mirror of
https://github.com/zeek/zeek.git
synced 2025-10-16 05:28:20 +00:00
Merge remote-tracking branch 'origin/topic/seth/rdp'
* origin/topic/seth/rdp: (31 commits) Improved transition into SSL/TLS from RDP. Fixes tests in RDP branch. add a special case to the X509 code that deals with RDP certificates. A few more changes to handling encryption in RDP. Adds some comments and fixes a broxygen warning. Fixes another optional part of an RDP unit. Support RDP negotiation requests optionally and support zero length cookies. Changed UTF-16 to UTF-8 conversion to be more lenient. Fixed an issue with parse failure on an optional field. Removing a stray printf from RDP analyzer. Another big RDP update. New script to add a field to rdp.log when the connection is upgraded to SSL. Huge updates to the RDP analyzer from Josh Liburdi. FreeRDP test trace showing SSL encryption -- RDP analyzer does not currently handle this and SSL analyzer does not identify it either Wireshark test trace for native encryption -- generates a binpac error Delete RDP-004.pcap Delete nla_win7_win2k8r2.pcap Update dpd.sig Fixed typo Added check for connection existence ... BIT-1340 #merged
This commit is contained in:
commit
32ae94de9a
45 changed files with 3048 additions and 373 deletions
39
src/analyzer/protocol/rdp/RDP.h
Normal file
39
src/analyzer/protocol/rdp/RDP.h
Normal file
|
@ -0,0 +1,39 @@
|
|||
#ifndef ANALYZER_PROTOCOL_RDP_RDP_H
|
||||
#define ANALYZER_PROTOCOL_RDP_RDP_H
|
||||
|
||||
#include "events.bif.h"
|
||||
|
||||
|
||||
#include "analyzer/protocol/tcp/TCP.h"
|
||||
#include "analyzer/protocol/pia/PIA.h"
|
||||
|
||||
#include "rdp_pac.h"
|
||||
|
||||
namespace analyzer { namespace rdp {
|
||||
|
||||
class RDP_Analyzer : public tcp::TCP_ApplicationAnalyzer {
|
||||
|
||||
public:
|
||||
RDP_Analyzer(Connection* conn);
|
||||
virtual ~RDP_Analyzer();
|
||||
|
||||
// Overriden from Analyzer.
|
||||
virtual void Done();
|
||||
|
||||
virtual void DeliverStream(int len, const u_char* data, bool orig);
|
||||
virtual void Undelivered(uint64 seq, int len, bool orig);
|
||||
virtual void EndpointEOF(bool is_orig);
|
||||
|
||||
static analyzer::Analyzer* InstantiateAnalyzer(Connection* conn)
|
||||
{ return new RDP_Analyzer(conn); }
|
||||
|
||||
protected:
|
||||
binpac::RDP::RDP_Conn* interp;
|
||||
|
||||
bool had_gap;
|
||||
pia::PIA_TCP *pia;
|
||||
};
|
||||
|
||||
} } // namespace analyzer::*
|
||||
|
||||
#endif
|
Loading…
Add table
Add a link
Reference in a new issue