Implement sni-detection brute for QUIC

This commit is contained in:
Vadim Vetrov 2025-01-04 17:47:49 +03:00
parent 60e33318cb
commit e98bb5ecad
No known key found for this signature in database
GPG Key ID: E8A308689D7A73A5
3 changed files with 19 additions and 4 deletions

View File

@ -391,9 +391,13 @@ pl_incr:
}
out:
if (section->sni_detection == SNI_DETECTION_BRUTE) {
ret = bruteforce_analyze_sni_str(section, crypto_message, crypto_message_len, &tlsv);
} else {
ret = analyze_tls_message(
section, crypto_message, crypto_message_len, &tlsv
);
}
free(crypto_message);
return tlsv;

View File

@ -28,11 +28,13 @@
#include <unistd.h>
#endif
static int bruteforce_analyze_sni_str(
int bruteforce_analyze_sni_str(
const struct section_config_t *section,
const uint8_t *data, size_t dlen,
struct tls_verdict *vrd
) {
*vrd = (struct tls_verdict){0};
if (section->all_domains) {
vrd->target_sni = 1;
vrd->sni_len = 0;

View File

@ -55,6 +55,15 @@ int analyze_tls_message(
struct tls_verdict *tlsv
);
/**
* Tries to bruteforce over the packet and match domains as plain text
*/
int bruteforce_analyze_sni_str(
const struct section_config_t *section,
const uint8_t *data, size_t dlen,
struct tls_verdict *vrd
);
/**
* Processes the packet and finds TLS Client Hello information inside it.