Suricata x Moloch - protocol detection. Proposals for TLS/SSL
At this moment moloch shows only TLS version, negotiated cipher and some certificate data.
Previous task version
The Illustrated TLS Connection
For Suricata TLS plugin I suggest to include this values in the moloch screen
Client Hello - Cipher Suites proposals, Compression Methods, Extension - Supported Groups, Extension - EC Point Formats, Extension - Signature Algorithms, Extension - Renegotiation Info, Diffie-Hellman server parameters proposals
Server Hello - Cipher Suite, Compression Method, Diffie-Hellman server parameters (signal-Screenshot_20190327_212101.png)
Server Key Exchange - Curve Info, Public Key, Signature
I will try to find similar illustrated guide for IKEvX and SSH and describe similar proposals for IKEv1, IKEv2, IKEv3 and SSH.
Updated by Andreas Herz about 3 years ago
- Assignee changed from Community Ticket to Michal Vymazal
The necessary steps are explained in https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Contributing and https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricata_Developers_Guide feel free to ask if you have any specific questions. You can also look at our github page https://github.com/OISF/suricata and see how we work with PRs.
Updated by Michal Vymazal about 3 years ago
Suricata code location - Moloch, Suricata plugins
I will be glad to cooperate on this projects
But, I can't locate the right part of the code in the repository (means Moloch and Suricata plugins)
Can you give me a contact to a responsible person, who will help me to
find the right part of Suricata plugin and Moloch code?
Thank you very much
Updated by Michal Vymazal over 2 years ago
- File Screenshot_20191123_095533-2.png Screenshot_20191123_095533-2.png added
- File Screenshot_20191123_095432.png Screenshot_20191123_095432.png added
The code should be located in Moloch-Suricata plugins