8000 GitHub - theodorsm/dfind
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

theodorsm/dfind

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
create-tables.sql
create-tables.sql
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 
queries.sql
queries.sql
 
 
results.md
results.md
 
 

Repository files navigation

dfind

dfind is a tool for discovering passive fingerprints by finding identifying fields specific to different DTLS implementations.

Requirements

  • Postgres
  • Go

PCAPs containing only DTLS handshakes, this can be filtered using the following command:

tshark -r unfiltered.pcap  -Y "dtls.handshake" -w filtered_handshakes.pcap

Usage

<TAG>: a string (no spaces) for tagging traffic. Examples: snowflake, chrome, firefox.

# Create tables in database
psql -h localhost -d dtls_fingerprinting -U postgres -f ./create-tables.sql
# Parse pcaps and insert into database
go run main.go fingerprint <TAG> <PATH-TO-PCAPS-FOLDER>
go run main.go fingerprint <ANOTHER-TAG> <PATH-TO-PCAPS-FOLDER>
go run main.go fingerprint <YET-ANOTHER-TAG> <PATH-TO-PCAPS-FOLDER>
# Automatic analysis of fingerprints
go run main.go analyze <TAG>
# Fuzzy matching of extensions, to be further analyzed further manually
go run main.go extensions <TAG>

Disclaimer

This code-base contains unsafe and unsanitized SQL-queries, do not expose service to untrusted users. Only use locally for research purposes.

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages
0