diff options
Diffstat (limited to 'test')
24 files changed, 2407 insertions, 104 deletions
diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt index 2637478..97845cd 100644 --- a/test/CMakeLists.txt +++ b/test/CMakeLists.txt @@ -4,7 +4,7 @@ aux_source_directory(${PROJECT_SOURCE_DIR}/deps/yyjson DEPS_SRC) add_library(${PROJECT_NAME}_test_plug SHARED ssl_decoder_test.cpp ${DEPS_SRC}) add_dependencies(${PROJECT_NAME}_test_plug ${PROJECT_NAME}) -target_link_libraries(${PROJECT_NAME}_test_plug cjson) +target_link_libraries(${PROJECT_NAME}_test_plug cjson -Wl,--no-whole-archive openssl-crypto-static -Wl,--no-whole-archive openssl-ssl-static) set_target_properties(${PROJECT_NAME}_test_plug PROPERTIES PREFIX "") add_executable(ssl_decoder_perf_test @@ -12,9 +12,10 @@ add_executable(ssl_decoder_perf_test ssl_decoder_perf_dummy.cpp ${DEPS_SRC} ssl_decoder_test.cpp ${PROJECT_SOURCE_DIR}/src/ssl_decoder.cpp + ${PROJECT_SOURCE_DIR}/src/ssl_export.cpp ) -target_link_libraries(ssl_decoder_perf_test fieldstat4 pthread cjson -Wl,--no-whole-archive openssl-crypto-static -Wl,--no-whole-archive openssl-ssl-static) +target_link_libraries(ssl_decoder_perf_test fieldstat4 pthread cjson -Wl,--no-whole-archive openssl-crypto-static -Wl,--no-whole-archive openssl-ssl-static -ldl) set(TEST_RUN_DIR ${CMAKE_CURRENT_BINARY_DIR}/sapp) set(TEST_MAIN ${TEST_RUN_DIR}/plugin_test_main) @@ -47,46 +48,27 @@ add_test(NAME UPDATE_TEST_SO COMMAND sh -c "cp ${CMAKE_CURRENT_BINARY_DIR}/${PRO add_test(NAME MKDIR_PLUG_CONF COMMAND sh -c "mkdir -p ${TEST_RUN_DIR}/etc/ssl/") add_test(NAME UPDATE_PLUG_CONF COMMAND sh -c "cp ${PROJECT_SOURCE_DIR}/bin/${PROJECT_NAME}.toml ${TEST_RUN_DIR}/etc/ssl/${PROJECT_NAME}.toml") -# set_tests_properties(INSTALL_TEST_MAIN INSTALL_STELLAR UPDATE_SAPP_LOG COPY_CONFLIST COPY_INF COPY_TEST_MAIN COPY_SPEC UPDATE_PLUG_SO UPDATE_TEST_SO MKDIR_PLUG_CONF UPDATE_PLUG_CONF PROPERTIES FIXTURES_SETUP TestFixture) +set_tests_properties(INSTALL_TEST_MAIN INSTALL_STELLAR UPDATE_SAPP_LOG COPY_CONFLIST COPY_INF COPY_TEST_MAIN COPY_SPEC UPDATE_PLUG_SO UPDATE_TEST_SO MKDIR_PLUG_CONF UPDATE_PLUG_CONF PROPERTIES FIXTURES_SETUP TestFixture) # # run tests -# add_test(NAME MKDIR_METRICS COMMAND sh -c "mkdir -p ${TEST_RUN_DIR}/metrics/") -# add_test(NAME ssl_QUERY COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/query/query_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/query/ -name *.pcap|sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR}) -# add_test(NAME ssl_CNAME COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/cname/cname_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/cname/ -name *.pcap|sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR}) -# add_test(NAME ssl_NSEC_RR COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/nsec/nsec_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/nsec/ -name *.pcap|sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR}) -# add_test(NAME ssl_NSEC_10_1_RR COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/nsec_10_1/nsec_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/nsec_10_1/ -name *.pcap|sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR}) -# add_test(NAME ssl_NSEC3_RR COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/nsec3/nsec3_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/nsec3/ -name *.pcap|sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR}) -# add_test(NAME ssl_PTR COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/ptr/ptr_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/ptr/ -name *.pcap|sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR}) -# add_test(NAME ssl_SRV COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/srv/srv_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/srv/ -name *.pcap|sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR}) -# add_test(NAME ssl_TXT COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/txt/txt_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/txt/ -name *.pcap|sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR}) -# add_test(NAME ssl_HTTPS COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/https/https_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/https/ -name *.pcap|sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR}) -# add_test(NAME ssl_CERT1 COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/cernet1/cernet1_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/cernet1/ -name *.pcap|sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR}) -# add_test(NAME ssl_CERT2 COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/cernet2/cernet2_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/cernet2/ -name *.pcap|sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR}) -# add_test(NAME ssl_SEC COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/sslsec/sslsec_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/sslsec/ -name *.pcap|sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR}) -# add_test(NAME ssl_TCP_MULTI_TRANSCATION COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/multi_transcation/multi_transcation_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/multi_transcation/ -name *.pcap|sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR}) -# add_test(NAME ssl_TCP_MULTI_PKT_TRANS_2BYTES COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/multi_pkt_trans_2bytes/multi_pkt_trans_2bytes_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/multi_pkt_trans_2bytes/ -name *.pcap|sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR}) -# add_test(NAME ssl_TCP_LOST_PKT COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/tcp_lost_pkt/lost_pkt_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/tcp_lost_pkt/ -name *.pcap|sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR}) -# add_test(NAME ssl_MULTI_SESSION COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/multi_session/multi_session_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/multi_session/ -name *.pcap|sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR}) -# add_test(NAME ssl_NS_NSEC3_RRSIG_A_OPT COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/ns_nsec3_rrsig_a_opt/ns_nsec3_rrsig_a_opt_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/ns_nsec3_rrsig_a_opt/ -name *.pcap|sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR}) -# add_test(NAME ssl_PORT5353 COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/port5353/port5353_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/port5353/ -name *.pcap|sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR}) +add_test(NAME RUN_SSL_TEST COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/ssl/ssl_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/ssl -name '*.pcap' | sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR}) +add_test(NAME RUN_E21_BUG_E21_TEST COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/e21/ssl_e21_target_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/e21/ -name '*.pcap' | sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR}) +add_test(NAME RUN_E21_BUG_XXG_TEST COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/xxg/ssl_xxg_target_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/xxg/ -name '*.pcap' | sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR}) +add_test(NAME RUN_BUG_TEST COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/bug/ssl_bug_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/bug/ -name '*.pcap' | sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR}) +add_test(NAME RUN_MULTIPLE_HANDSHAKE_TEST COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/multiple_handshake/ssl_multiple_handshake_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/multiple_handshake/ -name '*.pcap' | sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR}) +add_test(NAME RUN_CLOSE_CONTAINS_PAYLOAD_TEST COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/close_contains_payload/ssl_close_contains_payload_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/close_contains_payload/ -name '*.pcap' | sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR}) +add_test(NAME RUN_EXTENSION_EXCEED_16 COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/extensions_exceed_16/extensions_exceed_16_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/extensions_exceed_16/ -name '*.pcap' | sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR}) +add_test(NAME RUN_CLIENT_HELLO_FRAGMENT COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/client_hello_fragment/ssl_client_hello_fragment_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/client_hello_fragment/ -name '*.pcap' | sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR}) +add_test(NAME RUN_ACK_CONTAINS_PAYLOAD COMMAND ${TEST_MAIN} ${CMAKE_CURRENT_SOURCE_DIR}/case/tcp_ack_contians_payload/ssl_tcp_ack_contians_payload_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/case/tcp_ack_contians_payload/ -name '*.pcap' | sort -V" WORKING_DIRECTORY ${TEST_RUN_DIR}) -# set_tests_properties(ssl_QUERY -# ssl_CNAME -# ssl_NSEC_RR -# ssl_NSEC_10_1_RR -# ssl_NSEC3_RR -# ssl_PTR -# ssl_SRV -# ssl_TXT -# ssl_HTTPS -# ssl_CERT1 -# ssl_CERT2 -# ssl_SEC -# ssl_TCP_MULTI_TRANSCATION -# ssl_TCP_MULTI_PKT_TRANS_2BYTES -# ssl_TCP_LOST_PKT -# ssl_MULTI_SESSION -# ssl_NS_NSEC3_RRSIG_A_OPT -# ssl_PORT5353 -# PROPERTIES FIXTURES_REQUIRED TestFixture -# )
\ No newline at end of file +set_tests_properties(RUN_SSL_TEST + RUN_E21_BUG_E21_TEST + RUN_E21_BUG_XXG_TEST + RUN_BUG_TEST + RUN_MULTIPLE_HANDSHAKE_TEST + RUN_CLOSE_CONTAINS_PAYLOAD_TEST + RUN_EXTENSION_EXCEED_16 + RUN_CLIENT_HELLO_FRAGMENT + RUN_ACK_CONTAINS_PAYLOAD + PROPERTIES FIXTURES_REQUIRED TestFixture + )
\ No newline at end of file diff --git a/test/case/bug/1-ssl-192.168.50.52.17434.15.197.193.217.443.pcap b/test/case/bug/1-ssl-192.168.50.52.17434.15.197.193.217.443.pcap Binary files differnew file mode 100644 index 0000000..56a1224 --- /dev/null +++ b/test/case/bug/1-ssl-192.168.50.52.17434.15.197.193.217.443.pcap diff --git a/test/case/bug/ssl_bug_result.json b/test/case/bug/ssl_bug_result.json new file mode 100644 index 0000000..75cec24 --- /dev/null +++ b/test/case/bug/ssl_bug_result.json @@ -0,0 +1,23 @@ +[ + { + "Tuple4": "192.168.50.52.17434>15.197.193.217.443", + "ssl_sni": "match.adsrvr.org", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_ja3s_hash": "8d2a028aa94425f76ced7826b1f39039", + "ssl_cert_version": "v3", + "ssl_cert_Issuer": "GlobalSign GCC R3 DV TLS CA 2020;GlobalSign nv-sa;;;;;BE", + "ssl_cert_IssuerCN": "GlobalSign GCC R3 DV TLS CA 2020", + "ssl_cert_IssuerO": "GlobalSign nv-sa", + "ssl_cert_IssuerC": "BE", + "ssl_cert_Sub": "*.adsrvr.org;;;;;;", + "ssl_cert_SubCN": "*.adsrvr.org", + "ssl_cert_SubAltName": "*.adsrvr.org;adsrvr.org", + "ssl_cert_SerialNum": "0x2ddaa6f359d4ce458fe983f1", + "ssl_cert_AgID": "1.2.840.113549.1.1.11", + "ssl_cert_From": "220331203750Z", + "ssl_cert_To": "230502203749Z", + "ssl_cert_SSLFPAg": "1.2.840.113549.1.1.11", + "name": "SSL_RESULT_1" + } +]
\ No newline at end of file diff --git a/test/case/client_hello_fragment/1-ssl.client.hello.fragment.192.168.56.31.53868.74.118.186.107.443.pcap b/test/case/client_hello_fragment/1-ssl.client.hello.fragment.192.168.56.31.53868.74.118.186.107.443.pcap Binary files differnew file mode 100644 index 0000000..8e0001c --- /dev/null +++ b/test/case/client_hello_fragment/1-ssl.client.hello.fragment.192.168.56.31.53868.74.118.186.107.443.pcap diff --git a/test/case/client_hello_fragment/2-sni.client.hello.fragment.192.168.58.17.49218-23.216.55.29.443.pcap b/test/case/client_hello_fragment/2-sni.client.hello.fragment.192.168.58.17.49218-23.216.55.29.443.pcap Binary files differnew file mode 100644 index 0000000..6782478 --- /dev/null +++ b/test/case/client_hello_fragment/2-sni.client.hello.fragment.192.168.58.17.49218-23.216.55.29.443.pcap diff --git a/test/case/client_hello_fragment/3-ssl.client.hello.fragment.36.251.161.167.39777-143.92.57.79.443.pcap b/test/case/client_hello_fragment/3-ssl.client.hello.fragment.36.251.161.167.39777-143.92.57.79.443.pcap Binary files differnew file mode 100644 index 0000000..f81b4fe --- /dev/null +++ b/test/case/client_hello_fragment/3-ssl.client.hello.fragment.36.251.161.167.39777-143.92.57.79.443.pcap diff --git a/test/case/client_hello_fragment/ssl_client_hello_fragment_result.json b/test/case/client_hello_fragment/ssl_client_hello_fragment_result.json new file mode 100644 index 0000000..b392285 --- /dev/null +++ b/test/case/client_hello_fragment/ssl_client_hello_fragment_result.json @@ -0,0 +1,58 @@ +[ + { + "Tuple4": "192.168.56.31.53868>74.118.186.107.443", + "ssl_sni": "sync.targeting.unrulymedia.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "bc93a67ef4492974195865dc0262e65e", + "ssl_ja3s_hash": "b898351eb5e266aefd3723d466935494", + "ssl_cert_version": "v3", + "ssl_cert_Issuer": "Sectigo RSA Domain Validation Secure Server CA;Sectigo Limited;;Salford;;Greater Manchester;GB", + "ssl_cert_IssuerCN": "Sectigo RSA Domain Validation Secure Server CA", + "ssl_cert_IssuerO": "Sectigo Limited", + "ssl_cert_IssuerC": "GB", + "ssl_cert_IssuerP": "Greater Manchester", + "ssl_cert_IssuerL": "Salford", + "ssl_cert_Sub": "*.targeting.unrulymedia.com;;;;;;", + "ssl_cert_SubCN": "*.targeting.unrulymedia.com", + "ssl_cert_SubAltName": "*.targeting.unrulymedia.com;targeting.unrulymedia.com", + "ssl_cert_SerialNum": "0x888d5e51787e0f1f485dc542465d2034", + "ssl_cert_AgID": "1.2.840.113549.1.1.11", + "ssl_cert_From": "230510000000Z", + "ssl_cert_To": "240510235959Z", + "ssl_cert_SSLFPAg": "1.2.840.113549.1.1.11", + "name": "SSL_RESULT_1" + }, + { + "Tuple4": "192.168.58.17.49218>23.216.55.29.443", + "ssl_sni": "www.missionsports.org", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "a69708a64f853c3bcc214c2c5faf84f3", + "ssl_ja3s_hash": "10a2ad147a870ef37af153dea9fe4dd3", + "ssl_cert_version": "v3", + "ssl_cert_Issuer": "DigiCert TLS RSA SHA256 2020 CA1;DigiCert Inc;;;;;US", + "ssl_cert_IssuerCN": "DigiCert TLS RSA SHA256 2020 CA1", + "ssl_cert_IssuerO": "DigiCert Inc", + "ssl_cert_IssuerC": "US", + "ssl_cert_Sub": "a248.e.akamai.net;Akamai Technologies, Inc.;;Cambridge;;Massachusetts;US", + "ssl_cert_SubCN": "a248.e.akamai.net", + "ssl_cert_SubO": "Akamai Technologies, Inc.", + "ssl_cert_SubC": "US", + "ssl_cert_SubP": "Massachusetts", + "ssl_cert_SubL": "Cambridge", + "ssl_cert_SubAltName": "a248.e.akamai.net;*.akamaized.net;*.akamaized-staging.net;*.akamaihd.net;*.akamaihd-staging.net", + "ssl_cert_SerialNum": "0x0d61f7742d583251a2b8d5a26a1dda0b", + "ssl_cert_AgID": "1.2.840.113549.1.1.11", + "ssl_cert_From": "230516000000Z", + "ssl_cert_To": "240515235959Z", + "ssl_cert_SSLFPAg": "1.2.840.113549.1.1.11", + "name": "SSL_RESULT_2" + }, + { + "Tuple4": "36.251.161.167.39777>143.92.57.79.443", + "ssl_sni": "a.ywgyuv.cn", + "ssl_ech": "1", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "c3db97da3b30171e5cf9de314584b555", + "name": "SSL_RESULT_3" + } +]
\ No newline at end of file diff --git a/test/case/close_contains_payload/1-TachyonVPN-192.168.50.28.63669-18.163.185.193.443.pcap b/test/case/close_contains_payload/1-TachyonVPN-192.168.50.28.63669-18.163.185.193.443.pcap Binary files differnew file mode 100644 index 0000000..514ed60 --- /dev/null +++ b/test/case/close_contains_payload/1-TachyonVPN-192.168.50.28.63669-18.163.185.193.443.pcap diff --git a/test/case/close_contains_payload/ssl_close_contains_payload_result.json b/test/case/close_contains_payload/ssl_close_contains_payload_result.json new file mode 100644 index 0000000..6f2fb4d --- /dev/null +++ b/test/case/close_contains_payload/ssl_close_contains_payload_result.json @@ -0,0 +1,28 @@ +[ + { + "Tuple4": "192.168.50.28.63669>18.163.185.193.443", + "ssl_sni": "www.firefox.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "45b1a0eca9605cd8789cd7e1a5ccd9b0", + "ssl_ja3s_hash": "9a1de6823a92d66172ce93d309e73e4e", + "ssl_cert_version": "v3", + "ssl_cert_Issuer": "DigiCert SHA2 Secure Server CA;DigiCert Inc;;;;;US", + "ssl_cert_IssuerCN": "DigiCert SHA2 Secure Server CA", + "ssl_cert_IssuerO": "DigiCert Inc", + "ssl_cert_IssuerC": "US", + "ssl_cert_Sub": "redirect-san.mozilla.org;Mozilla Corporation;WebOps;Mountain View;;California;US", + "ssl_cert_SubCN": "redirect-san.mozilla.org", + "ssl_cert_SubO": "Mozilla Corporation", + "ssl_cert_SubC": "US", + "ssl_cert_SubP": "California", + "ssl_cert_SubL": "Mountain View", + "ssl_cert_SubU": "WebOps", + "ssl_cert_SubAltName": "leandatapractices.org;leandatapractices.com;mozilla-podcasts.org;mozilla.com;gv.dev;getfirefox.com;geckoview.dev;firefoxquantum.com;firefox.com;taskcluster.net;contributejson.org;www.firefox.com;masterfirefoxos.mozilla.org;mobilepartners.mozilla.org;www.leandatapractices.org;www.leandatapractices.com;www.getfirefox.com;mozilla.org.uk;webwewant.mozilla.org;thehub.mozilla.com;nightly.mozilla.org;pontoon.mozillalabs.com;videos.mozilla.org;videos-cdn.mozilla.net;treestatus.mozilla.org;techspeakers.mozilla.org;redirect-san.mozilla.org;input.mozilla.com;join.mozilla.org;content.mozilla.org;activations.mozilla.org;addons.mozilla.com;airmo.mozilla.org;ask.mozilla.org;aurora.mozilla.org;beta.mozilla.org;careers.mozilla.com;designlanguage.mozilla.org;input.mozilla.org;dnt.mozilla.org;events.mozilla.org;forums.mozilla.org;friends.mozilla.org;git.mozilla.org;hub.mozilla.com;hub.mozilla.org;activations.mozilla.com;www.mozilla.com", + "ssl_cert_SerialNum": "0x019d2b994ec99445c735d2a6d739e43a", + "ssl_cert_AgID": "1.2.840.113549.1.1.11", + "ssl_cert_From": "200406000000Z", + "ssl_cert_To": "210414120000Z", + "ssl_cert_SSLFPAg": "1.2.840.113549.1.1.11", + "name": "SSL_RESULT_1" + } +]
\ No newline at end of file diff --git a/test/case/e21/1-E21-target.com-196.188.136.150-151.101.2.187.443.pcap b/test/case/e21/1-E21-target.com-196.188.136.150-151.101.2.187.443.pcap Binary files differnew file mode 100644 index 0000000..8db407f --- /dev/null +++ b/test/case/e21/1-E21-target.com-196.188.136.150-151.101.2.187.443.pcap diff --git a/test/case/e21/ssl_e21_target_result.json b/test/case/e21/ssl_e21_target_result.json new file mode 100644 index 0000000..6b8547e --- /dev/null +++ b/test/case/e21/ssl_e21_target_result.json @@ -0,0 +1,502 @@ +[ + { + "Tuple4": "10.10.10.162.55173>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_1" + }, + { + "Tuple4": "10.10.10.162.55174>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_2" + }, + { + "Tuple4": "10.10.10.162.55176>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_3" + }, + { + "Tuple4": "10.10.10.162.55177>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_4" + }, + { + "Tuple4": "10.10.10.162.55178>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_5" + }, + { + "Tuple4": "10.10.10.162.55179>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_6" + }, + { + "Tuple4": "10.10.10.162.55180>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_7" + }, + { + "Tuple4": "10.10.10.162.55181>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_8" + }, + { + "Tuple4": "10.10.10.162.55182>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_9" + }, + { + "Tuple4": "10.10.10.162.55184>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_10" + }, + { + "Tuple4": "10.10.10.162.55214>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_11" + }, + { + "Tuple4": "10.10.10.162.55215>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_12" + }, + { + "Tuple4": "10.10.10.162.55183>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_ja3s_hash": "16c0b3e6a7b8173c16d944cfeaeee9cf", + "ssl_cert_version": "v3", + "ssl_cert_Issuer": "GlobalSign Atlas R3 OV TLS CA H2 2021;GlobalSign nv-sa;;;;;BE", + "ssl_cert_IssuerCN": "GlobalSign Atlas R3 OV TLS CA H2 2021", + "ssl_cert_IssuerO": "GlobalSign nv-sa", + "ssl_cert_IssuerC": "BE", + "ssl_cert_Sub": "sites.target.com;Target Corporation;;Minneapolis;;Minnesota;US", + "ssl_cert_SubCN": "sites.target.com", + "ssl_cert_SubO": "Target Corporation", + "ssl_cert_SubC": "US", + "ssl_cert_SubP": "Minnesota", + "ssl_cert_SubL": "Minneapolis", + "ssl_cert_SubCN": "sites.target.com", + "ssl_cert_SubAltName": "sites.target.com;affiliate.target.com;android.studioconnect.live;api.studioconnect.live;apollo-metrics.target.com;assethub.partnersonline.com;assethub.target.com;awesomeshop.target.com;bex.partnersonline.com;bex.target.com;cartster.target.com;cartwheel.target.com;cartwheelws-secure.target.com;circle.target.com;connect.roundel.com;connectedcommerce.target.com;corporate.target.com;developer.target.com;dojo.target.com;doppler.partnersonline.com;elevate.target.com;extgargantua.partnersonline.com;factorial.partnersonline.com;finds.target.com;gql.studioconnect.live;greenfield.partnersonline.com;greenfield.target.com;hrocdocrequest.target.com;iccon.target.com;incubator.target.com;india.target.com;ios.studioconnect.live;jira.target.com;launchpad.partnersonline.com;launchpad.target.com;leads.studioconnect.live;m.target.com;marketinghub.target.com;mercury.partnersonline.com;mickra.target.com;mickradashboard.target.com;mvs.partnersonline.com;mytime.target.com;nic.target;openhouse.target.com;opensource.target.com;osmosis.partnersonline.com;partnersonline.com;pcn.partnersonline.com;peg.partnersonline.com;photosubmission.target.com;pid.partnersonline.com;plus.target.com;pmworkorderadmin.partnersonline.com;poladmin.partnersonline.com;pop.partnersonline.com;qmp.partnersonline.com;qr.target.com;r2d2.target.com;rdmplus.target.com;recognize.target.com;redcard.target.com;redirect.studioconnect.live;rik.roundel.com;roundel.com;rubix.partnersonline.com;rubix.target.com;security.target.com;servicetech.target.com;sm.partnersonline.com;spark.partnersonline.com;spark.target.com;studioconnect.live;stylehub.target.com;synergy.partnersonline.com;target.com;targetmedianetwork.target.com;targetopenhouse.com;tepagent.target.com;tgt-files.target.com;tgtdriver.partnersonline.com;ti-event-prod.target.com;tiam.target.com;tiiam.target.com;tvi.partnersonline.com;viewpoint.target.com;weeklyad.target.com;www.partnersonline.com;www.roundel.com;www.target.com;www.targetopenhouse.com", + "ssl_cert_SerialNum": "0x012ede33fc9283773396e9b1ff995262", + "ssl_cert_AgID": "1.2.840.113549.1.1.11", + "ssl_cert_From": "210928164609Z", + "ssl_cert_To": "221030164608Z", + "ssl_cert_SSLFPAg": "1.2.840.113549.1.1.11", + "name": "SSL_RESULT_13" + }, + { + "Tuple4": "10.10.10.162.55242>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_ja3s_hash": "16c0b3e6a7b8173c16d944cfeaeee9cf", + "ssl_cert_version": "v3", + "ssl_cert_Issuer": "GlobalSign Atlas R3 OV TLS CA H2 2021;GlobalSign nv-sa;;;;;BE", + "ssl_cert_IssuerCN": "GlobalSign Atlas R3 OV TLS CA H2 2021", + "ssl_cert_IssuerO": "GlobalSign nv-sa", + "ssl_cert_IssuerC": "BE", + "ssl_cert_Sub": "sites.target.com;Target Corporation;;Minneapolis;;Minnesota;US", + "ssl_cert_SubCN": "sites.target.com", + "ssl_cert_SubO": "Target Corporation", + "ssl_cert_SubC": "US", + "ssl_cert_SubP": "Minnesota", + "ssl_cert_SubL": "Minneapolis", + "ssl_cert_SubCN": "sites.target.com", + "ssl_cert_SubAltName": "sites.target.com;affiliate.target.com;android.studioconnect.live;api.studioconnect.live;apollo-metrics.target.com;assethub.partnersonline.com;assethub.target.com;awesomeshop.target.com;bex.partnersonline.com;bex.target.com;cartster.target.com;cartwheel.target.com;cartwheelws-secure.target.com;circle.target.com;connect.roundel.com;connectedcommerce.target.com;corporate.target.com;developer.target.com;dojo.target.com;doppler.partnersonline.com;elevate.target.com;extgargantua.partnersonline.com;factorial.partnersonline.com;finds.target.com;gql.studioconnect.live;greenfield.partnersonline.com;greenfield.target.com;hrocdocrequest.target.com;iccon.target.com;incubator.target.com;india.target.com;ios.studioconnect.live;jira.target.com;launchpad.partnersonline.com;launchpad.target.com;leads.studioconnect.live;m.target.com;marketinghub.target.com;mercury.partnersonline.com;mickra.target.com;mickradashboard.target.com;mvs.partnersonline.com;mytime.target.com;nic.target;openhouse.target.com;opensource.target.com;osmosis.partnersonline.com;partnersonline.com;pcn.partnersonline.com;peg.partnersonline.com;photosubmission.target.com;pid.partnersonline.com;plus.target.com;pmworkorderadmin.partnersonline.com;poladmin.partnersonline.com;pop.partnersonline.com;qmp.partnersonline.com;qr.target.com;r2d2.target.com;rdmplus.target.com;recognize.target.com;redcard.target.com;redirect.studioconnect.live;rik.roundel.com;roundel.com;rubix.partnersonline.com;rubix.target.com;security.target.com;servicetech.target.com;sm.partnersonline.com;spark.partnersonline.com;spark.target.com;studioconnect.live;stylehub.target.com;synergy.partnersonline.com;target.com;targetmedianetwork.target.com;targetopenhouse.com;tepagent.target.com;tgt-files.target.com;tgtdriver.partnersonline.com;ti-event-prod.target.com;tiam.target.com;tiiam.target.com;tvi.partnersonline.com;viewpoint.target.com;weeklyad.target.com;www.partnersonline.com;www.roundel.com;www.target.com;www.targetopenhouse.com", + "ssl_cert_SerialNum": "0x012ede33fc9283773396e9b1ff995262", + "ssl_cert_AgID": "1.2.840.113549.1.1.11", + "ssl_cert_From": "210928164609Z", + "ssl_cert_To": "221030164608Z", + "ssl_cert_SSLFPAg": "1.2.840.113549.1.1.11", + "name": "SSL_RESULT_14" + }, + { + "Tuple4": "10.10.10.162.55241>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_15" + }, + { + "Tuple4": "10.10.10.162.55274>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_16" + }, + { + "Tuple4": "10.10.10.162.55273>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_17" + }, + { + "Tuple4": "10.10.10.162.55279>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_18" + }, + { + "Tuple4": "10.10.10.162.55282>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_19" + }, + { + "Tuple4": "10.10.10.162.55283>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_20" + }, + { + "Tuple4": "10.10.10.162.55284>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_21" + }, + { + "Tuple4": "10.10.10.162.55285>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_22" + }, + { + "Tuple4": "10.10.10.162.55286>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_23" + }, + { + "Tuple4": "10.10.10.162.55287>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_24" + }, + { + "Tuple4": "10.10.10.162.55288>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_25" + }, + { + "Tuple4": "10.10.10.162.55289>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_26" + }, + { + "Tuple4": "10.10.10.162.55296>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_27" + }, + { + "Tuple4": "10.10.10.162.55297>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_28" + }, + { + "Tuple4": "10.10.10.162.55298>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_29" + }, + { + "Tuple4": "10.10.10.162.55299>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_30" + }, + { + "Tuple4": "10.10.10.162.55300>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_31" + }, + { + "Tuple4": "10.10.10.162.55301>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_32" + }, + { + "Tuple4": "10.10.10.162.55306>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_33" + }, + { + "Tuple4": "10.10.10.162.55307>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_34" + }, + { + "Tuple4": "10.10.10.162.55308>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_35" + }, + { + "Tuple4": "10.10.10.162.55309>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_36" + }, + { + "Tuple4": "10.10.10.162.55311>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_37" + }, + { + "Tuple4": "10.10.10.162.55312>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_38" + }, + { + "Tuple4": "10.10.10.162.55321>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_39" + }, + { + "Tuple4": "10.10.10.162.55322>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_40" + }, + { + "Tuple4": "10.10.10.162.55323>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_41" + }, + { + "Tuple4": "10.10.10.162.55324>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_42" + }, + { + "Tuple4": "10.10.10.162.55325>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_43" + }, + { + "Tuple4": "10.10.10.162.55326>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_44" + }, + { + "Tuple4": "10.10.10.162.55327>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_45" + }, + { + "Tuple4": "10.10.10.162.55328>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_46" + }, + { + "Tuple4": "10.10.10.162.55330>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_47" + }, + { + "Tuple4": "10.10.10.162.55331>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_48" + }, + { + "Tuple4": "10.10.10.162.55332>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_49" + }, + { + "Tuple4": "10.10.10.162.55334>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_50" + }, + { + "Tuple4": "10.10.10.162.55336>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_51" + }, + { + "Tuple4": "10.10.10.162.55337>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_52" + }, + { + "Tuple4": "10.10.10.162.55338>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_53" + }, + { + "Tuple4": "10.10.10.162.55343>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_54" + }, + { + "Tuple4": "10.10.10.162.55344>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_55" + }, + { + "Tuple4": "10.10.10.162.55345>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_56" + }, + { + "Tuple4": "10.10.10.162.55346>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_57" + }, + { + "Tuple4": "10.10.10.162.55349>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_58" + }, + { + "Tuple4": "10.10.10.162.55348>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_59" + }, + { + "Tuple4": "10.10.10.162.55352>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_60" + }, + { + "Tuple4": "10.10.10.162.55353>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_61" + }, + { + "Tuple4": "10.10.10.162.55356>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_62" + }, + { + "Tuple4": "10.10.10.162.55357>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_63" + }, + { + "Tuple4": "10.10.10.162.55359>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_64" + }, + { + "Tuple4": "10.10.10.162.55358>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_65" + }, + { + "Tuple4": "10.10.10.162.55364>151.101.2.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_66" + } +]
\ No newline at end of file diff --git a/test/case/extensions_exceed_16/1-ssl.ex.exceed16-192.168.64.8.53446-185.63.190.2.443.pcap b/test/case/extensions_exceed_16/1-ssl.ex.exceed16-192.168.64.8.53446-185.63.190.2.443.pcap Binary files differnew file mode 100644 index 0000000..79f6f41 --- /dev/null +++ b/test/case/extensions_exceed_16/1-ssl.ex.exceed16-192.168.64.8.53446-185.63.190.2.443.pcap diff --git a/test/case/extensions_exceed_16/extensions_exceed_16_result.json b/test/case/extensions_exceed_16/extensions_exceed_16_result.json new file mode 100644 index 0000000..c5416e0 --- /dev/null +++ b/test/case/extensions_exceed_16/extensions_exceed_16_result.json @@ -0,0 +1,10 @@ +[ + { + "Tuple4": "192.168.64.8.53466>185.63.190.2.443", + "ssl_sni": "fermer.ru", + "ssl_ech": "1", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "afa0d02228072fc4b02a7772a668c64a", + "name": "SSL_RESULT_1" + } +]
\ No newline at end of file diff --git a/test/case/multiple_handshake/3-ssl-with-cert.pcap b/test/case/multiple_handshake/3-ssl-with-cert.pcap Binary files differnew file mode 100644 index 0000000..d386c5a --- /dev/null +++ b/test/case/multiple_handshake/3-ssl-with-cert.pcap diff --git a/test/case/multiple_handshake/ssl_multiple_handshake_result.json b/test/case/multiple_handshake/ssl_multiple_handshake_result.json new file mode 100644 index 0000000..196135d --- /dev/null +++ b/test/case/multiple_handshake/ssl_multiple_handshake_result.json @@ -0,0 +1,23 @@ +[ + { + "Tuple4": "192.168.32.27.52705>202.89.233.101.443", + "ssl_sni": "cn.bing.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_ja3s_hash": "67bfe5d15ae567fb35fd7837f0116eec", + "ssl_cert_version": "v3", + "ssl_cert_Issuer": "Microsoft RSA TLS CA 02;Microsoft Corporation;;;;;US", + "ssl_cert_IssuerCN": "Microsoft RSA TLS CA 02", + "ssl_cert_IssuerO": "Microsoft Corporation", + "ssl_cert_IssuerC": "US", + "ssl_cert_Sub": "www.bing.com;;;;;;", + "ssl_cert_SubCN": "www.bing.com", + "ssl_cert_SubAltName": "www.bing.com;dict.bing.com.cn;*.platform.bing.com;*.bing.com;bing.com;ieonline.microsoft.com;*.windowssearch.com;cn.ieonline.microsoft.com;*.origin.bing.com;*.mm.bing.net;*.api.bing.com;ecn.dev.virtualearth.net;*.cn.bing.net;*.cn.bing.com;ssl-api.bing.com;ssl-api.bing.net;*.api.bing.net;*.bingapis.com;bingsandbox.com;feedback.microsoft.com;insertmedia.bing.office.net;r.bat.bing.com;*.r.bat.bing.com;*.dict.bing.com.cn;*.dict.bing.com;*.ssl.bing.com;*.appex.bing.com;*.platform.cn.bing.com;wp.m.bing.com;*.m.bing.com;global.bing.com;windowssearch.com;search.msn.com;*.bingsandbox.com;*.api.tiles.ditu.live.com;*.ditu.live.com;*.t0.tiles.ditu.live.com;*.t1.tiles.ditu.live.com;*.t2.tiles.ditu.live.com;*.t3.tiles.ditu.live.com;*.tiles.ditu.live.com;3d.live.com;api.search.live.com;beta.search.live.com;cnweb.search.live.com;dev.live.com;ditu.live.com;farecast.live.com;image.live.com;images.live.com;local.live.com.au;localsearch.live.com;ls4d.search.live.com;mail.live.com;mapindia.live.com;local.live.com;maps.live.com;maps.live.com.au;mindia.live.com;news.live.com;origin.cnweb.search.live.com;preview.local.live.com;search.live.com;test.maps.live.com;video.live.com;videos.live.com;virtualearth.live.com;wap.live.com;webmaster.live.com;webmasters.live.com;www.local.live.com.au;www.maps.live.com.au", + "ssl_cert_SerialNum": "0x7f0012e261129541195fac1a6000000012e261", + "ssl_cert_AgID": "1.2.840.113549.1.1.11", + "ssl_cert_From": "210706015313Z", + "ssl_cert_To": "220106015313Z", + "ssl_cert_SSLFPAg": "1.2.840.113549.1.1.11", + "name": "SSL_RESULT_1" + } +]
\ No newline at end of file diff --git a/test/case/ssl/1-ssl-sun9-20.userapi.com-90.143.182.94.55835-93.186.227.131.443.pcap b/test/case/ssl/1-ssl-sun9-20.userapi.com-90.143.182.94.55835-93.186.227.131.443.pcap Binary files differnew file mode 100644 index 0000000..3969116 --- /dev/null +++ b/test/case/ssl/1-ssl-sun9-20.userapi.com-90.143.182.94.55835-93.186.227.131.443.pcap diff --git a/test/case/ssl/2-ssl-v1.3-esni-192.168.50.38.52391-104.16.123.96.443.pcap b/test/case/ssl/2-ssl-v1.3-esni-192.168.50.38.52391-104.16.123.96.443.pcap Binary files differnew file mode 100644 index 0000000..e5e20b5 --- /dev/null +++ b/test/case/ssl/2-ssl-v1.3-esni-192.168.50.38.52391-104.16.123.96.443.pcap diff --git a/test/case/ssl/3-tls_ech.pcap b/test/case/ssl/3-tls_ech.pcap Binary files differnew file mode 100644 index 0000000..0cb473f --- /dev/null +++ b/test/case/ssl/3-tls_ech.pcap diff --git a/test/case/ssl/ssl_result.json b/test/case/ssl/ssl_result.json new file mode 100644 index 0000000..8afb659 --- /dev/null +++ b/test/case/ssl/ssl_result.json @@ -0,0 +1,53 @@ +[ + { + "Tuple4": "192.168.50.38.52391>104.16.123.96.443", + "ssl_sni": "ESNI", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "62a4a00de930bd0a5bee0309cc8362ed", + "ssl_ja3s_hash": "eb1d94daa7e0344597e756a1fb6e7054", + "name": "SSL_RESULT_1" + }, + { + "Tuple4": "192.168.2.102.56768>34.138.246.121.443", + "ssl_sni": "public.tls-ech.dev", + "ssl_ech": "1", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "a195b9c006fcb23ab9a2343b0871e362", + "ssl_ja3s_hash": "2b0648ab686ee45e0e7c35fcfb0eea7e", + "name": "SSL_RESULT_2" + }, + { + "Tuple4": "90.143.182.94.55835>93.186.227.131.443", + "ssl_sni": "sun9-20.userapi.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "6f5e62edfa5933b1332ddf8b9fb3ef9d", + "ssl_ja3s_hash": "2d1eb5817ece335c24904f516ad5da12", + "ssl_cert_version": "v3", + "ssl_cert_Issuer": "GlobalSign Organization Validation CA - SHA256 - G2;GlobalSign nv-sa;;;;;BE", + "ssl_cert_IssuerCN": "GlobalSign Organization Validation CA - SHA256 - G2", + "ssl_cert_IssuerO": "GlobalSign nv-sa", + "ssl_cert_IssuerC": "BE", + "ssl_cert_Sub": "*.userapi.com;V Kontakte LLC;;Saint-Petersburg;;Saint-Petersburg;RU", + "ssl_cert_SubCN": "*.userapi.com", + "ssl_cert_SubO": "V Kontakte LLC", + "ssl_cert_SubC": "RU", + "ssl_cert_SubP": "Saint-Petersburg", + "ssl_cert_SubL": "Saint-Petersburg", + "ssl_cert_SubAltName": "*.userapi.com;vk.me;*.vk-cdn.net;*.vkuserlive.com;*.vkuserlive.net;*.vkuseraudio.net;*.vkuseraudio.com;*.vkuservideo.net;*.vkuservideo.com;*.vk.me;userapi.com", + "ssl_cert_SerialNum": "0x5afa3a189e6a5c11e1e18b0f", + "ssl_cert_AgID": "1.2.840.113549.1.1.11", + "ssl_cert_From": "180717083809Z", + "ssl_cert_To": "190714162604Z", + "ssl_cert_SSLFPAg": "1.2.840.113549.1.1.11", + "name": "SSL_RESULT_3" + }, + { + "Tuple4": "192.168.2.102.56776>34.138.246.121.443", + "ssl_sni": "public.tls-ech.dev", + "ssl_ech": "1", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "a195b9c006fcb23ab9a2343b0871e362", + "ssl_ja3s_hash": "2b0648ab686ee45e0e7c35fcfb0eea7e", + "name": "SSL_RESULT_4" + } +]
\ No newline at end of file diff --git a/test/case/tcp_ack_contians_payload/1-tcp_ack_contains_payload.pcap b/test/case/tcp_ack_contians_payload/1-tcp_ack_contains_payload.pcap Binary files differnew file mode 100644 index 0000000..199f7ee --- /dev/null +++ b/test/case/tcp_ack_contians_payload/1-tcp_ack_contains_payload.pcap diff --git a/test/case/tcp_ack_contians_payload/ssl_tcp_ack_contians_payload_result.json b/test/case/tcp_ack_contians_payload/ssl_tcp_ack_contians_payload_result.json new file mode 100644 index 0000000..9632ce8 --- /dev/null +++ b/test/case/tcp_ack_contians_payload/ssl_tcp_ack_contians_payload_result.json @@ -0,0 +1,114 @@ +[ + { + "Tuple4": "36.251.161.167.39018>143.92.57.79.443", + "ssl_sni": "a.ywgyuv.cn", + "ssl_ech": "1", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "6f7971785f5cbbcb21819b6639f0e8f7", + "name": "SSL_RESULT_1" + }, + { + "Tuple4": "36.251.161.167.39025>143.92.57.79.443", + "ssl_sni": "a.ywgyuv.cn", + "ssl_ech": "1", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "0ac1d260c0b1f0e3bf645d6580ea6343", + "name": "SSL_RESULT_2" + }, + { + "Tuple4": "36.251.161.167.39112>143.92.57.79.443", + "ssl_sni": "a.ywgyuv.cn", + "ssl_ech": "1", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "ca54aeeb513ecacf4d7bc22c5d8f0b75", + "name": "SSL_RESULT_3" + }, + { + "Tuple4": "36.251.161.167.39423>143.92.57.79.443", + "ssl_sni": "a.ywgyuv.cn", + "ssl_ech": "1", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "9e41793e6f0a1696bedc0876465e1f42", + "name": "SSL_RESULT_4" + }, + { + "Tuple4": "36.251.161.167.39680>143.92.57.79.443", + "ssl_sni": "a.ywgyuv.cn", + "ssl_ech": "1", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "47c3fabcf1bc65a32a9d3fb8e70ab79d", + "name": "SSL_RESULT_5" + }, + { + "Tuple4": "36.251.161.167.39809>143.92.57.79.443", + "ssl_sni": "a.ywgyuv.cn", + "ssl_ech": "1", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "04331a57b3e122e689c373712edf42c0", + "name": "SSL_RESULT_6" + }, + { + "Tuple4": "36.251.161.167.39816>143.92.57.79.443", + "ssl_sni": "a.ywgyuv.cn", + "ssl_ech": "1", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "34c3efe4e6565e8eef2eaaeb7c12a1a6", + "name": "SSL_RESULT_7" + }, + { + "Tuple4": "36.251.161.167.39820>143.92.57.79.443", + "ssl_sni": "a.ywgyuv.cn", + "ssl_ech": "1", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cc97290a5bb4651489fe7a88e93ace90", + "name": "SSL_RESULT_8" + }, + { + "Tuple4": "36.251.161.167.39825>143.92.57.79.443", + "ssl_sni": "a.ywgyuv.cn", + "ssl_ech": "1", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "4e6ae21ce8b876dc7cad2f5ca9a60b23", + "name": "SSL_RESULT_9" + }, + { + "Tuple4": "36.251.161.167.39832>143.92.57.79.443", + "ssl_sni": "a.ywgyuv.cn", + "ssl_ech": "1", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "89cb560e9ee2d33728756a2d4d7b2900", + "name": "SSL_RESULT_10" + }, + { + "Tuple4": "36.251.161.167.39850>143.92.57.79.443", + "ssl_sni": "a.ywgyuv.cn", + "ssl_ech": "1", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "7324d30178b21f4c3a60550ef43d5ab0", + "name": "SSL_RESULT_11" + }, + { + "Tuple4": "36.251.161.167.39867>143.92.57.79.443", + "ssl_sni": "a.ywgyuv.cn", + "ssl_ech": "1", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "53fed08198669268c271fc320627c0c4", + "name": "SSL_RESULT_12" + }, + { + "Tuple4": "36.251.161.167.39777>143.92.57.79.443", + "ssl_sni": "a.ywgyuv.cn", + "ssl_ech": "1", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "c3db97da3b30171e5cf9de314584b555", + "name": "SSL_RESULT_13" + }, + { + "Tuple4": "36.251.161.167.39810>143.92.57.79.443", + "ssl_sni": "a.ywgyuv.cn", + "ssl_ech": "1", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "ff194650bab04e7b4cd55e66fd91c010", + "name": "SSL_RESULT_14" + } +]
\ No newline at end of file diff --git a/test/case/xxg/1-18-target.com.pcap b/test/case/xxg/1-18-target.com.pcap Binary files differnew file mode 100644 index 0000000..c4a9fc0 --- /dev/null +++ b/test/case/xxg/1-18-target.com.pcap diff --git a/test/case/xxg/ssl_xxg_target_result.json b/test/case/xxg/ssl_xxg_target_result.json new file mode 100644 index 0000000..4316465 --- /dev/null +++ b/test/case/xxg/ssl_xxg_target_result.json @@ -0,0 +1,1493 @@ +[ + { + "Tuple4": "192.168.50.33.51933>54.230.21.91.443", + "name": "SSL_RESULT_1" + }, + { + "Tuple4": "192.168.50.52.17312>142.250.66.99.443", + "ssl_sni": "www.gstatic.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_ja3s_hash": "eb1d94daa7e0344597e756a1fb6e7054", + "name": "SSL_RESULT_2" + }, + { + "Tuple4": "192.168.50.52.17313>142.250.66.99.443", + "ssl_sni": "www.gstatic.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_ja3s_hash": "eb1d94daa7e0344597e756a1fb6e7054", + "name": "SSL_RESULT_3" + }, + { + "Tuple4": "192.168.50.52.17330>151.101.194.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_4" + }, + { + "Tuple4": "192.168.50.52.17332>151.101.194.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_5" + }, + { + "Tuple4": "192.168.50.52.17331>151.101.194.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_6" + }, + { + "Tuple4": "192.168.50.52.17335>151.101.194.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_7" + }, + { + "Tuple4": "192.168.50.52.17337>151.101.194.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_8" + }, + { + "Tuple4": "192.168.50.52.17336>151.101.194.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_9" + }, + { + "Tuple4": "192.168.50.52.17339>151.101.194.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_10" + }, + { + "Tuple4": "192.168.50.52.17340>151.101.194.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_11" + }, + { + "Tuple4": "192.168.50.33.63477>142.250.66.78.443", + "name": "SSL_RESULT_12" + }, + { + "Tuple4": "192.168.50.52.17356>151.101.194.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_13" + }, + { + "Tuple4": "192.168.50.52.17357>151.101.194.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_14" + }, + { + "Tuple4": "192.168.50.52.17358>151.101.194.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_15" + }, + { + "Tuple4": "192.168.50.52.17359>151.101.194.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_16" + }, + { + "Tuple4": "192.168.50.33.50714>142.250.66.134.443", + "name": "SSL_RESULT_17" + }, + { + "Tuple4": "192.168.50.52.17367>151.101.194.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_18" + }, + { + "Tuple4": "192.168.50.52.17368>151.101.194.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_19" + }, + { + "Tuple4": "192.168.50.52.17370>151.101.194.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_20" + }, + { + "Tuple4": "192.168.50.52.17369>151.101.194.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_21" + }, + { + "Tuple4": "192.168.50.52.17378>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_22" + }, + { + "Tuple4": "192.168.50.52.17379>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_23" + }, + { + "Tuple4": "192.168.50.52.17383>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_24" + }, + { + "Tuple4": "192.168.50.52.17382>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_25" + }, + { + "Tuple4": "192.168.50.52.17385>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_26" + }, + { + "Tuple4": "192.168.50.52.17389>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_27" + }, + { + "Tuple4": "192.168.50.52.17387>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_28" + }, + { + "Tuple4": "192.168.50.52.17386>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_29" + }, + { + "Tuple4": "192.168.50.52.17390>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_30" + }, + { + "Tuple4": "192.168.50.52.17391>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_31" + }, + { + "Tuple4": "192.168.50.52.17392>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_32" + }, + { + "Tuple4": "192.168.50.52.17395>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_33" + }, + { + "Tuple4": "192.168.50.52.17393>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_34" + }, + { + "Tuple4": "192.168.50.52.17396>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_35" + }, + { + "Tuple4": "192.168.50.52.17394>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_36" + }, + { + "Tuple4": "192.168.50.52.17397>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_37" + }, + { + "Tuple4": "192.168.50.52.17398>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_38" + }, + { + "Tuple4": "192.168.50.52.17403>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_39" + }, + { + "Tuple4": "192.168.50.52.17402>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_40" + }, + { + "Tuple4": "192.168.50.52.17405>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_41" + }, + { + "Tuple4": "192.168.50.52.17404>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_42" + }, + { + "Tuple4": "192.168.50.52.17406>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_43" + }, + { + "Tuple4": "192.168.50.52.17407>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_44" + }, + { + "Tuple4": "192.168.50.52.17409>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_45" + }, + { + "Tuple4": "192.168.50.52.17408>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_46" + }, + { + "Tuple4": "192.168.50.52.17413>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_47" + }, + { + "Tuple4": "192.168.50.52.17412>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_48" + }, + { + "Tuple4": "192.168.50.52.17415>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_49" + }, + { + "Tuple4": "192.168.50.52.17416>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_50" + }, + { + "Tuple4": "192.168.50.52.17421>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_51" + }, + { + "Tuple4": "192.168.50.52.17420>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_52" + }, + { + "Tuple4": "192.168.50.52.17422>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_53" + }, + { + "Tuple4": "192.168.50.52.17423>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_54" + }, + { + "Tuple4": "192.168.50.52.17424>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_55" + }, + { + "Tuple4": "192.168.50.52.17429>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_56" + }, + { + "Tuple4": "192.168.50.52.17430>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_57" + }, + { + "Tuple4": "192.168.50.52.17380>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_58" + }, + { + "Tuple4": "192.168.50.52.17438>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_59" + }, + { + "Tuple4": "192.168.50.52.17388>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_60" + }, + { + "Tuple4": "192.168.50.52.17439>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_61" + }, + { + "Tuple4": "192.168.50.52.17401>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_62" + }, + { + "Tuple4": "192.168.50.52.17400>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_63" + }, + { + "Tuple4": "192.168.50.52.17440>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_64" + }, + { + "Tuple4": "192.168.50.52.17442>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_65" + }, + { + "Tuple4": "192.168.50.52.17443>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_66" + }, + { + "Tuple4": "192.168.50.52.17441>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_67" + }, + { + "Tuple4": "192.168.50.52.17410>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_68" + }, + { + "Tuple4": "192.168.50.52.17444>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_69" + }, + { + "Tuple4": "192.168.50.52.17445>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_70" + }, + { + "Tuple4": "192.168.50.52.17419>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_71" + }, + { + "Tuple4": "192.168.50.52.17417>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_72" + }, + { + "Tuple4": "192.168.50.52.17414>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_73" + }, + { + "Tuple4": "192.168.50.52.17411>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_74" + }, + { + "Tuple4": "192.168.50.52.17448>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_75" + }, + { + "Tuple4": "192.168.50.52.17449>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_76" + }, + { + "Tuple4": "192.168.50.52.17451>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_77" + }, + { + "Tuple4": "192.168.50.52.17452>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_78" + }, + { + "Tuple4": "192.168.50.52.17453>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_79" + }, + { + "Tuple4": "192.168.50.52.17454>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_80" + }, + { + "Tuple4": "192.168.50.52.17455>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_81" + }, + { + "Tuple4": "192.168.50.52.17425>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_82" + }, + { + "Tuple4": "192.168.50.52.17426>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_83" + }, + { + "Tuple4": "192.168.50.52.17456>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_84" + }, + { + "Tuple4": "192.168.50.52.17457>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_85" + }, + { + "Tuple4": "192.168.50.52.17458>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_86" + }, + { + "Tuple4": "192.168.50.52.17459>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_87" + }, + { + "Tuple4": "192.168.50.52.17428>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_88" + }, + { + "Tuple4": "192.168.50.52.17460>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_89" + }, + { + "Tuple4": "192.168.50.52.17461>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_90" + }, + { + "Tuple4": "192.168.50.52.17462>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_91" + }, + { + "Tuple4": "192.168.50.52.17464>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_92" + }, + { + "Tuple4": "192.168.50.52.17463>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_93" + }, + { + "Tuple4": "192.168.50.52.17466>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_94" + }, + { + "Tuple4": "192.168.50.52.17465>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_95" + }, + { + "Tuple4": "192.168.50.52.17468>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_96" + }, + { + "Tuple4": "192.168.50.52.17431>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_97" + }, + { + "Tuple4": "192.168.50.52.17469>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_98" + }, + { + "Tuple4": "192.168.50.52.17470>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_99" + }, + { + "Tuple4": "192.168.50.52.17473>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_100" + }, + { + "Tuple4": "192.168.50.52.17474>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_101" + }, + { + "Tuple4": "192.168.50.52.17471>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_102" + }, + { + "Tuple4": "192.168.50.52.17472>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_103" + }, + { + "Tuple4": "192.168.50.52.17475>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_104" + }, + { + "Tuple4": "192.168.50.52.17476>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_105" + }, + { + "Tuple4": "192.168.50.52.17477>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_106" + }, + { + "Tuple4": "192.168.50.52.17481>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_107" + }, + { + "Tuple4": "192.168.50.52.17479>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_108" + }, + { + "Tuple4": "192.168.50.52.17483>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_109" + }, + { + "Tuple4": "192.168.50.52.17484>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_110" + }, + { + "Tuple4": "192.168.50.52.17485>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_111" + }, + { + "Tuple4": "192.168.50.52.17486>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_112" + }, + { + "Tuple4": "192.168.50.52.17487>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_113" + }, + { + "Tuple4": "192.168.50.52.17488>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_114" + }, + { + "Tuple4": "192.168.50.52.17490>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_115" + }, + { + "Tuple4": "192.168.50.52.17491>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_116" + }, + { + "Tuple4": "192.168.50.52.17492>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_117" + }, + { + "Tuple4": "192.168.50.52.17493>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_118" + }, + { + "Tuple4": "192.168.50.52.17494>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_119" + }, + { + "Tuple4": "192.168.50.52.17495>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_120" + }, + { + "Tuple4": "192.168.50.52.17496>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_121" + }, + { + "Tuple4": "192.168.50.52.17497>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_122" + }, + { + "Tuple4": "192.168.50.52.17498>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_123" + }, + { + "Tuple4": "192.168.50.52.17499>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_124" + }, + { + "Tuple4": "192.168.50.52.17500>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_125" + }, + { + "Tuple4": "192.168.50.52.17501>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_126" + }, + { + "Tuple4": "192.168.50.52.17502>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_127" + }, + { + "Tuple4": "192.168.50.52.17503>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_128" + }, + { + "Tuple4": "192.168.50.52.17504>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_129" + }, + { + "Tuple4": "192.168.50.52.17505>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_130" + }, + { + "Tuple4": "192.168.50.52.17506>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_131" + }, + { + "Tuple4": "192.168.50.52.17507>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_132" + }, + { + "Tuple4": "192.168.50.52.17508>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_133" + }, + { + "Tuple4": "192.168.50.52.17509>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_134" + }, + { + "Tuple4": "192.168.50.52.17511>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_135" + }, + { + "Tuple4": "192.168.50.52.17510>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_136" + }, + { + "Tuple4": "192.168.50.52.17512>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_137" + }, + { + "Tuple4": "192.168.50.52.17513>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_138" + }, + { + "Tuple4": "192.168.50.52.17514>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_139" + }, + { + "Tuple4": "192.168.50.52.17515>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_140" + }, + { + "Tuple4": "192.168.50.52.17516>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_141" + }, + { + "Tuple4": "192.168.50.52.17519>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_142" + }, + { + "Tuple4": "192.168.50.52.17518>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_143" + }, + { + "Tuple4": "192.168.50.52.17520>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_144" + }, + { + "Tuple4": "192.168.50.52.17521>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_145" + }, + { + "Tuple4": "192.168.50.52.17522>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_146" + }, + { + "Tuple4": "192.168.50.52.17523>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_147" + }, + { + "Tuple4": "192.168.50.52.17524>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_148" + }, + { + "Tuple4": "192.168.50.52.17526>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_149" + }, + { + "Tuple4": "192.168.50.52.17525>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_150" + }, + { + "Tuple4": "192.168.50.52.17527>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_151" + }, + { + "Tuple4": "192.168.50.52.17528>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_152" + }, + { + "Tuple4": "192.168.50.52.17529>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_153" + }, + { + "Tuple4": "192.168.50.52.17530>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_154" + }, + { + "Tuple4": "192.168.50.52.17446>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_155" + }, + { + "Tuple4": "192.168.50.52.17418>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_156" + }, + { + "Tuple4": "192.168.50.52.17447>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_157" + }, + { + "Tuple4": "192.168.50.52.17531>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_158" + }, + { + "Tuple4": "192.168.50.52.17450>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_159" + }, + { + "Tuple4": "192.168.50.52.17532>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_160" + }, + { + "Tuple4": "192.168.50.52.17533>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_161" + }, + { + "Tuple4": "192.168.50.52.17480>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_162" + }, + { + "Tuple4": "192.168.50.52.17478>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_163" + }, + { + "Tuple4": "192.168.50.52.17482>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_164" + }, + { + "Tuple4": "192.168.50.52.17534>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_165" + }, + { + "Tuple4": "192.168.50.52.17536>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_166" + }, + { + "Tuple4": "192.168.50.52.17517>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_167" + }, + { + "Tuple4": "192.168.50.52.17540>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_168" + }, + { + "Tuple4": "192.168.50.52.17399>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_169" + }, + { + "Tuple4": "192.168.50.52.17541>23.57.112.179.443", + "ssl_sni": "target.scene7.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_170" + }, + { + "Tuple4": "192.168.50.52.17535>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_171" + }, + { + "Tuple4": "192.168.50.52.17542>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_172" + }, + { + "Tuple4": "192.168.50.52.17543>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_173" + }, + { + "Tuple4": "192.168.50.52.17545>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_174" + }, + { + "Tuple4": "192.168.50.52.17546>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_175" + }, + { + "Tuple4": "192.168.50.52.17547>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_176" + }, + { + "Tuple4": "192.168.50.52.17548>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_177" + }, + { + "Tuple4": "192.168.50.52.17549>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_178" + }, + { + "Tuple4": "192.168.50.52.17550>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_179" + }, + { + "Tuple4": "192.168.50.52.17551>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_180" + }, + { + "Tuple4": "192.168.50.52.17552>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_181" + }, + { + "Tuple4": "192.168.50.52.17554>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_182" + }, + { + "Tuple4": "192.168.50.33.64967>54.230.21.91.443", + "name": "SSL_RESULT_183" + }, + { + "Tuple4": "192.168.50.52.17553>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_184" + }, + { + "Tuple4": "192.168.50.52.17555>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_185" + }, + { + "Tuple4": "192.168.50.52.17559>151.101.130.180.443", + "ssl_sni": "assets.targetimg1.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "name": "SSL_RESULT_186" + }, + { + "Tuple4": "192.168.50.33.57414>142.250.66.42.443", + "name": "SSL_RESULT_187" + }, + { + "Tuple4": "192.168.50.33.60652>142.250.66.99.443", + "name": "SSL_RESULT_188" + }, + { + "Tuple4": "192.168.50.33.58291>220.181.174.230.443", + "name": "SSL_RESULT_189" + }, + { + "Tuple4": "192.168.50.33.50525>172.217.27.35.443", + "name": "SSL_RESULT_190" + }, + { + "Tuple4": "192.168.50.33.56708>142.250.204.36.443", + "name": "SSL_RESULT_191" + }, + { + "Tuple4": "192.168.50.33.55558>142.250.66.99.443", + "name": "SSL_RESULT_192" + }, + { + "Tuple4": "192.168.50.33.65240>142.250.204.86.443", + "name": "SSL_RESULT_193" + }, + { + "Tuple4": "192.168.50.33.57554>142.250.204.65.443", + "name": "SSL_RESULT_194" + }, + { + "Tuple4": "192.168.50.33.65100>142.250.207.74.443", + "name": "SSL_RESULT_195" + }, + { + "Tuple4": "192.168.50.33.54638>142.250.204.110.443", + "name": "SSL_RESULT_196" + }, + { + "Tuple4": "192.168.50.33.63347>142.250.66.131.443", + "name": "SSL_RESULT_197" + }, + { + "Tuple4": "192.168.50.52.1079>40.119.211.203.443", + "name": "SSL_RESULT_198" + }, + { + "Tuple4": "192.168.50.52.17311>142.250.66.99.443", + "ssl_sni": "www.gstatic.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_ja3s_hash": "eb1d94daa7e0344597e756a1fb6e7054", + "name": "SSL_RESULT_199" + }, + { + "Tuple4": "192.168.50.52.14756>172.217.24.110.443", + "name": "SSL_RESULT_200" + }, + { + "Tuple4": "192.168.50.52.27956>40.90.189.152.443", + "name": "SSL_RESULT_201" + }, + { + "Tuple4": "192.168.50.52.17376>151.101.194.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_ja3s_hash": "16c0b3e6a7b8173c16d944cfeaeee9cf", + "ssl_cert_version": "v3", + "ssl_cert_Issuer": "GlobalSign Atlas R3 OV TLS CA H2 2021;GlobalSign nv-sa;;;;;BE", + "ssl_cert_IssuerCN": "GlobalSign Atlas R3 OV TLS CA H2 2021", + "ssl_cert_IssuerO": "GlobalSign nv-sa", + "ssl_cert_IssuerC": "BE", + "ssl_cert_Sub": "sites.target.com;Target Corporation;;Minneapolis;;Minnesota;US", + "ssl_cert_SubCN": "sites.target.com", + "ssl_cert_SubO": "Target Corporation", + "ssl_cert_SubC": "US", + "ssl_cert_SubP": "Minnesota", + "ssl_cert_SubL": "Minneapolis", + "ssl_cert_SubAltName": "sites.target.com;affiliate.target.com;android.studioconnect.live;api.studioconnect.live;apollo-metrics.target.com;assethub.partnersonline.com;assethub.target.com;awesomeshop.target.com;bex.partnersonline.com;bex.target.com;cartster.target.com;cartwheel.target.com;cartwheelws-secure.target.com;circle.target.com;connect.roundel.com;connectedcommerce.target.com;corporate.target.com;developer.target.com;dojo.target.com;doppler.partnersonline.com;elevate.target.com;extgargantua.partnersonline.com;factorial.partnersonline.com;finds.target.com;gql.studioconnect.live;greenfield.partnersonline.com;greenfield.target.com;hrocdocrequest.target.com;iccon.target.com;incubator.target.com;india.target.com;ios.studioconnect.live;jira.target.com;launchpad.partnersonline.com;launchpad.target.com;leads.studioconnect.live;m.target.com;marketinghub.target.com;mercury.partnersonline.com;mickra.target.com;mickradashboard.target.com;mvs.partnersonline.com;mytime.target.com;nic.target;openhouse.target.com;opensource.target.com;osmosis.partnersonline.com;partnersonline.com;pcn.partnersonline.com;peg.partnersonline.com;photosubmission.target.com;pid.partnersonline.com;plus.target.com;pmworkorderadmin.partnersonline.com;poladmin.partnersonline.com;pop.partnersonline.com;qmp.partnersonline.com;qr.target.com;r2d2.target.com;rdmplus.target.com;recognize.target.com;redcard.target.com;redirect.studioconnect.live;rik.roundel.com;roundel.com;rubix.partnersonline.com;rubix.target.com;security.target.com;servicetech.target.com;sm.partnersonline.com;spark.partnersonline.com;spark.target.com;studioconnect.live;stylehub.target.com;synergy.partnersonline.com;target.com;targetmedianetwork.target.com;targetopenhouse.com;tepagent.target.com;tgt-files.target.com;tgtdriver.partnersonline.com;ti-event-prod.target.com;tiam.target.com;tiiam.target.com;tvi.partnersonline.com;viewpoint.target.com;weeklyad.target.com;www.partnersonline.com;www.roundel.com;www.target.com;www.targetopenhouse.com", + "ssl_cert_SerialNum": "0x012ede33fc9283773396e9b1ff995262", + "ssl_cert_AgID": "1.2.840.113549.1.1.11", + "ssl_cert_From": "210928164609Z", + "ssl_cert_To": "221030164608Z", + "ssl_cert_SSLFPAg": "1.2.840.113549.1.1.11", + "name": "SSL_RESULT_202" + }, + { + "Tuple4": "192.168.50.52.17384>220.181.174.102.443", + "ssl_sni": "securepubads.g.doubleclick.net", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "598872011444709307b861ae817a4b60", + "ssl_ja3s_hash": "2b0648ab686ee45e0e7c35fcfb0eea7e", + "name": "SSL_RESULT_203" + }, + { + "Tuple4": "192.168.50.52.17427>172.217.31.2.443", + "ssl_sni": "pagead2.googlesyndication.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "598872011444709307b861ae817a4b60", + "ssl_ja3s_hash": "2b0648ab686ee45e0e7c35fcfb0eea7e", + "name": "SSL_RESULT_204" + }, + { + "Tuple4": "192.168.50.52.17381>23.57.114.38.443", + "ssl_sni": "js-sec.indexww.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_ja3s_hash": "410b9bedaf65dd26c6fe547154d60db4", + "name": "SSL_RESULT_205" + }, + { + "Tuple4": "192.168.50.52.17432>220.181.174.102.443", + "ssl_sni": "securepubads.g.doubleclick.net", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "598872011444709307b861ae817a4b60", + "ssl_ja3s_hash": "2b0648ab686ee45e0e7c35fcfb0eea7e", + "name": "SSL_RESULT_206" + }, + { + "Tuple4": "192.168.50.52.17434>15.197.193.217.443", + "ssl_sni": "match.adsrvr.org", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_ja3s_hash": "8d2a028aa94425f76ced7826b1f39039", + "ssl_cert_version": "v3", + "ssl_cert_Issuer": "GlobalSign GCC R3 DV TLS CA 2020;GlobalSign nv-sa;;;;;BE", + "ssl_cert_IssuerCN": "GlobalSign GCC R3 DV TLS CA 2020", + "ssl_cert_IssuerO": "GlobalSign nv-sa", + "ssl_cert_IssuerC": "BE", + "ssl_cert_Sub": "*.adsrvr.org;;;;;;", + "ssl_cert_SubCN": "*.adsrvr.org", + "ssl_cert_SubAltName": "*.adsrvr.org;adsrvr.org", + "ssl_cert_SerialNum": "0x2ddaa6f359d4ce458fe983f1", + "ssl_cert_AgID": "1.2.840.113549.1.1.11", + "ssl_cert_From": "220331203750Z", + "ssl_cert_To": "230502203749Z", + "ssl_cert_SSLFPAg": "1.2.840.113549.1.1.11", + "name": "SSL_RESULT_207" + }, + { + "Tuple4": "192.168.50.52.17375>151.101.194.187.443", + "ssl_sni": "www.target.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_ja3s_hash": "16c0b3e6a7b8173c16d944cfeaeee9cf", + "ssl_cert_version": "v3", + "ssl_cert_Issuer": "GlobalSign Atlas R3 OV TLS CA H2 2021;GlobalSign nv-sa;;;;;BE", + "ssl_cert_IssuerCN": "GlobalSign Atlas R3 OV TLS CA H2 2021", + "ssl_cert_IssuerO": "GlobalSign nv-sa", + "ssl_cert_IssuerC": "BE", + "ssl_cert_Sub": "sites.target.com;Target Corporation;;Minneapolis;;Minnesota;US", + "ssl_cert_SubCN": "sites.target.com", + "ssl_cert_SubO": "Target Corporation", + "ssl_cert_SubC": "US", + "ssl_cert_SubP": "Minnesota", + "ssl_cert_SubL": "Minneapolis", + "ssl_cert_SubAltName": "sites.target.com;affiliate.target.com;android.studioconnect.live;api.studioconnect.live;apollo-metrics.target.com;assethub.partnersonline.com;assethub.target.com;awesomeshop.target.com;bex.partnersonline.com;bex.target.com;cartster.target.com;cartwheel.target.com;cartwheelws-secure.target.com;circle.target.com;connect.roundel.com;connectedcommerce.target.com;corporate.target.com;developer.target.com;dojo.target.com;doppler.partnersonline.com;elevate.target.com;extgargantua.partnersonline.com;factorial.partnersonline.com;finds.target.com;gql.studioconnect.live;greenfield.partnersonline.com;greenfield.target.com;hrocdocrequest.target.com;iccon.target.com;incubator.target.com;india.target.com;ios.studioconnect.live;jira.target.com;launchpad.partnersonline.com;launchpad.target.com;leads.studioconnect.live;m.target.com;marketinghub.target.com;mercury.partnersonline.com;mickra.target.com;mickradashboard.target.com;mvs.partnersonline.com;mytime.target.com;nic.target;openhouse.target.com;opensource.target.com;osmosis.partnersonline.com;partnersonline.com;pcn.partnersonline.com;peg.partnersonline.com;photosubmission.target.com;pid.partnersonline.com;plus.target.com;pmworkorderadmin.partnersonline.com;poladmin.partnersonline.com;pop.partnersonline.com;qmp.partnersonline.com;qr.target.com;r2d2.target.com;rdmplus.target.com;recognize.target.com;redcard.target.com;redirect.studioconnect.live;rik.roundel.com;roundel.com;rubix.partnersonline.com;rubix.target.com;security.target.com;servicetech.target.com;sm.partnersonline.com;spark.partnersonline.com;spark.target.com;studioconnect.live;stylehub.target.com;synergy.partnersonline.com;target.com;targetmedianetwork.target.com;targetopenhouse.com;tepagent.target.com;tgt-files.target.com;tgtdriver.partnersonline.com;ti-event-prod.target.com;tiam.target.com;tiiam.target.com;tvi.partnersonline.com;viewpoint.target.com;weeklyad.target.com;www.partnersonline.com;www.roundel.com;www.target.com;www.targetopenhouse.com", + "ssl_cert_SerialNum": "0x012ede33fc9283773396e9b1ff995262", + "ssl_cert_AgID": "1.2.840.113549.1.1.11", + "ssl_cert_From": "210928164609Z", + "ssl_cert_To": "221030164608Z", + "ssl_cert_SSLFPAg": "1.2.840.113549.1.1.11", + "name": "SSL_RESULT_208" + }, + { + "Tuple4": "192.168.50.52.17433>3.217.136.163.443", + "ssl_sni": "idx.liadm.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_ja3s_hash": "303951d4c50efb2e991652225a6f02b1", + "name": "SSL_RESULT_209" + }, + { + "Tuple4": "192.168.50.52.17437>3.217.136.163.443", + "ssl_sni": "idx.liadm.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "cd08e31494f9531f560d64c695473da9", + "ssl_ja3s_hash": "303951d4c50efb2e991652225a6f02b1", + "name": "SSL_RESULT_210" + }, + { + "Tuple4": "192.168.50.52.17544>142.250.207.74.443", + "ssl_sni": "content-autofill.googleapis.com", + "ssl_client_version": "TLS1.2", + "ssl_ja3_hash": "598872011444709307b861ae817a4b60", + "ssl_ja3s_hash": "2b0648ab686ee45e0e7c35fcfb0eea7e", + "name": "SSL_RESULT_211" + }, + { + "Tuple4": "192.168.50.57.54160>39.105.29.36.443", + "name": "SSL_RESULT_212" + }, + { + "Tuple4": "192.168.50.57.54162>39.105.29.36.443", + "name": "SSL_RESULT_213" + } +]
\ No newline at end of file diff --git a/test/ssl_decoder_test.cpp b/test/ssl_decoder_test.cpp index 1f82712..7a9fb23 100644 --- a/test/ssl_decoder_test.cpp +++ b/test/ssl_decoder_test.cpp @@ -10,6 +10,7 @@ extern "C" { #include "cJSON.h" +#include "yyjson/yyjson.h" #include "ssl_decoder.h" #include "toml/toml.h" @@ -25,17 +26,20 @@ extern "C" #define ssl_DECODER_TEST_TOML_PATH "./etc/ssl/ssl_decoder.toml" +struct ssl_decoder_test_context +{ + yyjson_mut_doc *doc; + yyjson_mut_val *ssl_object; +}; + struct ssl_decoder_test_plugin_env { int plugin_id; int topic_id; int result_index; int commit_result_enable; - int decode_resource_record_enable; - int export_resource_record_enable; }; -extern "C" void perf_resource_record_decode(struct ssl_message *ssl_msg); extern "C" int commit_test_result_json(cJSON *node, const char *name); void ssl_real_result_write_file(char *result_str) @@ -50,17 +54,86 @@ void ssl_real_result_write_file(char *result_str) void ssl_decoder_test_message_cb(struct session *ss, int topic_id, const void *msg, void *per_session_ctx, void *plugin_env_str) { + struct ssl_message *ssl_msg=(struct ssl_message *)msg; + if(ssl_msg==NULL) + { + return; + } + + struct ssl_decoder_test_context *per_ss_ctx=(struct ssl_decoder_test_context *)per_session_ctx; + enum ssl_message_type msg_type=ssl_message_type_get(ssl_msg); + switch(msg_type) + { + case SSL_MESSAGE_CLIENT_HELLO: + { + yyjson_mut_obj_add_str(per_ss_ctx->doc ,per_ss_ctx->ssl_object, "ssl_client_version", ssl_message_readable_version_get0(ssl_msg)); + + char *sni=NULL; + size_t sni_sz=0; + ssl_message_sni_get0(ssl_msg, &sni, &sni_sz); + yyjson_mut_obj_add_strn(per_ss_ctx->doc ,per_ss_ctx->ssl_object, "ssl_sni", sni, sni_sz); + + char *ja3=NULL; + size_t ja3_sz=0; + ssl_message_ja3hash_get0(ssl_msg, &ja3, &ja3_sz); + yyjson_mut_obj_add_strn(per_ss_ctx->doc ,per_ss_ctx->ssl_object, "ssl_ja3_hash", ja3, ja3_sz); + + int32_t esni_flag=ssl_message_esni_is_true(ssl_msg); + yyjson_mut_obj_add_int(per_ss_ctx->doc ,per_ss_ctx->ssl_object, "ssl_esni", esni_flag); + + int32_t ech_flag=ssl_message_ech_is_true(ssl_msg); + yyjson_mut_obj_add_int(per_ss_ctx->doc ,per_ss_ctx->ssl_object, "ssl_ech", ech_flag); + } + break; + case SSL_MESSAGE_SERVER_HELLO: + { + yyjson_mut_obj_add_str(per_ss_ctx->doc ,per_ss_ctx->ssl_object, "ssl_server_version", ssl_message_readable_version_get0(ssl_msg)); + + char *ja3s=NULL; + size_t ja3s_sz=0; + ssl_message_ja3shash_get0(ssl_msg, &ja3s, &ja3s_sz); + yyjson_mut_obj_add_strn(per_ss_ctx->doc ,per_ss_ctx->ssl_object, "ssl_ja3s_hash", ja3s, ja3s_sz); + } + break; + case SSL_MESSAGE_CERTIFICATE: + break; + case SSL_PROTECTED_PAYLOAD: + break; + default: + break; + } } -void *ssl_decoder_test_per_session_context_new(struct session *sess, void *plugin_env) +void *ssl_decoder_test_per_session_context_new(struct session *ss, void *plugin_env) { - return NULL; + struct ssl_decoder_test_context *per_ss_ctx=(struct ssl_decoder_test_context *)calloc(1, sizeof(struct ssl_decoder_test_context)); + per_ss_ctx->doc=yyjson_mut_doc_new(0); + per_ss_ctx->ssl_object=yyjson_mut_obj(per_ss_ctx->doc); + + return (void *)per_ss_ctx; } -void ssl_decoder_test_per_session_context_free(struct session *sess, void *session_ctx, void *plugin_env) +void ssl_decoder_test_per_session_context_free(struct session *ss, void *per_session_ctx, void *plugin_env_str) { + struct ssl_decoder_test_plugin_env *plugin_env=(struct ssl_decoder_test_plugin_env *)plugin_env_str; + struct ssl_decoder_test_context *per_ss_ctx=(struct ssl_decoder_test_context *)per_session_ctx; + if(per_ss_ctx==NULL) + { + return; + } + yyjson_mut_doc_set_root(per_ss_ctx->doc, per_ss_ctx->ssl_object); + char *json_str=yyjson_mut_write(per_ss_ctx->doc, 0, 0); + yyjson_mut_doc_free(per_ss_ctx->doc); + + char result_name[16]=""; + sprintf(result_name, "SSL_RESULT_%d", plugin_env->result_index++); + cJSON *real_result=cJSON_Parse(json_str); + commit_test_result_json(real_result, result_name); + + free(json_str); + free(per_ss_ctx); } int32_t ssl_decoder_test_config_load(const char *cfg_path, struct ssl_decoder_test_plugin_env *plugin_env) @@ -125,62 +198,6 @@ int32_t ssl_decoder_test_config_load(const char *cfg_path, struct ssl_decoder_te } } - toml_table_t *perf_tbl=toml_table_in(test_tbl, "perf"); - if(NULL==perf_tbl) - { - fprintf(stderr, "[%s:%d] config file: %s has no key: [decoder.ssl.test.perf]", __FUNCTION__, __LINE__, cfg_path); - toml_free(root); - return -1; - } - - // decode_resource_record_enable - toml_datum_t decode_resource_record_enable_val=toml_string_in(perf_tbl, "decode_resource_record_enable"); - if(decode_resource_record_enable_val.ok==0) - { - plugin_env->decode_resource_record_enable=0; - fprintf(stderr, "[%s:%d] config file: %s has no key: [decoder.ssl.test.decode_resource_record_enable]", __FUNCTION__, __LINE__, cfg_path); - } - else - { - if(memcmp("no", decode_resource_record_enable_val.u.s, strlen("no"))==0) - { - plugin_env->decode_resource_record_enable=0; - } - else if(memcmp("yes", decode_resource_record_enable_val.u.s, strlen("yes"))==0) - { - plugin_env->decode_resource_record_enable=1; - } - else - { - plugin_env->decode_resource_record_enable=1; - fprintf(stderr, "[%s:%d] config file: %s key: [decoder.ssl.test.decode_resource_record_enable] value is not yes or no", __FUNCTION__, __LINE__, cfg_path); - } - } - - // export_resource_record_enable - toml_datum_t export_resource_record_enable_val=toml_string_in(perf_tbl, "export_resource_record_enable"); - if(export_resource_record_enable_val.ok==0) - { - plugin_env->export_resource_record_enable=0; - fprintf(stderr, "[%s:%d] config file: %s has no key: [decoder.ssl.test.export_resource_record_enable]", __FUNCTION__, __LINE__, cfg_path); - } - else - { - if(memcmp("no", export_resource_record_enable_val.u.s, strlen("no"))==0) - { - plugin_env->export_resource_record_enable=0; - } - else if(memcmp("yes", export_resource_record_enable_val.u.s, strlen("yes"))==0) - { - plugin_env->export_resource_record_enable=1; - } - else - { - plugin_env->export_resource_record_enable=1; - fprintf(stderr, "[%s:%d] config file: %s key: [decoder.ssl.test.export_resource_record_enable] value is not yes or no", __FUNCTION__, __LINE__, cfg_path); - } - } - toml_free(root); return ret; |