master
Jean-Louis Huynen 2019-03-29 10:14:08 +01:00
parent 1e7973bd78
commit bd396938d4
1 changed files with 13 additions and 11 deletions

View File

@ -139,7 +139,7 @@ Depends on libpcap.
\begin{frame}[fragile] \begin{frame}[fragile]
\frametitle{sensor-d4-tls-fingerprinting - d4 client} \frametitle{sensor-d4-tls-fingerprinting | d4 client}
Required setting: Required setting:
\begin{itemize} \begin{itemize}
\item type should be set to 2 or 254 \item type should be set to 2 or 254
@ -164,7 +164,7 @@ Depends on libpcap.
\end{frame} \end{frame}
\begin{frame}[fragile] \begin{frame}[fragile]
\frametitle{sensor-d4-tls-fingerprinting - d4 worker} \frametitle{sensor-d4-tls-fingerprinting - ja3-jl worker}
\input{worker.tex} \input{worker.tex}
\begin{itemize} \begin{itemize}
\item processes each reassembled JSON description, \item processes each reassembled JSON description,
@ -175,24 +175,26 @@ Depends on libpcap.
\end{frame} \end{frame}
\begin{frame}[fragile] \begin{frame}[fragile]
\frametitle{sensor-d4-tls-fingerprinting - d4 analyzer} \frametitle{sensor-d4-tls-fingerprinting - ja3-jl analyzer}
(Proof of Concept) (Proof of Concept) \\
\vspace{.8cm}
Populates a database:
\begin{itemize} \begin{itemize}
\item LPOP a redis list populated by the worker \item LPOP a redis list populated by the worker
\item dumbly push JSON description into a postgres database \item push JSON descriptions into a postgres database
\end{itemize} \end{itemize}
\end{frame} \end{frame}
\begin{frame}[fragile] \begin{frame}[fragile]
\frametitle{sensor-d4-tls-fingerprinting - d4 passivessl API} \frametitle{sensor-d4-tls-fingerprinting - passivessl API}
(Proof of Concept) (Proof of Concept) \\
\vspace{.8cm}
Exposes a REST API to query the collected data: Exposes a REST API to query the collected data:
\begin{itemize} \begin{itemize}
\item /index : returns, the full DB :) \item /index : returns the full DB (PoC),
\item /ja3/ : returns, all TLS sessions with a given JA3 Signature \item /ja3/ : returns all TLS sessions with a given JA3 Signature,
\item /ja3s/ : returns, all TLS sessions with a given JA3S Signature \item /ja3s/ : returns all TLS sessions with a given JA3S Signature,
\end{itemize} \end{itemize}
\end{frame} \end{frame}