General

Profile

Mats Klepsland

Issues

Projects

Activity

08/09/2017

04:04 PM Suricata Feature #2192: JA3 TLS client fingerprinting
JA3 looks cool. It would probably not be that much job to add it. I'll be willing to implement it. I'm thinking:
* ...

08/03/2017

07:41 AM Suricata Revision 23f8cc4a: app-layer-tls: don't decode client certificates
Decoding client certificate overwrites the validity dates from the
server certificate, so we therefore don't decode i...

05/08/2017

03:43 AM Suricata Revision 72c75743: app-layer: add decoder event for missing TLS after STARTTLS
03:43 AM Suricata Revision 11b9e6fd: app-layer-ftp: add STARTTLS support
03:43 AM Suricata Revision 8125f78f: app-layer-ftp: detect FTP alproto when using AUTH TLS
Try to detect FTP using the patterns '220 (' and 'FEAT', since 'USER '
and 'PASS ' are not sent in cleartext when usi...
03:43 AM Suricata Revision 74aa6507: output-json-tls: log 'from_proto' field
Log the original application level protocol when protocol have been
changed because of STARTTLS, HTTP CONNECT or simi...
03:43 AM Suricata Revision e8800b18: app-layer-smtp: add STARTTLS support
03:43 AM Suricata Revision b6c2b705: app-layer-htp: add HTTP CONNECT support
03:43 AM Suricata Revision b8d13f35: app-layer: support changing flow alproto
Support changing the application level protocol for a flow. This is
needed by STARTTLS and HTTP CONNECT to switch fro...

04/06/2017

09:19 AM Suricata Revision 8b9f84bf: doc: add documentation for date modifiers in eve-log

Also available in: Atom