Merge branch 'master' of github.com:D4-project/architecture
commit
fa82af7c9b
|
|
@ -139,7 +139,7 @@ Depends on libpcap.
|
||||||
|
|
||||||
|
|
||||||
\begin{frame}[fragile]
|
\begin{frame}[fragile]
|
||||||
\frametitle{sensor-d4-tls-fingerprinting - d4 client}
|
\frametitle{sensor-d4-tls-fingerprinting | d4 client}
|
||||||
Required setting:
|
Required setting:
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
\item type should be set to 2 or 254
|
\item type should be set to 2 or 254
|
||||||
|
|
@ -152,12 +152,19 @@ Depends on libpcap.
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
\item describe every TLS Sessions,
|
\item describe every TLS Sessions,
|
||||||
\item marshal this description in JSON format
|
\item marshal this description in JSON format
|
||||||
\item ship this description to D4 server
|
\item ship this description to the D4 server
|
||||||
\end{itemize}
|
\end{itemize}
|
||||||
\end{frame}
|
\end{frame}
|
||||||
|
|
||||||
|
\begin{frame}
|
||||||
|
\frametitle{sensor-d4-tls-fingerprinting - ja3-jl plugin}
|
||||||
|
\begin{center}
|
||||||
|
\includegraphics[scale=0.4]{d4-worker2-ja3-jl.pdf}
|
||||||
|
\end{center}
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
\begin{frame}[fragile]
|
\begin{frame}[fragile]
|
||||||
\frametitle{sensor-d4-tls-fingerprinting - d4 worker}
|
\frametitle{sensor-d4-tls-fingerprinting - ja3-jl worker}
|
||||||
\input{worker.tex}
|
\input{worker.tex}
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
\item processes each reassembled JSON description,
|
\item processes each reassembled JSON description,
|
||||||
|
|
@ -168,24 +175,26 @@ Depends on libpcap.
|
||||||
\end{frame}
|
\end{frame}
|
||||||
|
|
||||||
\begin{frame}[fragile]
|
\begin{frame}[fragile]
|
||||||
\frametitle{sensor-d4-tls-fingerprinting - d4 analyzer}
|
\frametitle{sensor-d4-tls-fingerprinting - ja3-jl analyzer}
|
||||||
(Proof of Concept)
|
(Work in Progress) \\
|
||||||
|
\vspace{.8cm}
|
||||||
|
Populates a database:
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
\item LPOP a redis list populated by the worker
|
\item LPOP a redis list populated by the worker
|
||||||
\item dumbly push JSON description into a postgres database
|
\item push JSON descriptions into a postgres database
|
||||||
\end{itemize}
|
\end{itemize}
|
||||||
\end{frame}
|
\end{frame}
|
||||||
|
|
||||||
|
|
||||||
\begin{frame}[fragile]
|
\begin{frame}[fragile]
|
||||||
\frametitle{sensor-d4-tls-fingerprinting - d4 passivessl API}
|
\frametitle{sensor-d4-tls-fingerprinting - passivessl API}
|
||||||
(Proof of Concept)
|
(Work in Progress) \\
|
||||||
|
\vspace{.8cm}
|
||||||
Exposes a REST API to query the collected data:
|
Exposes a REST API to query the collected data:
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
\item /index : returns, the full DB :)
|
\item /index : returns the full DB (PoC),
|
||||||
\item /ja3/ : returns, all TLS sessions with a given JA3 Signature
|
\item /ja3/ : returns all TLS sessions with a given JA3 Signature,
|
||||||
\item /ja3s/ : returns, all TLS sessions with a given JA3S Signature
|
\item /ja3s/ : returns all TLS sessions with a given JA3S Signature,
|
||||||
\end{itemize}
|
\end{itemize}
|
||||||
\end{frame}
|
\end{frame}
|
||||||
|
|
||||||
|
|
|
||||||
Binary file not shown.
Loading…
Reference in New Issue