Closed jacekkotynski closed 8 years ago
Thanks very much for the input, it's really useful! And I'm always happy to hear of people using the tool :)
Can I just confirm a couple of things quickly please? Do you know which version you're running (I added some error handing for weird offsets about 3 or 4 days ago, so if it's that causing the issue I may have coincidentally fixed it recently).
Interesting that it writes the signature out first, that gives some really useful debugging info!
Do you happen to know if you have pcaps of any packets that cause this condition? If so I'd be more than happy to use them to recreate the problem and put a fix together if you were happy to share?
Confirming:
Cool thanks - well that's a good start, thanks! Let me go and do some digging here.
I don't seem to be able to reproduce on BSD based systems with clang.
Are you using Linux and/or gcc? (just to shorten my debug process)
Aaaaand I just noticed that you're using Debian from the hostname... doh!
I need more coffee.
Debian 8 with GCC and libpcap-dev, all in newest versions if it does matter.
Interesting.... passing generic traffic (e.g. my home network) through a similar box doesn't seem to cause issues, so I suspect that there is something specific to at least one of the fingerprint types that you are seeing on your network.
I'm going to attempt to get a pcap of a Sony Xperia (Android 6) - Chrome Browser to see if it generates something in the packet that's upsetting things.
Wow - that was difficult, but I think I found it and fixed it.
In short, I think you will experience the problem when all the following are met:
more details here: https://github.com/LeeBrotherston/tls-fingerprinting/commit/b278f2ab2a97739bb661c134430f4e5b0d508c01#diff-8eaf2f10f743be8f8ae1baeb76f58c87
If you find that this fixes the issue I'll close the issue and have a celebration ;)
Hi Just tested it on a remote environment and the fix works! :) I have one more border case regarding a load balancer hitting the same interface that the server is working on but I assume that with high probability it will work too (I'll test it on Monday).
But so far I think this can be considered fixed :) Thank You very Much this fix is highly appreciated :)
Hello Firstly: I've been using/testing your tool for a research project and I think it's great.
However on various occasions it crashed for me with a segmentation fault error. One case was when my load balancer called back to the server to check if it was alive.
The second occasion was when I tried to access my test server with my mobile: Using interface: eth0 Loaded 268 signatures [2016-05-23 22:45:58] New FingerPrint [0] Detected, dynamically adding to in-memory fingerprint database [2016-05-23 22:45:58] New Fingerprint "Dynamic debian8-tmpl 0": TLSv1.2 connection from X.Y.Z.P:47022 to K.L.M.N:443 Servername: "W.Q.net" [2016-05-23 22:45:58] New FingerPrint [1] Detected, dynamically adding to in-memory fingerprint database [2016-05-23 22:48:54] New FingerPrint [0] Detected, dynamically adding to in-memory fingerprint database [2016-05-23 22:48:54] New Fingerprint "Dynamic debian8-tmpl 0": TLSv1.2 connection from X.Y.Z.P:47022 to K.L.M.N:443 Servername: "W.Q.net" Segmentation fault
I don't know what exactly is going on and why there is a segmentation fault but it seems to be something that could use error handling. Event thou the fingerprint was recoreded correctly before the app crashed.