Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-10 10:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
9987 commits 390 branches 195 tags 268 MiB
Commit graph

2519 commits

Author SHA1 Message Date
Liang Zhu
1989f34a0a add parsing certificates in OCSP responses 2015-08-18 19:35:43 -07:00
Liang Zhu
12c68f197c Merge remote-tracking branch 'origin/master' into topic/liangzhu/analyzer-ocsp 2015-08-18 16:00:59 -07:00
Daniel Thayer
7b6ab180b6 Fix typo in documentation of a field in connection record 2015-08-17 14:58:22 -05:00
Robin Sommer
ac5c4f117f Removing the yielding_teredo_decapsulation option. 
With the more precise Teredo option, it seems no longer needed, and it
was a bit of a fragile mechanism to begin with.
 2015-08-14 08:36:16 -07:00
Robin Sommer
a9867c706d Make Teredo DPD signature more precise. 
Contributed by Martina Balint in https://github.com/bro/bro/pull/39.

(I didn't merge the github branch, as that has some more stuff in its
history. Instead I applied the single-line change directly.)
 2015-08-12 17:16:09 -07:00
Kris Nielander
d8c9b7255e Allow Bro to run in fanout mode. 2015-08-09 22:45:23 +02:00
Kris Nielander
f5429ee794 Allow libpcap buffer size to be set manually. 2015-08-09 22:45:09 +02:00
Liang Zhu
adbc0b1eaf Merge remote-tracking branch 'origin/master' into topic/liangzhu/analyzer-ocsp 2015-08-05 17:15:09 -07:00
Jan Grashoefer
55dc982a33 Update calls of Base64 functions. 
Base64 encoding-errors during authentication in POP3 analyzer,
authentication in FTP analyzer (using GSI) and basic
authentication on HTTP will be logged to Weird.
 2015-08-05 11:33:57 +02:00
Robin Sommer
4c2aa804e1 Merge branch 'master' of https://github.com/albertzaharovits/bro 
* 'master' of https://github.com/albertzaharovits/bro:
  Appended smtp.trace with CC: header baseline test
  SMTP logs include CC: addresses [BIT-1429]
 2015-07-31 08:56:39 -07:00
Liang Zhu
5d168792ee deal with bug url 2015-07-28 16:20:38 -07:00
Liang Zhu
e9f028be4c Merge remote-tracking branch 'origin/master' into topic/liangzhu/analyzer-ocsp 2015-07-28 13:47:21 -07:00
Johanna Amann
7c71eca7d0 Merge remote-tracking branch 'origin/master' into topic/johanna/netcontrol 2015-07-27 14:49:38 -07:00
Robin Sommer
ba10115181 Merge branch 'topic/jgras/flash-detection' of https://github.com/J-Gras/bro 
Switching from using the http_all_headers() event to
http_message_done(). That delays it a bit, but is the less expensive
event.

* 'topic/jgras/flash-detection' of https://github.com/J-Gras/bro:
  Updated detection of Flash and AdobeAIR.
 2015-07-27 11:05:49 -07:00
Albert Zaharovits
b4e8a44630 SMTP logs include CC: addresses [BIT-1429] 2015-07-26 22:08:43 +03:00
Jan Grashoefer
b765c95d6e Updated detection of Flash and AdobeAIR. 2015-07-24 14:33:53 +02:00
Liang Zhu
49c570593a check value before assign 2015-07-23 15:46:23 -07:00
Robin Sommer
fb848f795d Merge branch 'master' of https://github.com/aaronmbr/bro 
* 'master' of https://github.com/aaronmbr/bro:
  Copy-paste issue
  Allow for logging of the VLAN data about a connection in conn.log
  Save the inner vlan in the Packet object for Q-in-Q setups
 2015-07-23 13:05:28 -07:00
Aaron Brown
f29dbb90a5 Allow for logging of the VLAN data about a connection in conn.log 2015-07-22 14:13:17 -04:00
Johanna Amann
4a5737708c Basic IMAP StartTLS analyzer. 
Parses certificates out of imap connections using StartTLS. Aborts
processing if StartTLS is not found.
 2015-07-22 10:35:49 -07:00
Liang Zhu
cea1b62a9a small bug fix 2015-07-21 23:38:56 -07:00
Liang Zhu
62225d5f5f Merge remote-tracking branch 'origin/master' into topic/liangzhu/analyzer-ocsp 2015-07-21 18:40:45 -07:00
Liang Zhu
462f6608a8 log the time for server first encrypted application data 2015-07-21 14:44:33 -07:00
Johanna Amann
0b897c70da Add xmpp dpd sig and fix a few parsing problems for connections that do 
not upgrade to TLS.
 2015-07-21 13:20:35 -07:00
Johanna Amann
574bcb0a51 Add simple XMPP StartTLS analyzer. 
This is a very simple XMPP analyzer that basically only can parse the
protocol until the client and server start negotiating a TLS session. At
that point, the TLS analyzer is attached.

While the basic case seems to be working, I fully expect that I missed
something and that this might break in a lot of cases.
 2015-07-21 12:18:14 -07:00
Robin Sommer
358f3bfe84 Merge branch 'topic/robin/rework-packets-merge' 2015-07-21 08:32:08 -07:00
Liang Zhu
5f2cb840d7 add user_agent to ocsp-to-match log 2015-07-20 16:55:19 -07:00
Liang Zhu
fa654121ec fix url parsing bug 2015-07-20 15:46:21 -07:00
Liang Zhu
b4fce308f0 minor change to deal with empty request 2015-07-18 19:36:47 -07:00
Liang Zhu
4e8d15d8d1 small bug fix 2015-07-18 01:53:28 -07:00
Liang Zhu
0c3b03ac8d log original uri and fix GET url parsing 2015-07-18 01:06:31 -07:00
Liang Zhu
6c9b49a5d7 fix a bug for ocsp-ssl-split.bro 2015-07-17 16:00:18 -07:00
Robin Sommer
fe3579f1b4 Merge branch 'topic/rework-packets' of https://github.com/jsbarber/bro 
* 'topic/rework-packets' of https://github.com/jsbarber/bro:
  One more tinker to Packet -- ensure no uninitialized values
  Packet::IP()-created IP_Hdr should not free
  Make enums work for non-C++11 config
  Refactor to make bro use a common Packet object. Do a better job of parsing layer 2 and keeping track of layer 3 proto. Add support for raw packet event, including Layer2 headers.

Conflicts:
	aux/plugins
 2015-07-17 12:56:04 -07:00
Liang Zhu
569e637eb1 small changes for parsing GET url 2015-07-16 19:31:58 -07:00
Liang Zhu
d20925f230 make parsing GET url more robust 2015-07-16 19:07:13 -07:00
Liang Zhu
cb0aa7725e fix a few bug for logging 2015-07-16 18:20:57 -07:00
Liang Zhu
00a0313967 fix a bug for parsing OCSP Get request 2015-07-16 18:10:05 -07:00
Johanna Amann
5f07268805 Small changes to iana tls registry. 2015-07-16 16:40:35 -07:00
Liang Zhu
f0c642cd25 update logging for ocsp and baseline 2015-07-15 13:31:41 -07:00
Liang Zhu
fb757d96a6 clean up ocsp/main.bro 2015-07-15 10:39:46 -07:00
Liang Zhu
c2f1c428f0 fix a bug and update baseline 2015-07-15 01:06:12 -07:00
Liang Zhu
01094bfc43 add parsing ocsp request in get url 2015-07-15 00:40:39 -07:00
Liang Zhu
1f5a7aecbc change log schema for ocsp-ssl-split.bro 2015-07-13 15:23:56 -07:00
Liang Zhu
9553c8aefc separated logging for ocsp and ssl 2015-07-12 13:52:26 -07:00
Liang Zhu
406fec9ef4 potentially fix a memory problem ocsp-measurement 2015-07-09 11:56:58 -07:00
Liang Zhu
6947387522 add status_type to ocsp stapling log 2015-07-08 14:21:53 -07:00
Liang Zhu
545848d906 add parameter 'status_type' to event ssl_stapled_ocsp 2015-07-08 14:11:14 -07:00
Johanna Amann
0e213352d7 Rename Pacf to NetControl 2015-07-08 12:34:42 -07:00
Johanna Amann
eb9fbd1258 Merge remote-tracking branch 'origin/master' into topic/johanna/openflow 2015-07-08 12:15:09 -07:00
Liang Zhu
e2c30f0005 record more timestamp for ocsp measurement 2015-07-06 17:52:13 -07:00