Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-16 13:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Add documentation, consts and tests for the new events.

Browse source 
This also fixes the heartbleed detector to work for encrypted attacks in this
branch again. It stopped working, because the SSL analyzer now successfully detects
established connections, and the scripts usually disable analyzing after that.

(The heartbeat branch should not have been affected)
This commit is contained in:
Bernhard Amann 2014-04-24 12:05:21 -07:00
parent 4ae52d9e1c
commit 9b7eb293f1
15 changed files with 244 additions and 61 deletions
Download patch file Download diff file Expand all files Collapse all files

26
testing/btest/scripts/base/protocols/ssl/tls-extension-events.test Normal file
View file

@ -0,0 +1,26 @@
# @TEST-EXEC: bro -C -r $TRACES/tls/chrome-34-google.trace %INPUT
# @TEST-EXEC: btest-diff .stdout
event ssl_extension_elliptic_curves(c: connection, is_orig: bool, curves: index_vec)
{
print "Curves", c$id$orig_h, c$id$resp_h;
for ( i in curves )
print SSL::ec_curves[curves[i]];
}
event ssl_extension_ec_point_formats(c: connection, is_orig: bool, point_formats: index_vec)
{
print "Point formats", c$id$orig_h, c$id$resp_h, is_orig;
for ( i in point_formats )
print SSL::ec_point_formats[point_formats[i]];
}
event ssl_extension_application_layer_protocol_negotiation(c: connection, is_orig: bool, protocols: string_vec)
{
print "ALPN", c$id$orig_h, c$id$resp_h, protocols;
}
event ssl_extension_server_name(c: connection, is_orig: bool, names: string_vec)
{
print "server_name", c$id$orig_h, c$id$resp_h, names;
}