I broke IPv6... I fixed IPv6!

I also added some fingerprints.
LeeBrotherston · Feb 22, 2016 · 49a6a53 · 49a6a53
1 parent 5e72076
commit 49a6a53
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 13 deletions.
diff --git a/fingerprintls/packet_processing.c b/fingerprintls/packet_processing.c
@@ -187,14 +187,6 @@ void got_packet(u_char *args, const struct pcap_pkthdr *pcap_header, const u_cha
 						/* Not using this yet, but here ready for when I impliment 6in4 de-encapsultion (per teredo) */
 						ip_version = 8;  // No reason... YOLO
 						ipv6 = (struct ip6_hdr*)(packet + SIZE_ETHERNET + size_vlan_offset + sizeof(struct ipv4_header));
-
-						// OK This works ok
-						//inet_ntop(AF_INET,(void*)&ipv4->ip_src,src_address_buffer,sizeof(src_address_buffer));
-						//inet_ntop(AF_INET6,(void*)&ipv6->ip6_dst,dst_address_buffer,sizeof(dst_address_buffer));
-						//printf("6in4: %s -> %s\n", src_address_buffer, dst_address_buffer);
-
-						/* used later to get tcp offsets */
-						//size_ip += sizeof(struct ip6_hdr);
 						size_ip += 40;
 						break;
 
@@ -227,10 +219,6 @@ void got_packet(u_char *args, const struct pcap_pkthdr *pcap_header, const u_cha
 				// XXX These lines are duplicated, will de-dupe later this is for testing without breaking :)
 				tcp = (struct tcp_header*)(packet + SIZE_ETHERNET + size_vlan_offset + size_ip);
 				payload = (u_char *)(packet + SIZE_ETHERNET + size_vlan_offset + size_ip + (tcp->th_off * 4));
-				// Emulating: "(tcp[tcp[12]/16*4]=22 and (tcp[tcp[12]/16*4+5]=1) and (tcp[tcp[12]/16*4+9]=3) and (tcp[tcp[12]/16*4+1]=3))"
-				//if(!(payload[0] == 22 && payload[5] == 1 && payload[9] == 3 && payload[1] == 3))
-					return; /* Doesn't match our not BPF, BPF.... BAILING OUT!! */
-
 
 				/* Sanity Check... Should be IPv6 */
 				if ((ntohl(ipv6->ip6_vfc)>>28)!=6){

diff --git a/fingerprintls/tlsfp.db b/fingerprintls/tlsfp.db
diff --git a/fingerprints/fingerprints.json b/fingerprints/fingerprints.json
@@ -253,4 +253,7 @@
 {"id": 0, "desc": "Windows 10 Native Connection", "record_tls_version": "0x0303", "tls_version": "0x0303", "ciphersuite_length": "0x0034", "ciphersuite": "0xC02C 0xC02B 0xC030 0xC02F 0x009F 0x009E 0xC024 0xC023 0xC028 0xC027 0xC00A 0xC009 0xC014 0xC013 0x009D 0x009C 0x003D 0x003C 0x0035 0x002F 0x000A 0x006A 0x0040 0x0038 0x0032 0x0013", "compression_length": "1",  "compression": "0x00", "extensions": "0x0000 0x0005 0x000A 0x000B 0x000D 0x0023 0x0017 0xFF01 ", "e_curves": "0x0017 0x0018 ", "sig_alg": "0x0401 0x0501 0x0201 0x0403 0x0503 0x0203 0x0202 0x0601 0x0603 ", "ec_point_fmt": "0x00"}
 {"id": 0, "desc": "PubNub data stream #1", "record_tls_version": "0x0301", "tls_version": "0x0303", "ciphersuite_length": "0x0028", "ciphersuite": "0xC02B 0xC02C 0xC02F 0xC030 0x009E 0x009F 0xC009 0xC00A 0xC013 0xC014 0x0033 0x0039 0xC007 0xC011 0x009C 0x009D 0x002F 0x0035 0x0005 0x00FF", "compression_length": "1",  "compression": "0x00", "extensions": "0x0000 0x0017 0x0023 0x000D 0x0010 0x000B 0x000A 0x0015 ", "e_curves": "0x0017 0x0018 0x0019 ", "sig_alg": "0x0601 0x0603 0x0501 0x0503 0x0401 0x0403 0x0301 0x0303 0x0201 0x0203 ", "ec_point_fmt": "0x00"}
 {"id": 0, "desc": "PubNub data stream #2", "record_tls_version": "0x0301", "tls_version": "0x0303", "ciphersuite_length": "0x0028", "ciphersuite": "0xC02B 0xC02C 0xC02F 0xC030 0x009E 0x009F 0xC009 0xC00A 0xC013 0xC014 0x0033 0x0039 0xC007 0xC011 0x009C 0x009D 0x002F 0x0035 0x0005 0x00FF", "compression_length": "1",  "compression": "0x00", "extensions": "0x0000 0x0017 0x0023 0x000D 0x0010 0x000B 0x000A ", "e_curves": "0x0017 0x0018 0x0019 ", "sig_alg": "0x0601 0x0603 0x0501 0x0503 0x0401 0x0403 0x0301 0x0303 0x0201 0x0203 ", "ec_point_fmt": "0x00"}
-{"id": 0, "desc": "Blackberry Messenger", "record_tls_version": "0x0301", "tls_version": "0x0301", "ciphersuite_length": "0x005A", "ciphersuite": "0xC014 0xC00A 0x0039 0x0038 0x0088 0x0087 0xC00F 0xC005 0x0035 0x0084 0xC013 0xC009 0x0033 0x0032 0x009A 0x0099 0x0045 0x0044 0xC00E 0xC004 0x002F 0x0096 0x0041 0xC011 0xC007 0xC00C 0xC002 0x0005 0x0004 0xC012 0xC008 0x0016 0x0013 0xC00D 0xC003 0x000A 0x0015 0x0012 0x0009 0x0014 0x0011 0x0008 0x0006 0x0003 0x00FF", "compression_length": "1",  "compression": "0x00", "extensions": "0x0000 0x000B 0x000A ", "e_curves": "0x000E 0x000D 0x0019 0x000B 0x000C 0x0018 0x0009 0x000A 0x0016 0x0017 0x0008 0x0006 0x0007 0x0014 0x0015 0x0004 0x0005 0x0012 0x0013 0x0001 0x0002 0x0003 0x000F 0x0010 0x0011 ", "sig_alg": "", "ec_point_fmt": "0x00 0x01 0x02"}
+{"id": 0, "desc": "Blackberry", "record_tls_version": "0x0301", "tls_version": "0x0301", "ciphersuite_length": "0x005A", "ciphersuite": "0xC014 0xC00A 0x0039 0x0038 0x0088 0x0087 0xC00F 0xC005 0x0035 0x0084 0xC013 0xC009 0x0033 0x0032 0x009A 0x0099 0x0045 0x0044 0xC00E 0xC004 0x002F 0x0096 0x0041 0xC011 0xC007 0xC00C 0xC002 0x0005 0x0004 0xC012 0xC008 0x0016 0x0013 0xC00D 0xC003 0x000A 0x0015 0x0012 0x0009 0x0014 0x0011 0x0008 0x0006 0x0003 0x00FF", "compression_length": "1",  "compression": "0x00", "extensions": "0x0000 0x000B 0x000A ", "e_curves": "0x000E 0x000D 0x0019 0x000B 0x000C 0x0018 0x0009 0x000A 0x0016 0x0017 0x0008 0x0006 0x0007 0x0014 0x0015 0x0004 0x0005 0x0012 0x0013 0x0001 0x0002 0x0003 0x000F 0x0010 0x0011 ", "sig_alg": "", "ec_point_fmt": "0x00 0x01 0x02"}
+{"id": 0, "desc": "BlackBerry Browser (Tested BB10)", "record_tls_version": "0x0301", "tls_version": "0x0303", "ciphersuite_length": "0x006C", "ciphersuite": "0xC02C 0xC030 0xC02B 0xC02F 0xC024 0xC00A 0xC028 0xC014 0xC023 0xC009 0xC027 0xC013 0xC008 0xC012 0x009F 0x00A3 0x009E 0x00A2 0x006B 0x0039 0x006A 0x0038 0x0067 0x0033 0x0040 0x0032 0xC02E 0xC032 0xC02D 0xC031 0xC026 0xC005 0xC02A 0xC00F 0xC025 0xC004 0xC029 0xC00E 0xC003 0xC00D 0x009D 0x009C 0x003D 0x0035 0x003C 0x002F 0xC011 0xC007 0xC00C 0xC002 0x0005 0x0004 0x000A 0x00FF", "compression_length": "1",  "compression": "0x00", "extensions": "0x0000 0x000B 0x000A 0x0023 0x000D 0x0005 0x0015 ", "e_curves": "0x0019 0x0018 0x0009 0x0017 0x0013 0x0001 ", "sig_alg": "0x0601 0x0602 0x0603 0x0501 0x0502 0x0503 0x0401 0x0402 0x0403 0x0301 0x0302 0x0303 0x0201 0x0202 0x0203 ", "ec_point_fmt": "0x00 0x01 0x02"}
+{"id": 0, "desc": "Candy Crush (testing iOS 8.3)", "record_tls_version": "0x0301", "tls_version": "0x0303", "ciphersuite_length": "0x0082", "ciphersuite": "0xC030 0xC02C 0xC028 0xC024 0xC014 0xC00A 0x00A3 0x009F 0x006B 0x006A 0x0039 0x0038 0x0088 0x0087 0xC032 0xC02E 0xC02A 0xC026 0xC00F 0xC005 0x009D 0x003D 0x0035 0x0084 0xC02F 0xC02B 0xC027 0xC023 0xC013 0xC009 0x00A2 0x009E 0x0067 0x0040 0x0033 0x0032 0x0045 0x0044 0xC031 0xC02D 0xC029 0xC025 0xC00E 0xC004 0x009C 0x003C 0x002F 0x0041 0xC011 0xC007 0xC00C 0xC002 0x0005 0x0004 0xC012 0xC008 0x0016 0x0013 0xC00D 0xC003 0x000A 0x0015 0x0012 0x0009 0x00FF", "compression_length": "1",  "compression": "0x00", "extensions": "0x0000 0x000B 0x000A 0x000D 0x000F 0x0015 ", "e_curves": "0x000E 0x000D 0x0019 0x000B 0x000C 0x0018 0x0009 0x000A 0x0016 0x0017 0x0008 0x0006 0x0007 0x0014 0x0015 0x0004 0x0005 0x0012 0x0013 0x0001 0x0002 0x0003 0x000F 0x0010 0x0011 ", "sig_alg": "0x0601 0x0602 0x0603 0x0501 0x0502 0x0503 0x0401 0x0402 0x0403 0x0301 0x0302 0x0303 0x0201 0x0202 0x0203 ", "ec_point_fmt": "0x00 0x01 0x02"}
+{"id": 0, "desc": "Tripit Android App", "record_tls_version": "0x0301", "tls_version": "0x0303", "ciphersuite_length": "0x001A", "ciphersuite": "0xC02B 0xC02F 0x009E 0xC00A 0xC009 0xC013 0xC014 0x0033 0x0039 0x009C 0x002F 0x0035 0x00FF", "compression_length": "1",  "compression": "0x00", "extensions": "0x0000 0x0017 0x0023 0x000D 0x0010 0x000B 0x000A ", "e_curves": "0x0017 0x0018 0x0019 ", "sig_alg": "0x0601 0x0603 0x0501 0x0503 0x0401 0x0403 0x0301 0x0303 0x0201 0x0203 ", "ec_point_fmt": "0x00"}