Add new features from other branch to the heartbleed-detector (and clean them up).

We should now quite reliably detect scans/attacks, even when encrypted and not succesful.
2025-10-16 21:48:21 +00:00 · 2014-05-14 15:42:27 -07:00 · 2014-05-14 15:42:27 -07:00 · f0b244b8b0
commit f0b244b8b0
parent 9014629a7d
9 changed files with 179 additions and 22 deletions
--- a/testing/btest/scripts/policy/protocols/ssl/heartbleed.bro
+++ b/testing/btest/scripts/policy/protocols/ssl/heartbleed.bro
@ -6,8 +6,16 @@
 # @TEST-EXEC: mv notice.log notice-heartbleed-success.log
 # @TEST-EXEC: btest-diff notice-heartbleed-success.log

-# @TEST-EXEC: bro -C -r $TRACES/tls/heartbleed-encrypted-success.pcap %INPUT
+# @TEST-EXEC: bro -C -r $TRACES/tls/heartbleed-encrypted.pcap %INPUT
 # @TEST-EXEC: mv notice.log notice-encrypted.log
 # @TEST-EXEC: btest-diff notice-encrypted.log

+# @TEST-EXEC: bro -C -r $TRACES/tls/heartbleed-encrypted-success.pcap %INPUT
+# @TEST-EXEC: mv notice.log notice-encrypted-success.log
+# @TEST-EXEC: btest-diff notice-encrypted-success.log
+
+# @TEST-EXEC: bro -C -r $TRACES/tls/heartbleed-encrypted-short.pcap %INPUT
+# @TEST-EXEC: mv notice.log notice-encrypted-short.log
+# @TEST-EXEC: btest-diff notice-encrypted-short.log
+
@load protocols/ssl/heartbleed