Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-07 00:58:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
16116 commits 387 branches 195 tags 259 MiB
Commit graph

1465 commits

Author SHA1 Message Date
Robin Sommer
0ba6bec710 Merge remote-tracking branch 'origin/topic/johanna/irc-starttls' 
* origin/topic/johanna/irc-starttls:
  StartTLS support for IRC

BIT-1513 #merged
 2015-12-18 11:20:59 -08:00
Jan Grashoefer
6f891ca2ff Added test-case for intel framework matching email 
Addresses #1507
 2015-12-16 14:51:02 +01:00
Johanna Amann
da9b5425e4 Merge remote-tracking branch 'origin/master' into topic/johanna/ocsp 2015-12-14 16:05:41 -08:00
Robin Sommer
9d7ec6b6d2 Merge branch 'master' of https://github.com/aeppert/bro 
Cleaned up the surrounding code a bit and also added '[' as another
case (not sure that can happen, but doesn't hurt eihter).

* 'master' of https://github.com/aeppert/bro:
  Whitespace
  Remove
  Remove.
  Fix for JSON formatter
  A fatal error, especially in DEBUG, should result in a core.
  Seems to fix a case where an entry in the table may be null on insert.
 2015-10-26 16:52:47 -07:00
Robin Sommer
a1c0d9d91c Merge remote-tracking branch 'origin/topic/johanna/tls_early_alert' 
* origin/topic/johanna/tls_early_alert:
  Extend ssl dpd signature to allow alert before server_hello.

BIT-1496 #merged
 2015-10-23 14:04:43 -07:00
Robin Sommer
c151a25843 Fix support for HTTP connect when server adds headers to response. 
Patch by Eric Karasuda.

I slightly tweaked the patch to not need a new member variable. Also
turned the provided trace into a test case.
 2015-10-23 13:10:33 -07:00
Johanna Amann
401e6c9102 Extend ssl dpd signature to allow alert before server_hello. 
The alert in this case is caused by the server name in the SNI not being
recognized by the server, which triggers an alert. Since the server is
an apache, and this might happen reasonably often, the new signature
allows one TLS alert before the server hello is expected.
 2015-10-22 13:36:21 -07:00
Johanna Amann
77c79bd010 Load static CA list for validation tests too. 
This fixes test failures in some cases (and should protect against future test failures).
 2015-10-02 15:12:32 -04:00
Johanna Amann
0e0dd9a5f7 Remove cluster certificate validation script for the moment. 
Since we always have wallclock time in --pseudo-realtime, there
currently is no way to make this test reliable.
 2015-10-02 11:32:15 -07:00
Johanna Amann
630e9f22d2 Merge remote-tracking branch 'origin/master' into topic/dnthayer/ticket1467 2015-10-02 11:31:00 -07:00
Johanna Amann
a052dc4e35 Fix offset=-1 (eof) for raw reader 
Addresses BIT-1479
 2015-09-16 15:16:04 -07:00
Daniel Thayer
4788e4e715 Fix some test canonifiers in scripts/policy/protocols/ssl 2015-08-22 21:56:55 -05:00
Liang Zhu
1989f34a0a add parsing certificates in OCSP responses 2015-08-18 19:35:43 -07:00
Liang Zhu
adbc0b1eaf Merge remote-tracking branch 'origin/master' into topic/liangzhu/analyzer-ocsp 2015-08-05 17:15:09 -07:00
Liang Zhu
1abd41c413 copy paste error 2015-07-31 13:50:48 -07:00
Liang Zhu
61f7276c80 parse revocation time and reason in ocsp response 2015-07-31 13:39:25 -07:00
Robin Sommer
46e584daa2 Adding tests for Flash version parsing and plugin detection. 
(The plugin detection isn't testing the Chrome behaviour actually,
don't have a trace for that.)
 2015-07-30 07:23:14 -07:00
Johanna Amann
5a8eac521c StartTLS support for IRC 2015-07-29 11:47:59 -07:00
Liang Zhu
e9f028be4c Merge remote-tracking branch 'origin/master' into topic/liangzhu/analyzer-ocsp 2015-07-28 13:47:21 -07:00
Johanna Amann
7c71eca7d0 Merge remote-tracking branch 'origin/master' into topic/johanna/netcontrol 2015-07-27 14:49:38 -07:00
Robin Sommer
632ac4bc88 Merge branch 'master' of git.bro.org:bro 2015-07-24 15:05:22 -07:00
Johanna Amann
5ffe76f336 Slightly earlier protocol confirmation for pop3. 
This allows, e.g. pop3 sessions that are upgraded via STLS to be
properly marked as such.
 2015-07-23 16:55:02 -07:00
Johanna Amann
7f2087af34 also generate an event when starttls is encounterd for imap. 2015-07-23 12:37:40 -07:00
Johanna Amann
1933299543 Add support of getting server capabilities to IMAP parser. 2015-07-23 11:15:57 -07:00
Aaron Brown
ba1facb6c3 Copy-paste issue 2015-07-22 14:19:36 -04:00
Aaron Brown
f29dbb90a5 Allow for logging of the VLAN data about a connection in conn.log 2015-07-22 14:13:17 -04:00
Johanna Amann
4a5737708c Basic IMAP StartTLS analyzer. 
Parses certificates out of imap connections using StartTLS. Aborts
processing if StartTLS is not found.
 2015-07-22 10:35:49 -07:00
Liang Zhu
62225d5f5f Merge remote-tracking branch 'origin/master' into topic/liangzhu/analyzer-ocsp 2015-07-21 18:40:45 -07:00
Johanna Amann
0b897c70da Add xmpp dpd sig and fix a few parsing problems for connections that do 
not upgrade to TLS.
 2015-07-21 13:20:35 -07:00
Johanna Amann
574bcb0a51 Add simple XMPP StartTLS analyzer. 
This is a very simple XMPP analyzer that basically only can parse the
protocol until the client and server start negotiating a TLS session. At
that point, the TLS analyzer is attached.

While the basic case seems to be working, I fully expect that I missed
something and that this might break in a lot of cases.
 2015-07-21 12:18:14 -07:00
Johanna Amann
0d9869a2aa (Hopefully) fix race condition between trace and intel file. 2015-07-15 09:14:36 -07:00
Liang Zhu
fc35ab9bf5 add a btest for ocsp http get 2015-07-15 01:30:46 -07:00
Liang Zhu
545848d906 add parameter 'status_type' to event ssl_stapled_ocsp 2015-07-08 14:11:14 -07:00
Johanna Amann
0e213352d7 Rename Pacf to NetControl 2015-07-08 12:34:42 -07:00
Johanna Amann
eb9fbd1258 Merge remote-tracking branch 'origin/master' into topic/johanna/openflow 2015-07-08 12:15:09 -07:00
Liang Zhu
da122a6a14 Merge remote-tracking branch 'origin/master' into topic/liangzhu/analyzer-ocsp 2015-07-02 16:48:51 -07:00
Liang Zhu
de17c12656 add btest for ocsp-stapling logging 2015-07-02 14:51:07 -07:00
Robin Sommer
264a824fcc Merge remote-tracking branch 'origin/topic/seth/deflate-missing-headers-fix' 
I've changed the dynamic allocation of the unzipbuf back to stack
allocation, hope I'm not not missing the reason for doing that ...

* origin/topic/seth/deflate-missing-headers-fix:
  Fixes an issue with missing zlib headers on deflated HTTP content.

BIT-1399 #merged
 2015-06-28 12:23:36 -07:00
Robin Sommer
ffa254acd0 Merge remote-tracking branch 'origin/topic/seth/modbus_dpd_fix' 
* origin/topic/seth/modbus_dpd_fix:
  Call ProtocolConfirmed on modbus
 2015-06-19 14:08:13 -07:00
Liang Zhu
d1c568663c add btest and fix bug 2015-06-19 09:37:10 -07:00
Seth Hall
7d105935b1 Call ProtocolConfirmed on modbus 
After a PDU is successfully parsed from both sides of a
modbus connection we're now declaring the protocol confirmed.

A small extension to the modbus/events test was added to verify
that "modbus" was identified in the service field in conn.log.
 2015-06-19 07:00:38 -04:00
Johanna Amann
cedb80ff74 implement quarantine 2015-06-04 16:21:30 -07:00
Johanna Amann
ee645dfce9 Acld implementation for Pacf - Bro side. 
Still needs a few small fixes to deal with the fact that acld does not
always accept subnets.
 2015-06-03 11:06:01 -07:00
Johanna Amann
f88a1337c0 add basic catch-and-release functionality (without own logging so far). 2015-06-02 15:04:11 -07:00
Johanna Amann
1439c244fc add hook to pacf that allows users to modify all rules or implement 
whitelists or similar.
 2015-06-02 14:23:25 -07:00
Johanna Amann
ed40855152 add support for multiple backends with same priority 2015-06-02 12:34:44 -07:00
Vlad Grigorescu
847b16442b BIT-1410: Add btest 2015-06-01 20:49:04 -05:00
Johanna Amann
ae18062761 add whitelist and redirect high-level functions 2015-06-01 15:57:58 -07:00
Seth Hall
097354a43f Updates for the urls.bro script. Fixes BIT-1404. 2015-06-01 11:38:26 -04:00
Johanna Amann
99dcb40c67 Clusterize pacf 
This changes the type of user-exposed IDs from counts to strings.
Also makes the init functions work for the first time.
 2015-05-27 18:01:53 -07:00