;tgtdriver.partnersonline.com;ti-event-prod.target.com;tiam.target.com;tiiam.target.com;tvi.partnersonline.com;viewpoint.target.com;weeklyad.target.com;www.partnersonline.com;www.roundel.com;www.target.com;www.targetopenhouse.com;", + "ssl_cert_serial_number": "0x012ede33fc9283773396e9b1ff995262", + "ssl_cert_signature_algorithm": "1.2.840.113549.1.1.11", + "ssl_cert_validity_before": "210928164609Z", + "ssl_cert_validity_after": "221030164608Z", + "ssl_cert_algorithm_identifier": "1.2.840.113549.1.1.11", "name": "SSL_RESULT_4" }, { - "Tuple4": "10.10.10.162.55178>151.101.2.187.443", + "Tuple4": "10.10.10.162.55242>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_server_version": "TLS1.2", + "ssl_ja3s_hash": "16c0b3e6a7b8173c16d944cfeaeee9cf", + "ssl_cert_version": "v3", + "ssl_cert_issuer": "GlobalSign Atlas R3 OV TLS CA H2 2021;GlobalSign nv-sa;;;;;BE", + "ssl_cert_issuer_common": "GlobalSign Atlas R3 OV TLS CA H2 2021", + "ssl_cert_issuer_organization": "GlobalSign nv-sa", + "ssl_cert_issuer_country": "BE", + "ssl_cert_subject": "sites.target.com;Target Corporation;;Minneapolis;;Minnesota;US", + "ssl_cert_subject_common": "sites.target.com", + "ssl_cert_subject_organization": "Target Corporation", + "ssl_cert_subject_country": "US", + "ssl_cert_subject_state_or_Province": "Minnesota", + "ssl_cert_subject_locality": "Minneapolis", + "ssl_cert_subject_alt_name": "sites.target.com;affiliate.target.com;android.studioconnect.live;api.studioconnect.live;apollo-metrics.target.com;assethub.partnersonline.com;assethub.target.com;awesomeshop.target.com;bex.partnersonline.com;bex.target.com;cartster.target.com;cartwheel.target.com;cartwheelws-secure.target.com;circle.target.com;connect.roundel.com;connectedcommerce.target.com;corporate.target.com;developer.target.com;dojo.target.com;doppler.partnersonline.com;elevate.target.com;extgargantua.partnersonline.com;factorial.partnersonline.com;finds.target.com;gql.studioconnect.live;greenfield.partnersonline.com;greenfield.target.com;hrocdocrequest.target.com;iccon.target.com;incubator.target.com;india.target.com;ios.studioconnect.live;jira.target.com;launchpad.partnersonline.com;launchpad.target.com;leads.studioconnect.live;m.target.com;marketinghub.target.com;mercury.partnersonline.com;mickra.target.com;mickradashboard.target.com;mvs.partnersonline.com;mytime.target.com;nic.target;openhouse.target.com;opensource.target.com;osmosis.partnersonline.com;partnersonline.com;pcn.partnersonline.com;peg.partnersonline.com;photosubmission.target.com;pid.partnersonline.com;plus.target.com;pmworkorderadmin.partnersonline.com;poladmin.partnersonline.com;pop.partnersonline.com;qmp.partnersonline.com;qr.target.com;r2d2.target.com;rdmplus.target.com;recognize.target.com;redcard.target.com;redirect.studioconnect.live;rik.roundel.com;roundel.com;rubix.partnersonline.com;rubix.target.com;security.target.com;servicetech.target.com;sm.partnersonline.com;spark.partnersonline.com;spark.target.com;studioconnect.live;stylehub.target.com;synergy.partnersonline.com;target.com;targetmedianetwork.target.com;targetopenhouse.com;tepagent.target.com;tgt-files.target.com;tgtdriver.partnersonline.com;ti-event-prod.target.com;tiam.target.com;tiiam.target.com;tvi.partnersonline.com;viewpoint.target.com;weeklyad.target.com;www.partnersonline.com;www.roundel.com;www.target.com;www.targetopenhouse.com;", + "ssl_cert_serial_number": "0x012ede33fc9283773396e9b1ff995262", + "ssl_cert_signature_algorithm": "1.2.840.113549.1.1.11", + "ssl_cert_validity_before": "210928164609Z", + "ssl_cert_validity_after": "221030164608Z", + "ssl_cert_algorithm_identifier": "1.2.840.113549.1.1.11", "name": "SSL_RESULT_5" }, { - "Tuple4": "10.10.10.162.55179>151.101.2.187.443", + "Tuple4": "10.10.10.162.55173>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_6" }, { - "Tuple4": "10.10.10.162.55180>151.101.2.187.443", + "Tuple4": "10.10.10.162.55174>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_7" }, { - "Tuple4": "10.10.10.162.55181>151.101.2.187.443", + "Tuple4": "10.10.10.162.55176>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_8" }, { - "Tuple4": "10.10.10.162.55182>151.101.2.187.443", + "Tuple4": "10.10.10.162.55177>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_9" }, { - "Tuple4": "10.10.10.162.55184>151.101.2.187.443", + "Tuple4": "10.10.10.162.55178>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_10" }, { - "Tuple4": "10.10.10.162.55214>151.101.2.187.443", + "Tuple4": "10.10.10.162.55179>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_11" }, { - "Tuple4": "10.10.10.162.55215>151.101.2.187.443", + "Tuple4": "10.10.10.162.55180>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_12" }, { - "Tuple4": "10.10.10.162.55183>151.101.2.187.443", + "Tuple4": "10.10.10.162.55181>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "ssl_ja3s_hash": "16c0b3e6a7b8173c16d944cfeaeee9cf", - "ssl_cert_version": "v3", - "ssl_cert_Issuer": "GlobalSign Atlas R3 OV TLS CA H2 2021;GlobalSign nv-sa;;;;;BE", - "ssl_cert_IssuerCN": "GlobalSign Atlas R3 OV TLS CA H2 2021", - "ssl_cert_IssuerO": "GlobalSign nv-sa", - "ssl_cert_IssuerC": "BE", - "ssl_cert_Sub": "sites.target.com;Target Corporation;;Minneapolis;;Minnesota;US", - "ssl_cert_SubCN": "sites.target.com", - "ssl_cert_SubO": "Target Corporation", - "ssl_cert_SubC": "US", - "ssl_cert_SubP": "Minnesota", - "ssl_cert_SubL": "Minneapolis", - "ssl_cert_SubCN": "sites.target.com", - "ssl_cert_SubAltName": "sites.target.com;affiliate.target.com;android.studioconnect.live;api.studioconnect.live;apollo-metrics.target.com;assethub.partnersonline.com;assethub.target.com;awesomeshop.target.com;bex.partnersonline.com;bex.target.com;cartster.target.com;cartwheel.target.com;cartwheelws-secure.target.com;circle.target.com;connect.roundel.com;connectedcommerce.target.com;corporate.target.com;developer.target.com;dojo.target.com;doppler.partnersonline.com;elevate.target.com;extgargantua.partnersonline.com;factorial.partnersonline.com;finds.target.com;gql.studioconnect.live;greenfield.partnersonline.com;greenfield.target.com;hrocdocrequest.target.com;iccon.target.com;incubator.target.com;india.target.com;ios.studioconnect.live;jira.target.com;launchpad.partnersonline.com;launchpad.target.com;leads.studioconnect.live;m.target.com;marketinghub.target.com;mercury.partnersonline.com;mickra.target.com;mickradashboard.target.com;mvs.partnersonline.com;mytime.target.com;nic.target;openhouse.target.com;opensource.target.com;osmosis.partnersonline.com;partnersonline.com;pcn.partnersonline.com;peg.partnersonline.com;photosubmission.target.com;pid.partnersonline.com;plus.target.com;pmworkorderadmin.partnersonline.com;poladmin.partnersonline.com;pop.partnersonline.com;qmp.partnersonline.com;qr.target.com;r2d2.target.com;rdmplus.target.com;recognize.target.com;redcard.target.com;redirect.studioconnect.live;rik.roundel.com;roundel.com;rubix.partnersonline.com;rubix.target.com;security.target.com;servicetech.target.com;sm.partnersonline.com;spark.partnersonline.com;spark.target.com;studioconnect.live;stylehub.target.com;synergy.partnersonline.com;target.com;targetmedianetwork.target.com;targetopenhouse.com;tepagent.target.com;tgt-files.target.com;tgtdriver.partnersonline.com;ti-event-prod.target.com;tiam.target.com;tiiam.target.com;tvi.partnersonline.com;viewpoint.target.com;weeklyad.target.com;www.partnersonline.com;www.roundel.com;www.target.com;www.targetopenhouse.com", - "ssl_cert_SerialNum": "0x012ede33fc9283773396e9b1ff995262", - "ssl_cert_AgID": "1.2.840.113549.1.1.11", - "ssl_cert_From": "210928164609Z", - "ssl_cert_To": "221030164608Z", - "ssl_cert_SSLFPAg": "1.2.840.113549.1.1.11", "name": "SSL_RESULT_13" }, { - "Tuple4": "10.10.10.162.55242>151.101.2.187.443", + "Tuple4": "10.10.10.162.55182>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "ssl_ja3s_hash": "16c0b3e6a7b8173c16d944cfeaeee9cf", - "ssl_cert_version": "v3", - "ssl_cert_Issuer": "GlobalSign Atlas R3 OV TLS CA H2 2021;GlobalSign nv-sa;;;;;BE", - "ssl_cert_IssuerCN": "GlobalSign Atlas R3 OV TLS CA H2 2021", - "ssl_cert_IssuerO": "GlobalSign nv-sa", - "ssl_cert_IssuerC": "BE", - "ssl_cert_Sub": "sites.target.com;Target Corporation;;Minneapolis;;Minnesota;US", - "ssl_cert_SubCN": "sites.target.com", - "ssl_cert_SubO": "Target Corporation", - "ssl_cert_SubC": "US", - "ssl_cert_SubP": "Minnesota", - "ssl_cert_SubL": "Minneapolis", - "ssl_cert_SubCN": "sites.target.com", - "ssl_cert_SubAltName": "sites.target.com;affiliate.target.com;android.studioconnect.live;api.studioconnect.live;apollo-metrics.target.com;assethub.partnersonline.com;assethub.target.com;awesomeshop.target.com;bex.partnersonline.com;bex.target.com;cartster.target.com;cartwheel.target.com;cartwheelws-secure.target.com;circle.target.com;connect.roundel.com;connectedcommerce.target.com;corporate.target.com;developer.target.com;dojo.target.com;doppler.partnersonline.com;elevate.target.com;extgargantua.partnersonline.com;factorial.partnersonline.com;finds.target.com;gql.studioconnect.live;greenfield.partnersonline.com;greenfield.target.com;hrocdocrequest.target.com;iccon.target.com;incubator.target.com;india.target.com;ios.studioconnect.live;jira.target.com;launchpad.partnersonline.com;launchpad.target.com;leads.studioconnect.live;m.target.com;marketinghub.target.com;mercury.partnersonline.com;mickra.target.com;mickradashboard.target.com;mvs.partnersonline.com;mytime.target.com;nic.target;openhouse.target.com;opensource.target.com;osmosis.partnersonline.com;partnersonline.com;pcn.partnersonline.com;peg.partnersonline.com;photosubmission.target.com;pid.partnersonline.com;plus.target.com;pmworkorderadmin.partnersonline.com;poladmin.partnersonline.com;pop.partnersonline.com;qmp.partnersonline.com;qr.target.com;r2d2.target.com;rdmplus.target.com;recognize.target.com;redcard.target.com;redirect.studioconnect.live;rik.roundel.com;roundel.com;rubix.partnersonline.com;rubix.target.com;security.target.com;servicetech.target.com;sm.partnersonline.com;spark.partnersonline.com;spark.target.com;studioconnect.live;stylehub.target.com;synergy.partnersonline.com;target.com;targetmedianetwork.target.com;targetopenhouse.com;tepagent.target.com;tgt-files.target.com;tgtdriver.partnersonline.com;ti-event-prod.target.com;tiam.target.com;tiiam.target.com;tvi.partnersonline.com;viewpoint.target.com;weeklyad.target.com;www.partnersonline.com;www.roundel.com;www.target.com;www.targetopenhouse.com", - "ssl_cert_SerialNum": "0x012ede33fc9283773396e9b1ff995262", - "ssl_cert_AgID": "1.2.840.113549.1.1.11", - "ssl_cert_From": "210928164609Z", - "ssl_cert_To": "221030164608Z", - "ssl_cert_SSLFPAg": "1.2.840.113549.1.1.11", "name": "SSL_RESULT_14" }, { - "Tuple4": "10.10.10.162.55241>151.101.2.187.443", + "Tuple4": "10.10.10.162.55184>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_15" }, { - "Tuple4": "10.10.10.162.55274>151.101.2.187.443", + "Tuple4": "10.10.10.162.55214>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_16" }, { - "Tuple4": "10.10.10.162.55273>151.101.2.187.443", + "Tuple4": "10.10.10.162.55215>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_17" }, { - "Tuple4": "10.10.10.162.55279>151.101.2.187.443", + "Tuple4": "10.10.10.162.55241>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_18" }, { - "Tuple4": "10.10.10.162.55282>151.101.2.187.443", + "Tuple4": "10.10.10.162.55274>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_19" }, { - "Tuple4": "10.10.10.162.55283>151.101.2.187.443", + "Tuple4": "10.10.10.162.55273>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_20" }, { - "Tuple4": "10.10.10.162.55284>151.101.2.187.443", + "Tuple4": "10.10.10.162.55279>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_21" }, { - "Tuple4": "10.10.10.162.55285>151.101.2.187.443", + "Tuple4": "10.10.10.162.55282>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_22" }, { - "Tuple4": "10.10.10.162.55286>151.101.2.187.443", + "Tuple4": "10.10.10.162.55283>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_23" }, { - "Tuple4": "10.10.10.162.55287>151.101.2.187.443", + "Tuple4": "10.10.10.162.55284>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_24" }, { - "Tuple4": "10.10.10.162.55288>151.101.2.187.443", + "Tuple4": "10.10.10.162.55285>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_25" }, { - "Tuple4": "10.10.10.162.55289>151.101.2.187.443", + "Tuple4": "10.10.10.162.55286>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_26" }, { - "Tuple4": "10.10.10.162.55296>151.101.2.187.443", + "Tuple4": "10.10.10.162.55287>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_27" }, { - "Tuple4": "10.10.10.162.55297>151.101.2.187.443", + "Tuple4": "10.10.10.162.55288>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_28" }, { - "Tuple4": "10.10.10.162.55298>151.101.2.187.443", + "Tuple4": "10.10.10.162.55289>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_29" }, { - "Tuple4": "10.10.10.162.55299>151.101.2.187.443", + "Tuple4": "10.10.10.162.55296>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_30" }, { - "Tuple4": "10.10.10.162.55300>151.101.2.187.443", + "Tuple4": "10.10.10.162.55297>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_31" }, { - "Tuple4": "10.10.10.162.55301>151.101.2.187.443", + "Tuple4": "10.10.10.162.55298>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_32" }, { - "Tuple4": "10.10.10.162.55306>151.101.2.187.443", + "Tuple4": "10.10.10.162.55299>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_33" }, { - "Tuple4": "10.10.10.162.55307>151.101.2.187.443", + "Tuple4": "10.10.10.162.55300>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_34" }, { - "Tuple4": "10.10.10.162.55308>151.101.2.187.443", + "Tuple4": "10.10.10.162.55301>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_35" }, { - "Tuple4": "10.10.10.162.55309>151.101.2.187.443", + "Tuple4": "10.10.10.162.55306>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_36" }, { - "Tuple4": "10.10.10.162.55311>151.101.2.187.443", + "Tuple4": "10.10.10.162.55307>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_37" }, { - "Tuple4": "10.10.10.162.55312>151.101.2.187.443", + "Tuple4": "10.10.10.162.55308>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_38" }, { - "Tuple4": "10.10.10.162.55321>151.101.2.187.443", + "Tuple4": "10.10.10.162.55309>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_39" }, { - "Tuple4": "10.10.10.162.55322>151.101.2.187.443", + "Tuple4": "10.10.10.162.55311>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_40" }, { - "Tuple4": "10.10.10.162.55323>151.101.2.187.443", + "Tuple4": "10.10.10.162.55312>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_41" }, { - "Tuple4": "10.10.10.162.55324>151.101.2.187.443", + "Tuple4": "10.10.10.162.55321>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_42" }, { - "Tuple4": "10.10.10.162.55325>151.101.2.187.443", + "Tuple4": "10.10.10.162.55322>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_43" }, { - "Tuple4": "10.10.10.162.55326>151.101.2.187.443", + "Tuple4": "10.10.10.162.55323>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_44" }, { - "Tuple4": "10.10.10.162.55327>151.101.2.187.443", + "Tuple4": "10.10.10.162.55324>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_45" }, { - "Tuple4": "10.10.10.162.55328>151.101.2.187.443", + "Tuple4": "10.10.10.162.55325>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_46" }, { - "Tuple4": "10.10.10.162.55330>151.101.2.187.443", + "Tuple4": "10.10.10.162.55326>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_47" }, { - "Tuple4": "10.10.10.162.55331>151.101.2.187.443", + "Tuple4": "10.10.10.162.55327>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_48" }, { - "Tuple4": "10.10.10.162.55332>151.101.2.187.443", + "Tuple4": "10.10.10.162.55328>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_49" }, { - "Tuple4": "10.10.10.162.55334>151.101.2.187.443", + "Tuple4": "10.10.10.162.55330>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_50" }, { - "Tuple4": "10.10.10.162.55336>151.101.2.187.443", + "Tuple4": "10.10.10.162.55331>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_51" }, { - "Tuple4": "10.10.10.162.55337>151.101.2.187.443", + "Tuple4": "10.10.10.162.55332>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_52" }, { - "Tuple4": "10.10.10.162.55338>151.101.2.187.443", + "Tuple4": "10.10.10.162.55334>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_53" }, { - "Tuple4": "10.10.10.162.55343>151.101.2.187.443", + "Tuple4": "10.10.10.162.55336>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_54" }, { - "Tuple4": "10.10.10.162.55344>151.101.2.187.443", + "Tuple4": "10.10.10.162.55337>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_55" }, { - "Tuple4": "10.10.10.162.55345>151.101.2.187.443", + "Tuple4": "10.10.10.162.55338>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_56" }, { - "Tuple4": "10.10.10.162.55346>151.101.2.187.443", + "Tuple4": "10.10.10.162.55343>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_57" }, { - "Tuple4": "10.10.10.162.55349>151.101.2.187.443", + "Tuple4": "10.10.10.162.55344>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_58" }, { - "Tuple4": "10.10.10.162.55348>151.101.2.187.443", + "Tuple4": "10.10.10.162.55345>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_59" }, { - "Tuple4": "10.10.10.162.55352>151.101.2.187.443", + "Tuple4": "10.10.10.162.55346>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_60" }, { - "Tuple4": "10.10.10.162.55353>151.101.2.187.443", + "Tuple4": "10.10.10.162.55349>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_61" }, { - "Tuple4": "10.10.10.162.55356>151.101.2.187.443", + "Tuple4": "10.10.10.162.55348>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_62" }, { - "Tuple4": "10.10.10.162.55357>151.101.2.187.443", + "Tuple4": "10.10.10.162.55352>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_63" }, { - "Tuple4": "10.10.10.162.55359>151.101.2.187.443", + "Tuple4": "10.10.10.162.55353>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_64" }, { - "Tuple4": "10.10.10.162.55358>151.101.2.187.443", + "Tuple4": "10.10.10.162.55356>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_65" }, { - "Tuple4": "10.10.10.162.55364>151.101.2.187.443", + "Tuple4": "10.10.10.162.55357>151.101.2.187.443", "ssl_sni": "www.target.com", "ssl_client_version": "TLS1.2", + "ssl_esni": 0, + "ssl_ech": 0, "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", "name": "SSL_RESULT_66" } diff --git a/test/case/extensions_exceed_16/extensions_exceed_16_result.json b/test/case/extensions_exceed_16/extensions_exceed_16_result.json index c5416e0..a335519 100644 --- a/test/case/extensions_exceed_16/extensions_exceed_16_result.json +++ b/test/case/extensions_exceed_16/extensions_exceed_16_result.json @@ -1,10 +1,11 @@ [ { "Tuple4": "192.168.64.8.53466>185.63.190.2.443", - "ssl_sni": "fermer.ru", - "ssl_ech": "1", "ssl_client_version": "TLS1.2", + "ssl_sni": "fermer.ru", "ssl_ja3_hash": "afa0d02228072fc4b02a7772a668c64a", + "ssl_esni": 0, + "ssl_ech": 1, "name": "SSL_RESULT_1" } ]
\ No newline at end of file diff --git a/test/case/multiple_handshake/ssl_multiple_handshake_result.json b/test/case/multiple_handshake/ssl_multiple_handshake_result.json index 196135d..c09139f 100644 --- a/test/case/multiple_handshake/ssl_multiple_handshake_result.json +++ b/test/case/multiple_handshake/ssl_multiple_handshake_result.json @@ -4,20 +4,23 @@ "ssl_sni": "cn.bing.com", "ssl_client_version": "TLS1.2", "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "ssl_server_version": "TLS1.2", "ssl_ja3s_hash": "67bfe5d15ae567fb35fd7837f0116eec", "ssl_cert_version": "v3", - "ssl_cert_Issuer": "Microsoft RSA TLS CA 02;Microsoft Corporation;;;;;US", - "ssl_cert_IssuerCN": "Microsoft RSA TLS CA 02", - "ssl_cert_IssuerO": "Microsoft Corporation", - "ssl_cert_IssuerC": "US", - "ssl_cert_Sub": "www.bing.com;;;;;;", - "ssl_cert_SubCN": "www.bing.com", - "ssl_cert_SubAltName": "www.bing.com;dict.bing.com.cn;*.platform.bing.com;*.bing.com;bing.com;ieonline.microsoft.com;*.windowssearch.com;cn.ieonline.microsoft.com;*.origin.bing.com;*.mm.bing.net;*.api.bing.com;ecn.dev.virtualearth.net;*.cn.bing.net;*.cn.bing.com;ssl-api.bing.com;ssl-api.bing.net;*.api.bing.net;*.bingapis.com;bingsandbox.com;feedback.microsoft.com;insertmedia.bing.office.net;r.bat.bing.com;*.r.bat.bing.com;*.dict.bing.com.cn;*.dict.bing.com;*.ssl.bing.com;*.appex.bing.com;*.platform.cn.bing.com;wp.m.bing.com;*.m.bing.com;global.bing.com;windowssearch.com;search.msn.com;*.bingsandbox.com;*.api.tiles.ditu.live.com;*.ditu.live.com;*.t0.tiles.ditu.live.com;*.t1.tiles.ditu.live.com;*.t2.tiles.ditu.live.com;*.t3.tiles.ditu.live.com;*.tiles.ditu.live.com;3d.live.com;api.search.live.com;beta.search.live.com;cnweb.search.live.com;dev.live.com;ditu.live.com;farecast.live.com;image.live.com;images.live.com;local.live.com.au;localsearch.live.com;ls4d.search.live.com;mail.live.com;mapindia.live.com;local.live.com;maps.live.com;maps.live.com.au;mindia.live.com;news.live.com;origin.cnweb.search.live.com;preview.local.live.com;search.live.com;test.maps.live.com;video.live.com;videos.live.com;virtualearth.live.com;wap.live.com;webmaster.live.com;webmasters.live.com;www.local.live.com.au;www.maps.live.com.au", - "ssl_cert_SerialNum": "0x7f0012e261129541195fac1a6000000012e261", - "ssl_cert_AgID": "1.2.840.113549.1.1.11", - "ssl_cert_From": "210706015313Z", - "ssl_cert_To": "220106015313Z", - "ssl_cert_SSLFPAg": "1.2.840.113549.1.1.11", + "ssl_cert_issuer": "Microsoft RSA TLS CA 02;Microsoft Corporation;;;;;US", + "ssl_cert_issuer_common": "Microsoft RSA TLS CA 02", + "ssl_cert_issuer_organization": "Microsoft Corporation", + "ssl_cert_issuer_country": "US", + "ssl_cert_subject": "www.bing.com;;;;;;", + "ssl_cert_subject_common": "www.bing.com", + "ssl_cert_subject_alt_name": "www.bing.com;dict.bing.com.cn;*.platform.bing.com;*.bing.com;bing.com;ieonline.microsoft.com;*.windowssearch.com;cn.ieonline.microsoft.com;*.origin.bing.com;*.mm.bing.net;*.api.bing.com;ecn.dev.virtualearth.net;*.cn.bing.net;*.cn.bing.com;ssl-api.bing.com;ssl-api.bing.net;*.api.bing.net;*.bingapis.com;bingsandbox.com;feedback.microsoft.com;insertmedia.bing.office.net;r.bat.bing.com;*.r.bat.bing.com;*.dict.bing.com.cn;*.dict.bing.com;*.ssl.bing.com;*.appex.bing.com;*.platform.cn.bing.com;wp.m.bing.com;*.m.bing.com;global.bing.com;windowssearch.com;search.msn.com;*.bingsandbox.com;*.api.tiles.ditu.live.com;*.ditu.live.com;*.t0.tiles.ditu.live.com;*.t1.tiles.ditu.live.com;*.t2.tiles.ditu.live.com;*.t3.tiles.ditu.live.com;*.tiles.ditu.live.com;3d.live.com;api.search.live.com;beta.search.live.com;cnweb.search.live.com;dev.live.com;ditu.live.com;farecast.live.com;image.live.com;images.live.com;local.live.com.au;localsearch.live.com;ls4d.search.live.com;mail.live.com;mapindia.live.com;local.live.com;maps.live.com;maps.live.com.au;mindia.live.com;news.live.com;origin.cnweb.search.live.com;preview.local.live.com;search.live.com;test.maps.live.com;video.live.com;videos.live.com;virtualearth.live.com;wap.live.com;webmaster.live.com;webmasters.live.com;www.local.live.com.au;www.maps.live.com.au;", + "ssl_cert_serial_number": "0x7f0012e261129541195fac1a6000000012e261", + "ssl_cert_signature_algorithm": "1.2.840.113549.1.1.11", + "ssl_cert_validity_before": "210706015313Z", + "ssl_cert_validity_after": "220106015313Z", + "ssl_cert_algorithm_identifier": "1.2.840.113549.1.1.11", "name": "SSL_RESULT_1" } ]
\ No newline at end of file diff --git a/test/case/ssl/ssl_result.json b/test/case/ssl/ssl_result.json index 8afb659..d249180 100644 --- a/test/case/ssl/ssl_result.json +++ b/test/case/ssl/ssl_result.json @@ -1,53 +1,62 @@ [ - { - "Tuple4": "192.168.50.38.52391>104.16.123.96.443", - "ssl_sni": "ESNI", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "62a4a00de930bd0a5bee0309cc8362ed", - "ssl_ja3s_hash": "eb1d94daa7e0344597e756a1fb6e7054", - "name": "SSL_RESULT_1" - }, - { - "Tuple4": "192.168.2.102.56768>34.138.246.121.443", - "ssl_sni": "public.tls-ech.dev", - "ssl_ech": "1", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "a195b9c006fcb23ab9a2343b0871e362", - "ssl_ja3s_hash": "2b0648ab686ee45e0e7c35fcfb0eea7e", - "name": "SSL_RESULT_2" - }, - { - "Tuple4": "90.143.182.94.55835>93.186.227.131.443", - "ssl_sni": "sun9-20.userapi.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "6f5e62edfa5933b1332ddf8b9fb3ef9d", - "ssl_ja3s_hash": "2d1eb5817ece335c24904f516ad5da12", - "ssl_cert_version": "v3", - "ssl_cert_Issuer": "GlobalSign Organization Validation CA - SHA256 - G2;GlobalSign nv-sa;;;;;BE", - "ssl_cert_IssuerCN": "GlobalSign Organization Validation CA - SHA256 - G2", - "ssl_cert_IssuerO": "GlobalSign nv-sa", - "ssl_cert_IssuerC": "BE", - "ssl_cert_Sub": "*.userapi.com;V Kontakte LLC;;Saint-Petersburg;;Saint-Petersburg;RU", - "ssl_cert_SubCN": "*.userapi.com", - "ssl_cert_SubO": "V Kontakte LLC", - "ssl_cert_SubC": "RU", - "ssl_cert_SubP": "Saint-Petersburg", - "ssl_cert_SubL": "Saint-Petersburg", - "ssl_cert_SubAltName": "*.userapi.com;vk.me;*.vk-cdn.net;*.vkuserlive.com;*.vkuserlive.net;*.vkuseraudio.net;*.vkuseraudio.com;*.vkuservideo.net;*.vkuservideo.com;*.vk.me;userapi.com", - "ssl_cert_SerialNum": "0x5afa3a189e6a5c11e1e18b0f", - "ssl_cert_AgID": "1.2.840.113549.1.1.11", - "ssl_cert_From": "180717083809Z", - "ssl_cert_To": "190714162604Z", - "ssl_cert_SSLFPAg": "1.2.840.113549.1.1.11", - "name": "SSL_RESULT_3" - }, - { - "Tuple4": "192.168.2.102.56776>34.138.246.121.443", - "ssl_sni": "public.tls-ech.dev", - "ssl_ech": "1", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "a195b9c006fcb23ab9a2343b0871e362", - "ssl_ja3s_hash": "2b0648ab686ee45e0e7c35fcfb0eea7e", - "name": "SSL_RESULT_4" - } + { + "Tuple4": "90.143.182.94.55835>93.186.227.131.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "sun9-20.userapi.com", + "ssl_ja3_hash": "6f5e62edfa5933b1332ddf8b9fb3ef9d", + "ssl_esni": 0, + "ssl_ech": 0, + "ssl_server_version": "TLS1.2", + "ssl_ja3s_hash": "2d1eb5817ece335c24904f516ad5da12", + "ssl_cert_version": "v3", + "ssl_cert_issuer": "GlobalSign Organization Validation CA - SHA256 - G2;GlobalSign nv-sa;;;;;BE", + "ssl_cert_issuer_common": "GlobalSign Organization Validation CA - SHA256 - G2", + "ssl_cert_issuer_organization": "GlobalSign nv-sa", + "ssl_cert_issuer_country": "BE", + "ssl_cert_subject": "*.userapi.com;V Kontakte LLC;;Saint-Petersburg;;Saint-Petersburg;RU", + "ssl_cert_subject_common": "*.userapi.com", + "ssl_cert_subject_organization": "V Kontakte LLC", + "ssl_cert_subject_country": "RU", + "ssl_cert_subject_state_or_Province": "Saint-Petersburg", + "ssl_cert_subject_locality": "Saint-Petersburg", + "ssl_cert_subject_alt_name": "*.userapi.com;vk.me;*.vk-cdn.net;*.vkuserlive.com;*.vkuserlive.net;*.vkuseraudio.net;*.vkuseraudio.com;*.vkuservideo.net;*.vkuservideo.com;*.vk.me;userapi.com;", + "ssl_cert_serial_number": "0x5afa3a189e6a5c11e1e18b0f", + "ssl_cert_signature_algorithm": "1.2.840.113549.1.1.11", + "ssl_cert_validity_before": "180717083809Z", + "ssl_cert_validity_after": "190714162604Z", + "ssl_cert_algorithm_identifier": "1.2.840.113549.1.1.11", + "name": "SSL_RESULT_1" + }, + { + "Tuple4": "192.168.2.102.56776>34.138.246.121.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "public.tls-ech.dev", + "ssl_ja3_hash": "a195b9c006fcb23ab9a2343b0871e362", + "ssl_esni": 0, + "ssl_ech": 1, + "ssl_server_version": "TLS1.2", + "ssl_ja3s_hash": "2b0648ab686ee45e0e7c35fcfb0eea7e", + "name": "SSL_RESULT_2" + }, + { + "Tuple4": "192.168.50.38.52391>104.16.123.96.443", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "62a4a00de930bd0a5bee0309cc8362ed", + "ssl_esni": 1, + "ssl_ech": 0, + "ssl_server_version": "TLS1.2", + "ssl_ja3s_hash": "eb1d94daa7e0344597e756a1fb6e7054", + "name": "SSL_RESULT_3" + }, + { + "Tuple4": "192.168.2.102.56768>34.138.246.121.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "public.tls-ech.dev", + "ssl_ja3_hash": "a195b9c006fcb23ab9a2343b0871e362", + "ssl_esni": 0, + "ssl_ech": 1, + "ssl_server_version": "TLS1.2", + "ssl_ja3s_hash": "2b0648ab686ee45e0e7c35fcfb0eea7e", + "name": "SSL_RESULT_4" + } ]
\ No newline at end of file diff --git a/test/case/tcp_ack_contians_payload/ssl_tcp_ack_contians_payload_result.json b/test/case/tcp_ack_contians_payload/ssl_tcp_ack_contians_payload_result.json index 9632ce8..aef271e 100644 --- a/test/case/tcp_ack_contians_payload/ssl_tcp_ack_contians_payload_result.json +++ b/test/case/tcp_ack_contians_payload/ssl_tcp_ack_contians_payload_result.json @@ -1,24 +1,27 @@ [ { - "Tuple4": "36.251.161.167.39018>143.92.57.79.443", + "Tuple4": "36.251.161.167.39025>143.92.57.79.443", "ssl_sni": "a.ywgyuv.cn", - "ssl_ech": "1", + "ssl_esni": 0, + "ssl_ech": 1, "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "6f7971785f5cbbcb21819b6639f0e8f7", + "ssl_ja3_hash": "0ac1d260c0b1f0e3bf645d6580ea6343", "name": "SSL_RESULT_1" }, { - "Tuple4": "36.251.161.167.39025>143.92.57.79.443", + "Tuple4": "36.251.161.167.39018>143.92.57.79.443", "ssl_sni": "a.ywgyuv.cn", - "ssl_ech": "1", + "ssl_esni": 0, + "ssl_ech": 1, "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "0ac1d260c0b1f0e3bf645d6580ea6343", + "ssl_ja3_hash": "6f7971785f5cbbcb21819b6639f0e8f7", "name": "SSL_RESULT_2" }, { "Tuple4": "36.251.161.167.39112>143.92.57.79.443", "ssl_sni": "a.ywgyuv.cn", - "ssl_ech": "1", + "ssl_esni": 0, + "ssl_ech": 1, "ssl_client_version": "TLS1.2", "ssl_ja3_hash": "ca54aeeb513ecacf4d7bc22c5d8f0b75", "name": "SSL_RESULT_3" @@ -26,7 +29,8 @@ { "Tuple4": "36.251.161.167.39423>143.92.57.79.443", "ssl_sni": "a.ywgyuv.cn", - "ssl_ech": "1", + "ssl_esni": 0, + "ssl_ech": 1, "ssl_client_version": "TLS1.2", "ssl_ja3_hash": "9e41793e6f0a1696bedc0876465e1f42", "name": "SSL_RESULT_4" @@ -34,81 +38,91 @@ { "Tuple4": "36.251.161.167.39680>143.92.57.79.443", "ssl_sni": "a.ywgyuv.cn", - "ssl_ech": "1", + "ssl_esni": 0, + "ssl_ech": 1, "ssl_client_version": "TLS1.2", "ssl_ja3_hash": "47c3fabcf1bc65a32a9d3fb8e70ab79d", "name": "SSL_RESULT_5" }, { - "Tuple4": "36.251.161.167.39809>143.92.57.79.443", + "Tuple4": "36.251.161.167.39816>143.92.57.79.443", "ssl_sni": "a.ywgyuv.cn", - "ssl_ech": "1", + "ssl_esni": 0, + "ssl_ech": 1, "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "04331a57b3e122e689c373712edf42c0", + "ssl_ja3_hash": "34c3efe4e6565e8eef2eaaeb7c12a1a6", "name": "SSL_RESULT_6" }, { - "Tuple4": "36.251.161.167.39816>143.92.57.79.443", + "Tuple4": "36.251.161.167.39820>143.92.57.79.443", "ssl_sni": "a.ywgyuv.cn", - "ssl_ech": "1", + "ssl_esni": 0, + "ssl_ech": 1, "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "34c3efe4e6565e8eef2eaaeb7c12a1a6", + "ssl_ja3_hash": "cc97290a5bb4651489fe7a88e93ace90", "name": "SSL_RESULT_7" }, { - "Tuple4": "36.251.161.167.39820>143.92.57.79.443", + "Tuple4": "36.251.161.167.39809>143.92.57.79.443", "ssl_sni": "a.ywgyuv.cn", - "ssl_ech": "1", + "ssl_esni": 0, + "ssl_ech": 1, "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cc97290a5bb4651489fe7a88e93ace90", + "ssl_ja3_hash": "04331a57b3e122e689c373712edf42c0", "name": "SSL_RESULT_8" }, { - "Tuple4": "36.251.161.167.39825>143.92.57.79.443", + "Tuple4": "36.251.161.167.39832>143.92.57.79.443", "ssl_sni": "a.ywgyuv.cn", - "ssl_ech": "1", + "ssl_esni": 0, + "ssl_ech": 1, "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "4e6ae21ce8b876dc7cad2f5ca9a60b23", + "ssl_ja3_hash": "89cb560e9ee2d33728756a2d4d7b2900", "name": "SSL_RESULT_9" }, { - "Tuple4": "36.251.161.167.39832>143.92.57.79.443", + "Tuple4": "36.251.161.167.39825>143.92.57.79.443", "ssl_sni": "a.ywgyuv.cn", - "ssl_ech": "1", + "ssl_esni": 0, + "ssl_ech": 1, "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "89cb560e9ee2d33728756a2d4d7b2900", + "ssl_ja3_hash": "4e6ae21ce8b876dc7cad2f5ca9a60b23", "name": "SSL_RESULT_10" }, { - "Tuple4": "36.251.161.167.39850>143.92.57.79.443", + "Tuple4": "36.251.161.167.39867>143.92.57.79.443", "ssl_sni": "a.ywgyuv.cn", - "ssl_ech": "1", + "ssl_esni": 0, + "ssl_ech": 1, "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "7324d30178b21f4c3a60550ef43d5ab0", + "ssl_ja3_hash": "53fed08198669268c271fc320627c0c4", "name": "SSL_RESULT_11" }, { - "Tuple4": "36.251.161.167.39867>143.92.57.79.443", + "Tuple4": "36.251.161.167.39850>143.92.57.79.443", "ssl_sni": "a.ywgyuv.cn", - "ssl_ech": "1", + "ssl_esni": 0, + "ssl_ech": 1, "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "53fed08198669268c271fc320627c0c4", + "ssl_ja3_hash": "7324d30178b21f4c3a60550ef43d5ab0", "name": "SSL_RESULT_12" }, { - "Tuple4": "36.251.161.167.39777>143.92.57.79.443", + "Tuple4": "36.251.161.167.39810>143.92.57.79.443", "ssl_sni": "a.ywgyuv.cn", - "ssl_ech": "1", + "ssl_esni": 0, + "ssl_ech": 1, "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "c3db97da3b30171e5cf9de314584b555", + "ssl_ja3_hash": "ff194650bab04e7b4cd55e66fd91c010", "name": "SSL_RESULT_13" }, { - "Tuple4": "36.251.161.167.39810>143.92.57.79.443", + "Tuple4": "36.251.161.167.39777>143.92.57.79.443", "ssl_sni": "a.ywgyuv.cn", - "ssl_ech": "1", + "ssl_esni": 0, + "ssl_ech": 1, "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "ff194650bab04e7b4cd55e66fd91c010", + "ssl_ja3_hash": "c3db97da3b30171e5cf9de314584b555", "name": "SSL_RESULT_14" } ]
\ No newline at end of file diff --git a/test/case/xxg/ssl_xxg_target_result.json b/test/case/xxg/ssl_xxg_target_result.json index 4316465..c65d21a 100644 --- a/test/case/xxg/ssl_xxg_target_result.json +++ b/test/case/xxg/ssl_xxg_target_result.json @@ -1,1493 +1,1681 @@ -[ - { - "Tuple4": "192.168.50.33.51933>54.230.21.91.443", - "name": "SSL_RESULT_1" - }, - { - "Tuple4": "192.168.50.52.17312>142.250.66.99.443", - "ssl_sni": "www.gstatic.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "ssl_ja3s_hash": "eb1d94daa7e0344597e756a1fb6e7054", - "name": "SSL_RESULT_2" - }, - { - "Tuple4": "192.168.50.52.17313>142.250.66.99.443", - "ssl_sni": "www.gstatic.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "ssl_ja3s_hash": "eb1d94daa7e0344597e756a1fb6e7054", - "name": "SSL_RESULT_3" - }, - { - "Tuple4": "192.168.50.52.17330>151.101.194.187.443", - "ssl_sni": "www.target.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_4" - }, - { - "Tuple4": "192.168.50.52.17332>151.101.194.187.443", - "ssl_sni": "www.target.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_5" - }, - { - "Tuple4": "192.168.50.52.17331>151.101.194.187.443", - "ssl_sni": "www.target.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_6" - }, - { - "Tuple4": "192.168.50.52.17335>151.101.194.187.443", - "ssl_sni": "www.target.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_7" - }, - { - "Tuple4": "192.168.50.52.17337>151.101.194.187.443", - "ssl_sni": "www.target.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_8" - }, - { - "Tuple4": "192.168.50.52.17336>151.101.194.187.443", - "ssl_sni": "www.target.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_9" - }, - { - "Tuple4": "192.168.50.52.17339>151.101.194.187.443", - "ssl_sni": "www.target.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_10" - }, - { - "Tuple4": "192.168.50.52.17340>151.101.194.187.443", - "ssl_sni": "www.target.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_11" - }, - { - "Tuple4": "192.168.50.33.63477>142.250.66.78.443", - "name": "SSL_RESULT_12" - }, - { - "Tuple4": "192.168.50.52.17356>151.101.194.187.443", - "ssl_sni": "www.target.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_13" - }, - { - "Tuple4": "192.168.50.52.17357>151.101.194.187.443", - "ssl_sni": "www.target.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_14" - }, - { - "Tuple4": "192.168.50.52.17358>151.101.194.187.443", - "ssl_sni": "www.target.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_15" - }, - { - "Tuple4": "192.168.50.52.17359>151.101.194.187.443", - "ssl_sni": "www.target.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_16" - }, - { - "Tuple4": "192.168.50.33.50714>142.250.66.134.443", - "name": "SSL_RESULT_17" - }, - { - "Tuple4": "192.168.50.52.17367>151.101.194.187.443", - "ssl_sni": "www.target.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_18" - }, - { - "Tuple4": "192.168.50.52.17368>151.101.194.187.443", - "ssl_sni": "www.target.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_19" - }, - { - "Tuple4": "192.168.50.52.17370>151.101.194.187.443", - "ssl_sni": "www.target.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_20" - }, - { - "Tuple4": "192.168.50.52.17369>151.101.194.187.443", - "ssl_sni": "www.target.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_21" - }, - { - "Tuple4": "192.168.50.52.17378>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_22" - }, - { - "Tuple4": "192.168.50.52.17379>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_23" - }, - { - "Tuple4": "192.168.50.52.17383>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_24" - }, - { - "Tuple4": "192.168.50.52.17382>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_25" - }, - { - "Tuple4": "192.168.50.52.17385>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_26" - }, - { - "Tuple4": "192.168.50.52.17389>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_27" - }, - { - "Tuple4": "192.168.50.52.17387>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_28" - }, - { - "Tuple4": "192.168.50.52.17386>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_29" - }, - { - "Tuple4": "192.168.50.52.17390>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_30" - }, - { - "Tuple4": "192.168.50.52.17391>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_31" - }, - { - "Tuple4": "192.168.50.52.17392>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_32" - }, - { - "Tuple4": "192.168.50.52.17395>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_33" - }, - { - "Tuple4": "192.168.50.52.17393>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_34" - }, - { - "Tuple4": "192.168.50.52.17396>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_35" - }, - { - "Tuple4": "192.168.50.52.17394>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_36" - }, - { - "Tuple4": "192.168.50.52.17397>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_37" - }, - { - "Tuple4": "192.168.50.52.17398>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_38" - }, - { - "Tuple4": "192.168.50.52.17403>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_39" - }, - { - "Tuple4": "192.168.50.52.17402>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_40" - }, - { - "Tuple4": "192.168.50.52.17405>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_41" - }, - { - "Tuple4": "192.168.50.52.17404>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_42" - }, - { - "Tuple4": "192.168.50.52.17406>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_43" - }, - { - "Tuple4": "192.168.50.52.17407>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_44" - }, - { - "Tuple4": "192.168.50.52.17409>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_45" - }, - { - "Tuple4": "192.168.50.52.17408>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_46" - }, - { - "Tuple4": "192.168.50.52.17413>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_47" - }, - { - "Tuple4": "192.168.50.52.17412>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_48" - }, - { - "Tuple4": "192.168.50.52.17415>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_49" - }, - { - "Tuple4": "192.168.50.52.17416>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_50" - }, - { - "Tuple4": "192.168.50.52.17421>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_51" - }, - { - "Tuple4": "192.168.50.52.17420>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_52" - }, - { - "Tuple4": "192.168.50.52.17422>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_53" - }, - { - "Tuple4": "192.168.50.52.17423>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_54" - }, - { - "Tuple4": "192.168.50.52.17424>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_55" - }, - { - "Tuple4": "192.168.50.52.17429>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_56" - }, - { - "Tuple4": "192.168.50.52.17430>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_57" - }, - { - "Tuple4": "192.168.50.52.17380>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_58" - }, - { - "Tuple4": "192.168.50.52.17438>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_59" - }, - { - "Tuple4": "192.168.50.52.17388>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_60" - }, - { - "Tuple4": "192.168.50.52.17439>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_61" - }, - { - "Tuple4": "192.168.50.52.17401>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_62" - }, - { - "Tuple4": "192.168.50.52.17400>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_63" - }, - { - "Tuple4": "192.168.50.52.17440>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_64" - }, - { - "Tuple4": "192.168.50.52.17442>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_65" - }, - { - "Tuple4": "192.168.50.52.17443>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_66" - }, - { - "Tuple4": "192.168.50.52.17441>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_67" - }, - { - "Tuple4": "192.168.50.52.17410>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_68" - }, - { - "Tuple4": "192.168.50.52.17444>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_69" - }, - { - "Tuple4": "192.168.50.52.17445>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_70" - }, - { - "Tuple4": "192.168.50.52.17419>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_71" - }, - { - "Tuple4": "192.168.50.52.17417>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_72" - }, - { - "Tuple4": "192.168.50.52.17414>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_73" - }, - { - "Tuple4": "192.168.50.52.17411>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_74" - }, - { - "Tuple4": "192.168.50.52.17448>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_75" - }, - { - "Tuple4": "192.168.50.52.17449>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_76" - }, - { - "Tuple4": "192.168.50.52.17451>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_77" - }, - { - "Tuple4": "192.168.50.52.17452>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_78" - }, - { - "Tuple4": "192.168.50.52.17453>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_79" - }, - { - "Tuple4": "192.168.50.52.17454>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_80" - }, - { - "Tuple4": "192.168.50.52.17455>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_81" - }, - { - "Tuple4": "192.168.50.52.17425>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_82" - }, - { - "Tuple4": "192.168.50.52.17426>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_83" - }, - { - "Tuple4": "192.168.50.52.17456>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_84" - }, - { - "Tuple4": "192.168.50.52.17457>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_85" - }, - { - "Tuple4": "192.168.50.52.17458>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_86" - }, - { - "Tuple4": "192.168.50.52.17459>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_87" - }, - { - "Tuple4": "192.168.50.52.17428>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_88" - }, - { - "Tuple4": "192.168.50.52.17460>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_89" - }, - { - "Tuple4": "192.168.50.52.17461>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_90" - }, - { - "Tuple4": "192.168.50.52.17462>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_91" - }, - { - "Tuple4": "192.168.50.52.17464>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_92" - }, - { - "Tuple4": "192.168.50.52.17463>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_93" - }, - { - "Tuple4": "192.168.50.52.17466>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_94" - }, - { - "Tuple4": "192.168.50.52.17465>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_95" - }, - { - "Tuple4": "192.168.50.52.17468>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_96" - }, - { - "Tuple4": "192.168.50.52.17431>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_97" - }, - { - "Tuple4": "192.168.50.52.17469>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_98" - }, - { - "Tuple4": "192.168.50.52.17470>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_99" - }, - { - "Tuple4": "192.168.50.52.17473>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_100" - }, - { - "Tuple4": "192.168.50.52.17474>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_101" - }, - { - "Tuple4": "192.168.50.52.17471>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_102" - }, - { - "Tuple4": "192.168.50.52.17472>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_103" - }, - { - "Tuple4": "192.168.50.52.17475>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_104" - }, - { - "Tuple4": "192.168.50.52.17476>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_105" - }, - { - "Tuple4": "192.168.50.52.17477>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_106" - }, - { - "Tuple4": "192.168.50.52.17481>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_107" - }, - { - "Tuple4": "192.168.50.52.17479>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_108" - }, - { - "Tuple4": "192.168.50.52.17483>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_109" - }, - { - "Tuple4": "192.168.50.52.17484>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_110" - }, - { - "Tuple4": "192.168.50.52.17485>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_111" - }, - { - "Tuple4": "192.168.50.52.17486>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_112" - }, - { - "Tuple4": "192.168.50.52.17487>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_113" - }, - { - "Tuple4": "192.168.50.52.17488>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_114" - }, - { - "Tuple4": "192.168.50.52.17490>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_115" - }, - { - "Tuple4": "192.168.50.52.17491>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_116" - }, - { - "Tuple4": "192.168.50.52.17492>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_117" - }, - { - "Tuple4": "192.168.50.52.17493>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_118" - }, - { - "Tuple4": "192.168.50.52.17494>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_119" - }, - { - "Tuple4": "192.168.50.52.17495>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_120" - }, - { - "Tuple4": "192.168.50.52.17496>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_121" - }, - { - "Tuple4": "192.168.50.52.17497>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_122" - }, - { - "Tuple4": "192.168.50.52.17498>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_123" - }, - { - "Tuple4": "192.168.50.52.17499>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_124" - }, - { - "Tuple4": "192.168.50.52.17500>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_125" - }, - { - "Tuple4": "192.168.50.52.17501>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_126" - }, - { - "Tuple4": "192.168.50.52.17502>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_127" - }, - { - "Tuple4": "192.168.50.52.17503>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_128" - }, - { - "Tuple4": "192.168.50.52.17504>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_129" - }, - { - "Tuple4": "192.168.50.52.17505>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_130" - }, - { - "Tuple4": "192.168.50.52.17506>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_131" - }, - { - "Tuple4": "192.168.50.52.17507>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_132" - }, - { - "Tuple4": "192.168.50.52.17508>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_133" - }, - { - "Tuple4": "192.168.50.52.17509>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_134" - }, - { - "Tuple4": "192.168.50.52.17511>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_135" - }, - { - "Tuple4": "192.168.50.52.17510>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_136" - }, - { - "Tuple4": "192.168.50.52.17512>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_137" - }, - { - "Tuple4": "192.168.50.52.17513>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_138" - }, - { - "Tuple4": "192.168.50.52.17514>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_139" - }, - { - "Tuple4": "192.168.50.52.17515>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_140" - }, - { - "Tuple4": "192.168.50.52.17516>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_141" - }, - { - "Tuple4": "192.168.50.52.17519>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_142" - }, - { - "Tuple4": "192.168.50.52.17518>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_143" - }, - { - "Tuple4": "192.168.50.52.17520>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_144" - }, - { - "Tuple4": "192.168.50.52.17521>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_145" - }, - { - "Tuple4": "192.168.50.52.17522>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_146" - }, - { - "Tuple4": "192.168.50.52.17523>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_147" - }, - { - "Tuple4": "192.168.50.52.17524>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_148" - }, - { - "Tuple4": "192.168.50.52.17526>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_149" - }, - { - "Tuple4": "192.168.50.52.17525>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_150" - }, - { - "Tuple4": "192.168.50.52.17527>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_151" - }, - { - "Tuple4": "192.168.50.52.17528>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_152" - }, - { - "Tuple4": "192.168.50.52.17529>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_153" - }, - { - "Tuple4": "192.168.50.52.17530>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_154" - }, - { - "Tuple4": "192.168.50.52.17446>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_155" - }, - { - "Tuple4": "192.168.50.52.17418>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_156" - }, - { - "Tuple4": "192.168.50.52.17447>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_157" - }, - { - "Tuple4": "192.168.50.52.17531>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_158" - }, - { - "Tuple4": "192.168.50.52.17450>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_159" - }, - { - "Tuple4": "192.168.50.52.17532>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_160" - }, - { - "Tuple4": "192.168.50.52.17533>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_161" - }, - { - "Tuple4": "192.168.50.52.17480>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_162" - }, - { - "Tuple4": "192.168.50.52.17478>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_163" - }, - { - "Tuple4": "192.168.50.52.17482>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_164" - }, - { - "Tuple4": "192.168.50.52.17534>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_165" - }, - { - "Tuple4": "192.168.50.52.17536>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_166" - }, - { - "Tuple4": "192.168.50.52.17517>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_167" - }, - { - "Tuple4": "192.168.50.52.17540>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_168" - }, - { - "Tuple4": "192.168.50.52.17399>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_169" - }, - { - "Tuple4": "192.168.50.52.17541>23.57.112.179.443", - "ssl_sni": "target.scene7.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_170" - }, - { - "Tuple4": "192.168.50.52.17535>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_171" - }, - { - "Tuple4": "192.168.50.52.17542>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_172" - }, - { - "Tuple4": "192.168.50.52.17543>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_173" - }, - { - "Tuple4": "192.168.50.52.17545>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_174" - }, - { - "Tuple4": "192.168.50.52.17546>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_175" - }, - { - "Tuple4": "192.168.50.52.17547>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_176" - }, - { - "Tuple4": "192.168.50.52.17548>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_177" - }, - { - "Tuple4": "192.168.50.52.17549>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_178" - }, - { - "Tuple4": "192.168.50.52.17550>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_179" - }, - { - "Tuple4": "192.168.50.52.17551>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_180" - }, - { - "Tuple4": "192.168.50.52.17552>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_181" - }, - { - "Tuple4": "192.168.50.52.17554>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_182" - }, - { - "Tuple4": "192.168.50.33.64967>54.230.21.91.443", - "name": "SSL_RESULT_183" - }, - { - "Tuple4": "192.168.50.52.17553>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_184" - }, - { - "Tuple4": "192.168.50.52.17555>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_185" - }, - { - "Tuple4": "192.168.50.52.17559>151.101.130.180.443", - "ssl_sni": "assets.targetimg1.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "name": "SSL_RESULT_186" - }, - { - "Tuple4": "192.168.50.33.57414>142.250.66.42.443", - "name": "SSL_RESULT_187" - }, - { - "Tuple4": "192.168.50.33.60652>142.250.66.99.443", - "name": "SSL_RESULT_188" - }, - { - "Tuple4": "192.168.50.33.58291>220.181.174.230.443", - "name": "SSL_RESULT_189" - }, - { - "Tuple4": "192.168.50.33.50525>172.217.27.35.443", - "name": "SSL_RESULT_190" - }, - { - "Tuple4": "192.168.50.33.56708>142.250.204.36.443", - "name": "SSL_RESULT_191" - }, - { - "Tuple4": "192.168.50.33.55558>142.250.66.99.443", - "name": "SSL_RESULT_192" - }, - { - "Tuple4": "192.168.50.33.65240>142.250.204.86.443", - "name": "SSL_RESULT_193" - }, - { - "Tuple4": "192.168.50.33.57554>142.250.204.65.443", - "name": "SSL_RESULT_194" - }, - { - "Tuple4": "192.168.50.33.65100>142.250.207.74.443", - "name": "SSL_RESULT_195" - }, - { - "Tuple4": "192.168.50.33.54638>142.250.204.110.443", - "name": "SSL_RESULT_196" - }, - { - "Tuple4": "192.168.50.33.63347>142.250.66.131.443", - "name": "SSL_RESULT_197" - }, - { - "Tuple4": "192.168.50.52.1079>40.119.211.203.443", - "name": "SSL_RESULT_198" - }, - { - "Tuple4": "192.168.50.52.17311>142.250.66.99.443", - "ssl_sni": "www.gstatic.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "ssl_ja3s_hash": "eb1d94daa7e0344597e756a1fb6e7054", - "name": "SSL_RESULT_199" - }, - { - "Tuple4": "192.168.50.52.14756>172.217.24.110.443", - "name": "SSL_RESULT_200" - }, - { - "Tuple4": "192.168.50.52.27956>40.90.189.152.443", - "name": "SSL_RESULT_201" - }, - { - "Tuple4": "192.168.50.52.17376>151.101.194.187.443", - "ssl_sni": "www.target.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "ssl_ja3s_hash": "16c0b3e6a7b8173c16d944cfeaeee9cf", - "ssl_cert_version": "v3", - "ssl_cert_Issuer": "GlobalSign Atlas R3 OV TLS CA H2 2021;GlobalSign nv-sa;;;;;BE", - "ssl_cert_IssuerCN": "GlobalSign Atlas R3 OV TLS CA H2 2021", - "ssl_cert_IssuerO": "GlobalSign nv-sa", - "ssl_cert_IssuerC": "BE", - "ssl_cert_Sub": "sites.target.com;Target Corporation;;Minneapolis;;Minnesota;US", - "ssl_cert_SubCN": "sites.target.com", - "ssl_cert_SubO": "Target Corporation", - "ssl_cert_SubC": "US", - "ssl_cert_SubP": "Minnesota", - "ssl_cert_SubL": "Minneapolis", - "ssl_cert_SubAltName": "sites.target.com;affiliate.target.com;android.studioconnect.live;api.studioconnect.live;apollo-metrics.target.com;assethub.partnersonline.com;assethub.target.com;awesomeshop.target.com;bex.partnersonline.com;bex.target.com;cartster.target.com;cartwheel.target.com;cartwheelws-secure.target.com;circle.target.com;connect.roundel.com;connectedcommerce.target.com;corporate.target.com;developer.target.com;dojo.target.com;doppler.partnersonline.com;elevate.target.com;extgargantua.partnersonline.com;factorial.partnersonline.com;finds.target.com;gql.studioconnect.live;greenfield.partnersonline.com;greenfield.target.com;hrocdocrequest.target.com;iccon.target.com;incubator.target.com;india.target.com;ios.studioconnect.live;jira.target.com;launchpad.partnersonline.com;launchpad.target.com;leads.studioconnect.live;m.target.com;marketinghub.target.com;mercury.partnersonline.com;mickra.target.com;mickradashboard.target.com;mvs.partnersonline.com;mytime.target.com;nic.target;openhouse.target.com;opensource.target.com;osmosis.partnersonline.com;partnersonline.com;pcn.partnersonline.com;peg.partnersonline.com;photosubmission.target.com;pid.partnersonline.com;plus.target.com;pmworkorderadmin.partnersonline.com;poladmin.partnersonline.com;pop.partnersonline.com;qmp.partnersonline.com;qr.target.com;r2d2.target.com;rdmplus.target.com;recognize.target.com;redcard.target.com;redirect.studioconnect.live;rik.roundel.com;roundel.com;rubix.partnersonline.com;rubix.target.com;security.target.com;servicetech.target.com;sm.partnersonline.com;spark.partnersonline.com;spark.target.com;studioconnect.live;stylehub.target.com;synergy.partnersonline.com;target.com;targetmedianetwork.target.com;targetopenhouse.com;tepagent.target.com;tgt-files.target.com;tgtdriver.partnersonline.com;ti-event-prod.target.com;tiam.target.com;tiiam.target.com;tvi.partnersonline.com;viewpoint.target.com;weeklyad.target.com;www.partnersonline.com;www.roundel.com;www.target.com;www.targetopenhouse.com", - "ssl_cert_SerialNum": "0x012ede33fc9283773396e9b1ff995262", - "ssl_cert_AgID": "1.2.840.113549.1.1.11", - "ssl_cert_From": "210928164609Z", - "ssl_cert_To": "221030164608Z", - "ssl_cert_SSLFPAg": "1.2.840.113549.1.1.11", - "name": "SSL_RESULT_202" - }, - { - "Tuple4": "192.168.50.52.17384>220.181.174.102.443", - "ssl_sni": "securepubads.g.doubleclick.net", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "598872011444709307b861ae817a4b60", - "ssl_ja3s_hash": "2b0648ab686ee45e0e7c35fcfb0eea7e", - "name": "SSL_RESULT_203" - }, - { - "Tuple4": "192.168.50.52.17427>172.217.31.2.443", - "ssl_sni": "pagead2.googlesyndication.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "598872011444709307b861ae817a4b60", - "ssl_ja3s_hash": "2b0648ab686ee45e0e7c35fcfb0eea7e", - "name": "SSL_RESULT_204" - }, - { - "Tuple4": "192.168.50.52.17381>23.57.114.38.443", - "ssl_sni": "js-sec.indexww.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "ssl_ja3s_hash": "410b9bedaf65dd26c6fe547154d60db4", - "name": "SSL_RESULT_205" - }, - { - "Tuple4": "192.168.50.52.17432>220.181.174.102.443", - "ssl_sni": "securepubads.g.doubleclick.net", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "598872011444709307b861ae817a4b60", - "ssl_ja3s_hash": "2b0648ab686ee45e0e7c35fcfb0eea7e", - "name": "SSL_RESULT_206" - }, - { - "Tuple4": "192.168.50.52.17434>15.197.193.217.443", - "ssl_sni": "match.adsrvr.org", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "ssl_ja3s_hash": "8d2a028aa94425f76ced7826b1f39039", - "ssl_cert_version": "v3", - "ssl_cert_Issuer": "GlobalSign GCC R3 DV TLS CA 2020;GlobalSign nv-sa;;;;;BE", - "ssl_cert_IssuerCN": "GlobalSign GCC R3 DV TLS CA 2020", - "ssl_cert_IssuerO": "GlobalSign nv-sa", - "ssl_cert_IssuerC": "BE", - "ssl_cert_Sub": "*.adsrvr.org;;;;;;", - "ssl_cert_SubCN": "*.adsrvr.org", - "ssl_cert_SubAltName": "*.adsrvr.org;adsrvr.org", - "ssl_cert_SerialNum": "0x2ddaa6f359d4ce458fe983f1", - "ssl_cert_AgID": "1.2.840.113549.1.1.11", - "ssl_cert_From": "220331203750Z", - "ssl_cert_To": "230502203749Z", - "ssl_cert_SSLFPAg": "1.2.840.113549.1.1.11", - "name": "SSL_RESULT_207" - }, - { - "Tuple4": "192.168.50.52.17375>151.101.194.187.443", - "ssl_sni": "www.target.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "ssl_ja3s_hash": "16c0b3e6a7b8173c16d944cfeaeee9cf", - "ssl_cert_version": "v3", - "ssl_cert_Issuer": "GlobalSign Atlas R3 OV TLS CA H2 2021;GlobalSign nv-sa;;;;;BE", - "ssl_cert_IssuerCN": "GlobalSign Atlas R3 OV TLS CA H2 2021", - "ssl_cert_IssuerO": "GlobalSign nv-sa", - "ssl_cert_IssuerC": "BE", - "ssl_cert_Sub": "sites.target.com;Target Corporation;;Minneapolis;;Minnesota;US", - "ssl_cert_SubCN": "sites.target.com", - "ssl_cert_SubO": "Target Corporation", - "ssl_cert_SubC": "US", - "ssl_cert_SubP": "Minnesota", - "ssl_cert_SubL": "Minneapolis", - "ssl_cert_SubAltName": "sites.target.com;affiliate.target.com;android.studioconnect.live;api.studioconnect.live;apollo-metrics.target.com;assethub.partnersonline.com;assethub.target.com;awesomeshop.target.com;bex.partnersonline.com;bex.target.com;cartster.target.com;cartwheel.target.com;cartwheelws-secure.target.com;circle.target.com;connect.roundel.com;connectedcommerce.target.com;corporate.target.com;developer.target.com;dojo.target.com;doppler.partnersonline.com;elevate.target.com;extgargantua.partnersonline.com;factorial.partnersonline.com;finds.target.com;gql.studioconnect.live;greenfield.partnersonline.com;greenfield.target.com;hrocdocrequest.target.com;iccon.target.com;incubator.target.com;india.target.com;ios.studioconnect.live;jira.target.com;launchpad.partnersonline.com;launchpad.target.com;leads.studioconnect.live;m.target.com;marketinghub.target.com;mercury.partnersonline.com;mickra.target.com;mickradashboard.target.com;mvs.partnersonline.com;mytime.target.com;nic.target;openhouse.target.com;opensource.target.com;osmosis.partnersonline.com;partnersonline.com;pcn.partnersonline.com;peg.partnersonline.com;photosubmission.target.com;pid.partnersonline.com;plus.target.com;pmworkorderadmin.partnersonline.com;poladmin.partnersonline.com;pop.partnersonline.com;qmp.partnersonline.com;qr.target.com;r2d2.target.com;rdmplus.target.com;recognize.target.com;redcard.target.com;redirect.studioconnect.live;rik.roundel.com;roundel.com;rubix.partnersonline.com;rubix.target.com;security.target.com;servicetech.target.com;sm.partnersonline.com;spark.partnersonline.com;spark.target.com;studioconnect.live;stylehub.target.com;synergy.partnersonline.com;target.com;targetmedianetwork.target.com;targetopenhouse.com;tepagent.target.com;tgt-files.target.com;tgtdriver.partnersonline.com;ti-event-prod.target.com;tiam.target.com;tiiam.target.com;tvi.partnersonline.com;viewpoint.target.com;weeklyad.target.com;www.partnersonline.com;www.roundel.com;www.target.com;www.targetopenhouse.com", - "ssl_cert_SerialNum": "0x012ede33fc9283773396e9b1ff995262", - "ssl_cert_AgID": "1.2.840.113549.1.1.11", - "ssl_cert_From": "210928164609Z", - "ssl_cert_To": "221030164608Z", - "ssl_cert_SSLFPAg": "1.2.840.113549.1.1.11", - "name": "SSL_RESULT_208" - }, - { - "Tuple4": "192.168.50.52.17433>3.217.136.163.443", - "ssl_sni": "idx.liadm.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "ssl_ja3s_hash": "303951d4c50efb2e991652225a6f02b1", - "name": "SSL_RESULT_209" - }, - { - "Tuple4": "192.168.50.52.17437>3.217.136.163.443", - "ssl_sni": "idx.liadm.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", - "ssl_ja3s_hash": "303951d4c50efb2e991652225a6f02b1", - "name": "SSL_RESULT_210" - }, - { - "Tuple4": "192.168.50.52.17544>142.250.207.74.443", - "ssl_sni": "content-autofill.googleapis.com", - "ssl_client_version": "TLS1.2", - "ssl_ja3_hash": "598872011444709307b861ae817a4b60", - "ssl_ja3s_hash": "2b0648ab686ee45e0e7c35fcfb0eea7e", - "name": "SSL_RESULT_211" - }, - { - "Tuple4": "192.168.50.57.54160>39.105.29.36.443", - "name": "SSL_RESULT_212" - }, - { - "Tuple4": "192.168.50.57.54162>39.105.29.36.443", - "name": "SSL_RESULT_213" - } -]
\ No newline at end of file +[{ + "Tuple4": "192.168.50.52.1079>40.119.211.203.443", + "name": "SSL_RESULT_1" + }, { + "Tuple4": "192.168.50.52.17311>142.250.66.99.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "www.gstatic.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "ssl_server_version": "TLS1.2", + "ssl_ja3s_hash": "eb1d94daa7e0344597e756a1fb6e7054", + "name": "SSL_RESULT_2" + }, { + "Tuple4": "192.168.50.52.14756>172.217.24.110.443", + "name": "SSL_RESULT_3" + }, { + "Tuple4": "192.168.50.33.54456>121.51.77.101.443", + "name": "SSL_RESULT_4" + }, { + "Tuple4": "192.168.50.52.27956>40.90.189.152.443", + "name": "SSL_RESULT_5" + }, { + "Tuple4": "192.168.50.52.17376>151.101.194.187.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "www.target.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "ssl_server_version": "TLS1.2", + "ssl_ja3s_hash": "16c0b3e6a7b8173c16d944cfeaeee9cf", + "ssl_cert_version": "v3", + "ssl_cert_issuer": "GlobalSign Atlas R3 OV TLS CA H2 2021;GlobalSign nv-sa;;;;;BE", + "ssl_cert_issuer_common": "GlobalSign Atlas R3 OV TLS CA H2 2021", + "ssl_cert_issuer_organization": "GlobalSign nv-sa", + "ssl_cert_issuer_country": "BE", + "ssl_cert_subject": "sites.target.com;Target Corporation;;Minneapolis;;Minnesota;US", + "ssl_cert_subject_common": "sites.target.com", + "ssl_cert_subject_organization": "Target Corporation", + "ssl_cert_subject_country": "US", + "ssl_cert_subject_state_or_Province": "Minnesota", + "ssl_cert_subject_locality": "Minneapolis", + "ssl_cert_subject_alt_name": "sites.target.com;affiliate.target.com;android.studioconnect.live;api.studioconnect.live;apollo-metrics.target.com;assethub.partnersonline.com;assethub.target.com;awesomeshop.target.com;bex.partnersonline.com;bex.target.com;cartster.target.com;cartwheel.target.com;cartwheelws-secure.target.com;circle.target.com;connect.roundel.com;connectedcommerce.target.com;corporate.target.com;developer.target.com;dojo.target.com;doppler.partnersonline.com;elevate.target.com;extgargantua.partnersonline.com;factorial.partnersonline.com;finds.target.com;gql.studioconnect.live;greenfield.partnersonline.com;greenfield.target.com;hrocdocrequest.target.com;iccon.target.com;incubator.target.com;india.target.com;ios.studioconnect.live;jira.target.com;launchpad.partnersonline.com;launchpad.target.com;leads.studioconnect.live;m.target.com;marketinghub.target.com;mercury.partnersonline.com;mickra.target.com;mickradashboard.target.com;mvs.partnersonline.com;mytime.target.com;nic.target;openhouse.target.com;opensource.target.com;osmosis.partnersonline.com;partnersonline.com;pcn.partnersonline.com;peg.partnersonline.com;photosubmission.target.com;pid.partnersonline.com;plus.target.com;pmworkorderadmin.partnersonline.com;poladmin.partnersonline.com;pop.partnersonline.com;qmp.partnersonline.com;qr.target.com;r2d2.target.com;rdmplus.target.com;recognize.target.com;redcard.target.com;redirect.studioconnect.live;rik.roundel.com;roundel.com;rubix.partnersonline.com;rubix.target.com;security.target.com;servicetech.target.com;sm.partnersonline.com;spark.partnersonline.com;spark.target.com;studioconnect.live;stylehub.target.com;synergy.partnersonline.com;target.com;targetmedianetwork.target.com;targetopenhouse.com;tepagent.target.com;tgt-files.target.com;tgtdriver.partnersonline.com;ti-event-prod.target.com;tiam.target.com;tiiam.target.com;tvi.partnersonline.com;viewpoint.target.com;weeklyad.target.com;www.partnersonline.com;www.roundel.com;www.target.com;www.targetopenhouse.com;", + "ssl_cert_serial_number": "0x012ede33fc9283773396e9b1ff995262", + "ssl_cert_signature_algorithm": "1.2.840.113549.1.1.11", + "ssl_cert_validity_before": "210928164609Z", + "ssl_cert_validity_after": "221030164608Z", + "ssl_cert_algorithm_identifier": "1.2.840.113549.1.1.11", + "name": "SSL_RESULT_6" + }, { + "Tuple4": "192.168.50.52.17384>220.181.174.102.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "securepubads.g.doubleclick.net", + "ssl_ja3_hash": "598872011444709307b861ae817a4b60", + "ssl_esni": 0, + "ssl_ech": 0, + "ssl_server_version": "TLS1.2", + "ssl_ja3s_hash": "2b0648ab686ee45e0e7c35fcfb0eea7e", + "name": "SSL_RESULT_7" + }, { + "Tuple4": "192.168.50.52.17427>172.217.31.2.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "pagead2.googlesyndication.com", + "ssl_ja3_hash": "598872011444709307b861ae817a4b60", + "ssl_esni": 0, + "ssl_ech": 0, + "ssl_server_version": "TLS1.2", + "ssl_ja3s_hash": "2b0648ab686ee45e0e7c35fcfb0eea7e", + "name": "SSL_RESULT_8" + }, { + "Tuple4": "192.168.50.52.17381>23.57.114.38.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "js-sec.indexww.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "ssl_server_version": "TLS1.2", + "ssl_ja3s_hash": "410b9bedaf65dd26c6fe547154d60db4", + "name": "SSL_RESULT_9" + }, { + "Tuple4": "192.168.50.52.17432>220.181.174.102.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "securepubads.g.doubleclick.net", + "ssl_ja3_hash": "598872011444709307b861ae817a4b60", + "ssl_esni": 0, + "ssl_ech": 0, + "ssl_server_version": "TLS1.2", + "ssl_ja3s_hash": "2b0648ab686ee45e0e7c35fcfb0eea7e", + "name": "SSL_RESULT_10" + }, { + "Tuple4": "192.168.50.52.17434>15.197.193.217.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "match.adsrvr.org", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "ssl_server_version": "TLS1.2", + "ssl_ja3s_hash": "8d2a028aa94425f76ced7826b1f39039", + "ssl_cert_version": "v3", + "ssl_cert_issuer": "GlobalSign GCC R3 DV TLS CA 2020;GlobalSign nv-sa;;;;;BE", + "ssl_cert_issuer_common": "GlobalSign GCC R3 DV TLS CA 2020", + "ssl_cert_issuer_organization": "GlobalSign nv-sa", + "ssl_cert_issuer_country": "BE", + "ssl_cert_subject": "*.adsrvr.org;;;;;;", + "ssl_cert_subject_common": "*.adsrvr.org", + "ssl_cert_subject_alt_name": "*.adsrvr.org;adsrvr.org;", + "ssl_cert_serial_number": "0x2ddaa6f359d4ce458fe983f1", + "ssl_cert_signature_algorithm": "1.2.840.113549.1.1.11", + "ssl_cert_validity_before": "220331203750Z", + "ssl_cert_validity_after": "230502203749Z", + "ssl_cert_algorithm_identifier": "1.2.840.113549.1.1.11", + "name": "SSL_RESULT_11" + }, { + "Tuple4": "192.168.50.52.17375>151.101.194.187.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "www.target.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "ssl_server_version": "TLS1.2", + "ssl_ja3s_hash": "16c0b3e6a7b8173c16d944cfeaeee9cf", + "ssl_cert_version": "v3", + "ssl_cert_issuer": "GlobalSign Atlas R3 OV TLS CA H2 2021;GlobalSign nv-sa;;;;;BE", + "ssl_cert_issuer_common": "GlobalSign Atlas R3 OV TLS CA H2 2021", + "ssl_cert_issuer_organization": "GlobalSign nv-sa", + "ssl_cert_issuer_country": "BE", + "ssl_cert_subject": "sites.target.com;Target Corporation;;Minneapolis;;Minnesota;US", + "ssl_cert_subject_common": "sites.target.com", + "ssl_cert_subject_organization": "Target Corporation", + "ssl_cert_subject_country": "US", + "ssl_cert_subject_state_or_Province": "Minnesota", + "ssl_cert_subject_locality": "Minneapolis", + "ssl_cert_subject_alt_name": "sites.target.com;affiliate.target.com;android.studioconnect.live;api.studioconnect.live;apollo-metrics.target.com;assethub.partnersonline.com;assethub.target.com;awesomeshop.target.com;bex.partnersonline.com;bex.target.com;cartster.target.com;cartwheel.target.com;cartwheelws-secure.target.com;circle.target.com;connect.roundel.com;connectedcommerce.target.com;corporate.target.com;developer.target.com;dojo.target.com;doppler.partnersonline.com;elevate.target.com;extgargantua.partnersonline.com;factorial.partnersonline.com;finds.target.com;gql.studioconnect.live;greenfield.partnersonline.com;greenfield.target.com;hrocdocrequest.target.com;iccon.target.com;incubator.target.com;india.target.com;ios.studioconnect.live;jira.target.com;launchpad.partnersonline.com;launchpad.target.com;leads.studioconnect.live;m.target.com;marketinghub.target.com;mercury.partnersonline.com;mickra.target.com;mickradashboard.target.com;mvs.partnersonline.com;mytime.target.com;nic.target;openhouse.target.com;opensource.target.com;osmosis.partnersonline.com;partnersonline.com;pcn.partnersonline.com;peg.partnersonline.com;photosubmission.target.com;pid.partnersonline.com;plus.target.com;pmworkorderadmin.partnersonline.com;poladmin.partnersonline.com;pop.partnersonline.com;qmp.partnersonline.com;qr.target.com;r2d2.target.com;rdmplus.target.com;recognize.target.com;redcard.target.com;redirect.studioconnect.live;rik.roundel.com;roundel.com;rubix.partnersonline.com;rubix.target.com;security.target.com;servicetech.target.com;sm.partnersonline.com;spark.partnersonline.com;spark.target.com;studioconnect.live;stylehub.target.com;synergy.partnersonline.com;target.com;targetmedianetwork.target.com;targetopenhouse.com;tepagent.target.com;tgt-files.target.com;tgtdriver.partnersonline.com;ti-event-prod.target.com;tiam.target.com;tiiam.target.com;tvi.partnersonline.com;viewpoint.target.com;weeklyad.target.com;www.partnersonline.com;www.roundel.com;www.target.com;www.targetopenhouse.com;", + "ssl_cert_serial_number": "0x012ede33fc9283773396e9b1ff995262", + "ssl_cert_signature_algorithm": "1.2.840.113549.1.1.11", + "ssl_cert_validity_before": "210928164609Z", + "ssl_cert_validity_after": "221030164608Z", + "ssl_cert_algorithm_identifier": "1.2.840.113549.1.1.11", + "name": "SSL_RESULT_12" + }, { + "Tuple4": "192.168.50.52.17433>3.217.136.163.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "idx.liadm.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "ssl_server_version": "TLS1.2", + "ssl_ja3s_hash": "303951d4c50efb2e991652225a6f02b1", + "name": "SSL_RESULT_13" + }, { + "Tuple4": "192.168.50.52.17437>3.217.136.163.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "idx.liadm.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "ssl_server_version": "TLS1.2", + "ssl_ja3s_hash": "303951d4c50efb2e991652225a6f02b1", + "name": "SSL_RESULT_14" + }, { + "Tuple4": "192.168.50.52.17544>142.250.207.74.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "content-autofill.googleapis.com", + "ssl_ja3_hash": "598872011444709307b861ae817a4b60", + "ssl_esni": 0, + "ssl_ech": 0, + "ssl_server_version": "TLS1.2", + "ssl_ja3s_hash": "2b0648ab686ee45e0e7c35fcfb0eea7e", + "name": "SSL_RESULT_15" + }, { + "Tuple4": "192.168.50.57.54160>39.105.29.36.443", + "name": "SSL_RESULT_16" + }, { + "Tuple4": "192.168.50.57.54162>39.105.29.36.443", + "name": "SSL_RESULT_17" + }, { + "Tuple4": "192.168.50.33.51933>54.230.21.91.443", + "name": "SSL_RESULT_18" + }, { + "Tuple4": "192.168.50.52.17312>142.250.66.99.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "www.gstatic.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "ssl_server_version": "TLS1.2", + "ssl_ja3s_hash": "eb1d94daa7e0344597e756a1fb6e7054", + "name": "SSL_RESULT_19" + }, { + "Tuple4": "192.168.50.52.17313>142.250.66.99.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "www.gstatic.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "ssl_server_version": "TLS1.2", + "ssl_ja3s_hash": "eb1d94daa7e0344597e756a1fb6e7054", + "name": "SSL_RESULT_20" + }, { + "Tuple4": "192.168.50.33.50714>142.250.66.134.443", + "name": "SSL_RESULT_21" + }, { + "Tuple4": "192.168.50.33.63477>142.250.66.78.443", + "name": "SSL_RESULT_22" + }, { + "Tuple4": "192.168.50.33.64967>54.230.21.91.443", + "name": "SSL_RESULT_23" + }, { + "Tuple4": "192.168.50.33.58291>220.181.174.230.443", + "name": "SSL_RESULT_24" + }, { + "Tuple4": "192.168.50.33.50525>172.217.27.35.443", + "name": "SSL_RESULT_25" + }, { + "Tuple4": "192.168.50.33.56708>142.250.204.36.443", + "name": "SSL_RESULT_26" + }, { + "Tuple4": "192.168.50.33.55558>142.250.66.99.443", + "name": "SSL_RESULT_27" + }, { + "Tuple4": "192.168.50.33.65240>142.250.204.86.443", + "name": "SSL_RESULT_28" + }, { + "Tuple4": "192.168.50.33.57554>142.250.204.65.443", + "name": "SSL_RESULT_29" + }, { + "Tuple4": "192.168.50.33.65100>142.250.207.74.443", + "name": "SSL_RESULT_30" + }, { + "Tuple4": "192.168.50.33.54638>142.250.204.110.443", + "name": "SSL_RESULT_31" + }, { + "Tuple4": "192.168.50.52.17330>151.101.194.187.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "www.target.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_32" + }, { + "Tuple4": "192.168.50.52.17332>151.101.194.187.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "www.target.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_33" + }, { + "Tuple4": "192.168.50.52.17331>151.101.194.187.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "www.target.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_34" + }, { + "Tuple4": "192.168.50.52.17335>151.101.194.187.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "www.target.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_35" + }, { + "Tuple4": "192.168.50.52.17337>151.101.194.187.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "www.target.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_36" + }, { + "Tuple4": "192.168.50.52.17336>151.101.194.187.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "www.target.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_37" + }, { + "Tuple4": "192.168.50.52.17339>151.101.194.187.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "www.target.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_38" + }, { + "Tuple4": "192.168.50.52.17340>151.101.194.187.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "www.target.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_39" + }, { + "Tuple4": "192.168.50.52.17356>151.101.194.187.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "www.target.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_40" + }, { + "Tuple4": "192.168.50.52.17357>151.101.194.187.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "www.target.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_41" + }, { + "Tuple4": "192.168.50.52.17358>151.101.194.187.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "www.target.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_42" + }, { + "Tuple4": "192.168.50.52.17359>151.101.194.187.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "www.target.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_43" + }, { + "Tuple4": "192.168.50.52.17367>151.101.194.187.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "www.target.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_44" + }, { + "Tuple4": "192.168.50.52.17368>151.101.194.187.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "www.target.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_45" + }, { + "Tuple4": "192.168.50.52.17370>151.101.194.187.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "www.target.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_46" + }, { + "Tuple4": "192.168.50.52.17369>151.101.194.187.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "www.target.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_47" + }, { + "Tuple4": "192.168.50.52.17378>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_48" + }, { + "Tuple4": "192.168.50.52.17379>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_49" + }, { + "Tuple4": "192.168.50.52.17383>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_50" + }, { + "Tuple4": "192.168.50.52.17382>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_51" + }, { + "Tuple4": "192.168.50.52.17385>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_52" + }, { + "Tuple4": "192.168.50.52.17389>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_53" + }, { + "Tuple4": "192.168.50.52.17387>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_54" + }, { + "Tuple4": "192.168.50.52.17386>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_55" + }, { + "Tuple4": "192.168.50.52.17390>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_56" + }, { + "Tuple4": "192.168.50.52.17391>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_57" + }, { + "Tuple4": "192.168.50.52.17392>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_58" + }, { + "Tuple4": "192.168.50.52.17395>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_59" + }, { + "Tuple4": "192.168.50.52.17393>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_60" + }, { + "Tuple4": "192.168.50.52.17396>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_61" + }, { + "Tuple4": "192.168.50.52.17394>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_62" + }, { + "Tuple4": "192.168.50.52.17397>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_63" + }, { + "Tuple4": "192.168.50.52.17398>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_64" + }, { + "Tuple4": "192.168.50.52.17403>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_65" + }, { + "Tuple4": "192.168.50.52.17402>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_66" + }, { + "Tuple4": "192.168.50.52.17405>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_67" + }, { + "Tuple4": "192.168.50.52.17404>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_68" + }, { + "Tuple4": "192.168.50.52.17406>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_69" + }, { + "Tuple4": "192.168.50.52.17407>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_70" + }, { + "Tuple4": "192.168.50.52.17409>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_71" + }, { + "Tuple4": "192.168.50.52.17408>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_72" + }, { + "Tuple4": "192.168.50.52.17413>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_73" + }, { + "Tuple4": "192.168.50.52.17412>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_74" + }, { + "Tuple4": "192.168.50.52.17415>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_75" + }, { + "Tuple4": "192.168.50.52.17416>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_76" + }, { + "Tuple4": "192.168.50.52.17421>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_77" + }, { + "Tuple4": "192.168.50.52.17420>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_78" + }, { + "Tuple4": "192.168.50.52.17422>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_79" + }, { + "Tuple4": "192.168.50.52.17423>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_80" + }, { + "Tuple4": "192.168.50.52.17424>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_81" + }, { + "Tuple4": "192.168.50.52.17429>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_82" + }, { + "Tuple4": "192.168.50.52.17430>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_83" + }, { + "Tuple4": "192.168.50.52.17380>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_84" + }, { + "Tuple4": "192.168.50.52.17438>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_85" + }, { + "Tuple4": "192.168.50.52.17388>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_86" + }, { + "Tuple4": "192.168.50.52.17439>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_87" + }, { + "Tuple4": "192.168.50.52.17401>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_88" + }, { + "Tuple4": "192.168.50.52.17400>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_89" + }, { + "Tuple4": "192.168.50.52.17440>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_90" + }, { + "Tuple4": "192.168.50.52.17442>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_91" + }, { + "Tuple4": "192.168.50.52.17443>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_92" + }, { + "Tuple4": "192.168.50.52.17441>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_93" + }, { + "Tuple4": "192.168.50.52.17410>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_94" + }, { + "Tuple4": "192.168.50.52.17444>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_95" + }, { + "Tuple4": "192.168.50.52.17445>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_96" + }, { + "Tuple4": "192.168.50.52.17419>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_97" + }, { + "Tuple4": "192.168.50.52.17417>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_98" + }, { + "Tuple4": "192.168.50.52.17414>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_99" + }, { + "Tuple4": "192.168.50.52.17411>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_100" + }, { + "Tuple4": "192.168.50.52.17448>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_101" + }, { + "Tuple4": "192.168.50.52.17449>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_102" + }, { + "Tuple4": "192.168.50.52.17451>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_103" + }, { + "Tuple4": "192.168.50.52.17452>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_104" + }, { + "Tuple4": "192.168.50.52.17453>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_105" + }, { + "Tuple4": "192.168.50.52.17454>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_106" + }, { + "Tuple4": "192.168.50.52.17455>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_107" + }, { + "Tuple4": "192.168.50.52.17425>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_108" + }, { + "Tuple4": "192.168.50.52.17426>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_109" + }, { + "Tuple4": "192.168.50.52.17456>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_110" + }, { + "Tuple4": "192.168.50.52.17457>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_111" + }, { + "Tuple4": "192.168.50.52.17458>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_112" + }, { + "Tuple4": "192.168.50.52.17459>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_113" + }, { + "Tuple4": "192.168.50.52.17428>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_114" + }, { + "Tuple4": "192.168.50.52.17460>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_115" + }, { + "Tuple4": "192.168.50.52.17461>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_116" + }, { + "Tuple4": "192.168.50.52.17462>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_117" + }, { + "Tuple4": "192.168.50.52.17464>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_118" + }, { + "Tuple4": "192.168.50.52.17463>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_119" + }, { + "Tuple4": "192.168.50.52.17466>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_120" + }, { + "Tuple4": "192.168.50.52.17465>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_121" + }, { + "Tuple4": "192.168.50.52.17468>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_122" + }, { + "Tuple4": "192.168.50.52.17431>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_123" + }, { + "Tuple4": "192.168.50.52.17469>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_124" + }, { + "Tuple4": "192.168.50.52.17470>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_125" + }, { + "Tuple4": "192.168.50.52.17473>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_126" + }, { + "Tuple4": "192.168.50.52.17474>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_127" + }, { + "Tuple4": "192.168.50.52.17471>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_128" + }, { + "Tuple4": "192.168.50.52.17472>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_129" + }, { + "Tuple4": "192.168.50.52.17475>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_130" + }, { + "Tuple4": "192.168.50.52.17476>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_131" + }, { + "Tuple4": "192.168.50.52.17477>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_132" + }, { + "Tuple4": "192.168.50.52.17481>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_133" + }, { + "Tuple4": "192.168.50.52.17479>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_134" + }, { + "Tuple4": "192.168.50.52.17483>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_135" + }, { + "Tuple4": "192.168.50.52.17484>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_136" + }, { + "Tuple4": "192.168.50.52.17485>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_137" + }, { + "Tuple4": "192.168.50.52.17486>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_138" + }, { + "Tuple4": "192.168.50.52.17487>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_139" + }, { + "Tuple4": "192.168.50.52.17488>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_140" + }, { + "Tuple4": "192.168.50.52.17490>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_141" + }, { + "Tuple4": "192.168.50.52.17491>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_142" + }, { + "Tuple4": "192.168.50.52.17492>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_143" + }, { + "Tuple4": "192.168.50.52.17493>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_144" + }, { + "Tuple4": "192.168.50.52.17494>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_145" + }, { + "Tuple4": "192.168.50.52.17495>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_146" + }, { + "Tuple4": "192.168.50.52.17496>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_147" + }, { + "Tuple4": "192.168.50.52.17497>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_148" + }, { + "Tuple4": "192.168.50.52.17498>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_149" + }, { + "Tuple4": "192.168.50.52.17499>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_150" + }, { + "Tuple4": "192.168.50.52.17500>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_151" + }, { + "Tuple4": "192.168.50.52.17501>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_152" + }, { + "Tuple4": "192.168.50.52.17502>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_153" + }, { + "Tuple4": "192.168.50.52.17503>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_154" + }, { + "Tuple4": "192.168.50.52.17504>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_155" + }, { + "Tuple4": "192.168.50.52.17505>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_156" + }, { + "Tuple4": "192.168.50.52.17506>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_157" + }, { + "Tuple4": "192.168.50.52.17507>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_158" + }, { + "Tuple4": "192.168.50.52.17508>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_159" + }, { + "Tuple4": "192.168.50.52.17509>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_160" + }, { + "Tuple4": "192.168.50.52.17511>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_161" + }, { + "Tuple4": "192.168.50.52.17510>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_162" + }, { + "Tuple4": "192.168.50.52.17512>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_163" + }, { + "Tuple4": "192.168.50.52.17513>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_164" + }, { + "Tuple4": "192.168.50.52.17514>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_165" + }, { + "Tuple4": "192.168.50.52.17515>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_166" + }, { + "Tuple4": "192.168.50.52.17516>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_167" + }, { + "Tuple4": "192.168.50.52.17519>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_168" + }, { + "Tuple4": "192.168.50.52.17518>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_169" + }, { + "Tuple4": "192.168.50.52.17520>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_170" + }, { + "Tuple4": "192.168.50.52.17521>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_171" + }, { + "Tuple4": "192.168.50.52.17522>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_172" + }, { + "Tuple4": "192.168.50.52.17523>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_173" + }, { + "Tuple4": "192.168.50.52.17524>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_174" + }, { + "Tuple4": "192.168.50.52.17526>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_175" + }, { + "Tuple4": "192.168.50.52.17525>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_176" + }, { + "Tuple4": "192.168.50.52.17527>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_177" + }, { + "Tuple4": "192.168.50.52.17528>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_178" + }, { + "Tuple4": "192.168.50.52.17529>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_179" + }, { + "Tuple4": "192.168.50.52.17530>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_180" + }, { + "Tuple4": "192.168.50.52.17446>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_181" + }, { + "Tuple4": "192.168.50.52.17418>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_182" + }, { + "Tuple4": "192.168.50.52.17447>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_183" + }, { + "Tuple4": "192.168.50.52.17531>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_184" + }, { + "Tuple4": "192.168.50.52.17450>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_185" + }, { + "Tuple4": "192.168.50.52.17532>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_186" + }, { + "Tuple4": "192.168.50.52.17533>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_187" + }, { + "Tuple4": "192.168.50.52.17480>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_188" + }, { + "Tuple4": "192.168.50.52.17478>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_189" + }, { + "Tuple4": "192.168.50.52.17482>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_190" + }, { + "Tuple4": "192.168.50.52.17534>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_191" + }, { + "Tuple4": "192.168.50.52.17536>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_192" + }, { + "Tuple4": "192.168.50.52.17517>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_193" + }, { + "Tuple4": "192.168.50.52.17540>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_194" + }, { + "Tuple4": "192.168.50.52.17399>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_195" + }, { + "Tuple4": "192.168.50.52.17541>23.57.112.179.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "target.scene7.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_196" + }, { + "Tuple4": "192.168.50.52.17535>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_197" + }, { + "Tuple4": "192.168.50.52.17542>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_198" + }, { + "Tuple4": "192.168.50.52.17543>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_199" + }, { + "Tuple4": "192.168.50.52.17545>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_200" + }, { + "Tuple4": "192.168.50.52.17546>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_201" + }, { + "Tuple4": "192.168.50.52.17547>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_202" + }, { + "Tuple4": "192.168.50.52.17548>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_203" + }, { + "Tuple4": "192.168.50.52.17549>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_204" + }, { + "Tuple4": "192.168.50.52.17550>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_205" + }, { + "Tuple4": "192.168.50.52.17551>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_206" + }, { + "Tuple4": "192.168.50.52.17552>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_207" + }, { + "Tuple4": "192.168.50.52.17554>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_208" + }, { + "Tuple4": "192.168.50.52.17553>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_209" + }, { + "Tuple4": "192.168.50.52.17555>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_210" + }, { + "Tuple4": "192.168.50.52.17559>151.101.130.180.443", + "ssl_client_version": "TLS1.2", + "ssl_sni": "assets.targetimg1.com", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_esni": 0, + "ssl_ech": 0, + "name": "SSL_RESULT_211" + }, { + "Tuple4": "192.168.50.33.57414>142.250.66.42.443", + "name": "SSL_RESULT_212" + }, { + "Tuple4": "192.168.50.33.60652>142.250.66.99.443", + "name": "SSL_RESULT_213" + }, { + "Tuple4": "192.168.50.33.63347>142.250.66.131.443", + "name": "SSL_RESULT_214" + }] diff --git a/test/env/sapp-4.3.63.ea64461-1.el8.x86_64.rpm b/test/env/sapp-4.3.63.ea64461-1.el8.x86_64.rpm Binary files differnew file mode 100644 index 0000000..0134ca1 --- /dev/null +++ b/test/env/sapp-4.3.63.ea64461-1.el8.x86_64.rpm diff --git a/test/env/stellar-on-sapp-2.1.7.4e4f933-1.el8.x86_64.rpm b/test/env/stellar-on-sapp-2.1.7.4e4f933-1.el8.x86_64.rpm Binary files differnew file mode 100644 index 0000000..e3be348 --- /dev/null +++ b/test/env/stellar-on-sapp-2.1.7.4e4f933-1.el8.x86_64.rpm diff --git a/test/ssl_decoder_test.cpp b/test/ssl_decoder_test.cpp index 7a9fb23..3d46528 100644 --- a/test/ssl_decoder_test.cpp +++ b/test/ssl_decoder_test.cpp @@ -42,6 +42,11 @@ struct ssl_decoder_test_plugin_env extern "C" int commit_test_result_json(cJSON *node, const char *name); +int get_current_worker_thread_id() +{ + return 0; +} + void ssl_real_result_write_file(char *result_str) { FILE *fp=fopen("ssl_real_result.json", "a+"); @@ -67,17 +72,17 @@ void ssl_decoder_test_message_cb(struct session *ss, int topic_id, const void *m { case SSL_MESSAGE_CLIENT_HELLO: { - yyjson_mut_obj_add_str(per_ss_ctx->doc ,per_ss_ctx->ssl_object, "ssl_client_version", ssl_message_readable_version_get0(ssl_msg)); + yyjson_mut_obj_add_strcpy(per_ss_ctx->doc ,per_ss_ctx->ssl_object, "ssl_client_version", ssl_message_readable_version_get0(ssl_msg)); char *sni=NULL; size_t sni_sz=0; ssl_message_sni_get0(ssl_msg, &sni, &sni_sz); - yyjson_mut_obj_add_strn(per_ss_ctx->doc ,per_ss_ctx->ssl_object, "ssl_sni", sni, sni_sz); + yyjson_mut_obj_add_strncpy(per_ss_ctx->doc ,per_ss_ctx->ssl_object, "ssl_sni", sni, sni_sz); char *ja3=NULL; size_t ja3_sz=0; ssl_message_ja3hash_get0(ssl_msg, &ja3, &ja3_sz); - yyjson_mut_obj_add_strn(per_ss_ctx->doc ,per_ss_ctx->ssl_object, "ssl_ja3_hash", ja3, ja3_sz); + yyjson_mut_obj_add_strncpy(per_ss_ctx->doc ,per_ss_ctx->ssl_object, "ssl_ja3_hash", ja3, ja3_sz); int32_t esni_flag=ssl_message_esni_is_true(ssl_msg); yyjson_mut_obj_add_int(per_ss_ctx->doc ,per_ss_ctx->ssl_object, "ssl_esni", esni_flag); @@ -88,17 +93,172 @@ void ssl_decoder_test_message_cb(struct session *ss, int topic_id, const void *m break; case SSL_MESSAGE_SERVER_HELLO: { - yyjson_mut_obj_add_str(per_ss_ctx->doc ,per_ss_ctx->ssl_object, "ssl_server_version", ssl_message_readable_version_get0(ssl_msg)); + yyjson_mut_obj_add_strcpy(per_ss_ctx->doc ,per_ss_ctx->ssl_object, "ssl_server_version", ssl_message_readable_version_get0(ssl_msg)); char *ja3s=NULL; size_t ja3s_sz=0; ssl_message_ja3shash_get0(ssl_msg, &ja3s, &ja3s_sz); - yyjson_mut_obj_add_strn(per_ss_ctx->doc ,per_ss_ctx->ssl_object, "ssl_ja3s_hash", ja3s, ja3s_sz); + yyjson_mut_obj_add_strncpy(per_ss_ctx->doc ,per_ss_ctx->ssl_object, "ssl_ja3s_hash", ja3s, ja3s_sz); } break; case SSL_MESSAGE_CERTIFICATE: + { + enum ssl_certificate_type type=ssl_certificate_type_get(ssl_msg); + if(type!=SSL_CERTIFICATE_TYPE_INDIVIDUAL) + { + break; + } + + yyjson_mut_obj_add_strcpy(per_ss_ctx->doc ,per_ss_ctx->ssl_object, "ssl_cert_version", ssl_message_readable_version_get0(ssl_msg)); + + struct ssl_rdn_sequence *issuer=ssl_message_issuer_rdn_sequence_get0(ssl_msg); + if(issuer!=NULL) + { + size_t rdn_sequence_list_sz=0; + char *rdn_sequence_list=NULL; + ssl_rdn_sequence_list_get0(issuer, &rdn_sequence_list, &rdn_sequence_list_sz); + yyjson_mut_obj_add_strncpy(per_ss_ctx->doc ,per_ss_ctx->ssl_object, "ssl_cert_issuer", rdn_sequence_list, rdn_sequence_list_sz); + + size_t common_sz=0; + char *common=NULL; + ssl_rdn_sequence_common_get0(issuer, &common, &common_sz); + yyjson_mut_obj_add_strncpy(per_ss_ctx->doc ,per_ss_ctx->ssl_object, "ssl_cert_issuer_common", common, common_sz); + + size_t organization_sz=0; + char *organization=NULL; + ssl_rdn_sequence_organization_get0(issuer, &organization, &organization_sz); + yyjson_mut_obj_add_strncpy(per_ss_ctx->doc ,per_ss_ctx->ssl_object, "ssl_cert_issuer_organization", organization, organization_sz); + + size_t country_sz=0; + char *country=NULL; + ssl_rdn_sequence_country_get0(issuer, &country, &country_sz); + yyjson_mut_obj_add_strncpy(per_ss_ctx->doc ,per_ss_ctx->ssl_object, "ssl_cert_issuer_country", country, country_sz); + + size_t state_or_Province_sz=0; + char *state_or_Province=NULL; + ssl_rdn_sequence_state_or_province_get0(issuer, &state_or_Province, &state_or_Province_sz); + yyjson_mut_obj_add_strncpy(per_ss_ctx->doc ,per_ss_ctx->ssl_object, "ssl_cert_issuer_state_or_Province", state_or_Province, state_or_Province_sz); + + size_t locality_sz=0; + char *locality=NULL; + ssl_rdn_sequence_locality_get0(issuer, &locality, &locality_sz); + yyjson_mut_obj_add_strncpy(per_ss_ctx->doc ,per_ss_ctx->ssl_object, "ssl_cert_issuer_locality", locality, locality_sz); + + size_t street_address_sz=0; + char *street_address=NULL; + ssl_rdn_sequence_street_address_get0(issuer, &street_address, &street_address_sz); + yyjson_mut_obj_add_strncpy(per_ss_ctx->doc ,per_ss_ctx->ssl_object, "ssl_cert_issuer_street_address", street_address, street_address_sz); + + size_t organizational_unit_sz=0; + char *organizational_unit=NULL; + ssl_rdn_sequence_organizational_unit_get0(issuer, &organizational_unit, &organizational_unit_sz); + yyjson_mut_obj_add_strncpy(per_ss_ctx->doc ,per_ss_ctx->ssl_object, "ssl_cert_issuer_organizational_unit", organizational_unit, organizational_unit_sz); + } + + struct ssl_rdn_sequence *subject=ssl_message_subject_rdn_sequence_get0(ssl_msg); + if(subject!=NULL) + { + size_t rdn_sequence_list_sz=0; + char *rdn_sequence_list=NULL; + ssl_rdn_sequence_list_get0(subject, &rdn_sequence_list, &rdn_sequence_list_sz); + yyjson_mut_obj_add_strncpy(per_ss_ctx->doc ,per_ss_ctx->ssl_object, "ssl_cert_subject", rdn_sequence_list, rdn_sequence_list_sz); + + size_t common_sz=0; + char *common=NULL; + ssl_rdn_sequence_common_get0(subject, &common, &common_sz); + yyjson_mut_obj_add_strncpy(per_ss_ctx->doc ,per_ss_ctx->ssl_object, "ssl_cert_subject_common", common, common_sz); + + size_t organization_sz=0; + char *organization=NULL; + ssl_rdn_sequence_organization_get0(subject, &organization, &organization_sz); + yyjson_mut_obj_add_strncpy(per_ss_ctx->doc ,per_ss_ctx->ssl_object, "ssl_cert_subject_organization", organization, organization_sz); + + size_t country_sz=0; + char *country=NULL; + ssl_rdn_sequence_country_get0(subject, &country, &country_sz); + yyjson_mut_obj_add_strncpy(per_ss_ctx->doc ,per_ss_ctx->ssl_object, "ssl_cert_subject_country", country, country_sz); + + size_t state_or_Province_sz=0; + char *state_or_Province=NULL; + ssl_rdn_sequence_state_or_province_get0(subject, &state_or_Province, &state_or_Province_sz); + yyjson_mut_obj_add_strncpy(per_ss_ctx->doc ,per_ss_ctx->ssl_object, "ssl_cert_subject_state_or_Province", state_or_Province, state_or_Province_sz); + + size_t locality_sz=0; + char *locality=NULL; + ssl_rdn_sequence_locality_get0(subject, &locality, &locality_sz); + yyjson_mut_obj_add_strncpy(per_ss_ctx->doc ,per_ss_ctx->ssl_object, "ssl_cert_subject_locality", locality, locality_sz); + + size_t street_address_sz=0; + char *street_address=NULL; + ssl_rdn_sequence_street_address_get0(subject, &street_address, &street_address_sz); + yyjson_mut_obj_add_strncpy(per_ss_ctx->doc ,per_ss_ctx->ssl_object, "ssl_cert_subject_street_address", street_address, street_address_sz); + + size_t organizational_unit_sz=0; + char *organizational_unit=NULL; + ssl_rdn_sequence_organizational_unit_get0(subject, &organizational_unit, &organizational_unit_sz); + yyjson_mut_obj_add_strncpy(per_ss_ctx->doc ,per_ss_ctx->ssl_object, "ssl_cert_subject_organizational_unit", organizational_unit, organizational_unit_sz); + } + + size_t subject_alt_name_sz=0; + char *subject_alt_name=NULL; + while(1) + { + size_t name_sz=0; + char *name=NULL; + ssl_message_subject_alter_next(ssl_msg, &name, &name_sz); + if(name_sz==0) + { + break; + } + + subject_alt_name=((subject_alt_name==NULL)) ? (char *)calloc(1, name_sz+1) : (char *)realloc(subject_alt_name, subject_alt_name_sz+name_sz+1); + memcpy(subject_alt_name+subject_alt_name_sz, name, name_sz); + subject_alt_name[subject_alt_name_sz+name_sz]=';'; + subject_alt_name_sz+=name_sz+1; + } + + ssl_message_reset_subject_alter_iter(ssl_msg); + yyjson_mut_obj_add_strncpy(per_ss_ctx->doc ,per_ss_ctx->ssl_object, "ssl_cert_subject_alt_name", subject_alt_name, subject_alt_name_sz); + + size_t serial_number_sz=0; + char *serial_number=NULL; + ssl_message_issuer_serial_number_get0(ssl_msg, &serial_number, &serial_number_sz); + if(serial_number_sz>0) + { + char *serialBuf=(char *)calloc(1, serial_number_sz*2+1+2); + size_t offset=snprintf(serialBuf, 3, "0x"); + for(size_t i=0; i<serial_number_sz; i++) + { + offset+=snprintf(serialBuf+offset, serial_number_sz*2+1+2-offset, "%02hhx", (unsigned char )(serial_number[i])); + } + + yyjson_mut_obj_add_strncpy(per_ss_ctx->doc ,per_ss_ctx->ssl_object, "ssl_cert_serial_number", serialBuf, offset); + free(serialBuf); + serialBuf=NULL; + } + + size_t signature_algorithm_sz=0; + char *signature_algorithm=NULL; + ssl_message_signature_algorithm_id_get0(ssl_msg, &signature_algorithm, &signature_algorithm_sz); + yyjson_mut_obj_add_strncpy(per_ss_ctx->doc ,per_ss_ctx->ssl_object, "ssl_cert_signature_algorithm", signature_algorithm, signature_algorithm_sz); + + size_t validity_before_sz=0; + char *validity_before=NULL; + ssl_message_validity_before_get0(ssl_msg, &validity_before, &validity_before_sz); + yyjson_mut_obj_add_strncpy(per_ss_ctx->doc ,per_ss_ctx->ssl_object, "ssl_cert_validity_before", validity_before, validity_before_sz); + + size_t validity_after_sz=0; + char *validity_after=NULL; + ssl_message_validity_after_get0(ssl_msg, &validity_after, &validity_after_sz); + yyjson_mut_obj_add_strncpy(per_ss_ctx->doc ,per_ss_ctx->ssl_object, "ssl_cert_validity_after", validity_after, validity_after_sz); + + size_t algorithm_identifier_sz=0; + char *algorithm_identifier=NULL; + ssl_message_algorithm_identifier_get0(ssl_msg, &algorithm_identifier, &algorithm_identifier_sz); + yyjson_mut_obj_add_strncpy(per_ss_ctx->doc ,per_ss_ctx->ssl_object, "ssl_cert_algorithm_identifier", algorithm_identifier, algorithm_identifier_sz); + } break; - case SSL_PROTECTED_PAYLOAD: + case SSL_MESSAGE_ENCRYPTED_APPLICATION: break; default: break; @@ -111,6 +271,9 @@ void *ssl_decoder_test_per_session_context_new(struct session *ss, void *plugin_ per_ss_ctx->doc=yyjson_mut_doc_new(0); per_ss_ctx->ssl_object=yyjson_mut_obj(per_ss_ctx->doc); + // add Tuple + yyjson_mut_obj_add_strcpy(per_ss_ctx->doc ,per_ss_ctx->ssl_object, "Tuple4", session_get0_readable_addr(ss)); + return (void *)per_ss_ctx; } @@ -127,10 +290,18 @@ void ssl_decoder_test_per_session_context_free(struct session *ss, void *per_ses char *json_str=yyjson_mut_write(per_ss_ctx->doc, 0, 0); yyjson_mut_doc_free(per_ss_ctx->doc); - char result_name[16]=""; - sprintf(result_name, "SSL_RESULT_%d", plugin_env->result_index++); - cJSON *real_result=cJSON_Parse(json_str); - commit_test_result_json(real_result, result_name); + if(plugin_env->commit_result_enable==1) + { + char result_name[16]=""; + sprintf(result_name, "SSL_RESULT_%d", plugin_env->result_index++); + cJSON *real_result=cJSON_Parse(json_str); + + commit_test_result_json(real_result, result_name); + } + else + { + printf("%s\n", json_str); + } free(json_str); free(per_ss_ctx); |