wader/fq
1
1
Fork 0
mirror of https://github.com/wader/fq.git synced 2024-12-22 21:01:37 +03:00
Code Issues Projects Releases Wiki Activity
1,744 Commits 36 Branches 23 Tags 61 MiB
13b36a9bcc
Commit Graph

1744 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mattias Wadman
9852f56b74 tls: Add TLS 1.0, 1.1, 1.2 decode and decryption 
What it can do:
- Decodes records and most standard messages and extensions.
- Decryptes records and reassemples application data stream if a keylog is provided
  and the cipher suite is supported.
- Supports most recommended and used ciphers and a bunch of older ones.

What it can't do:
- SSL v3 maybe supported, is similar to TLS 1.0, not tested.
- Decryption and renegotiation/cipher change.
- Record defragmentation not supported, seems rare over TCP.
- TLS 1.3
- SSL v2 but v2 compat header is supported.
- Some key exchange messages not decoded yet

Decryption code is heavly based on golang crypto/tls and zmap/zcrypto.

Will be base for decoding http2 and other TLS based on protocols.

Fixes #587
 2023-03-05 13:52:12 +01:00
Mattias Wadman
fb5377f79a
Merge pull request #602 from wader/bump-gomod-golang/text-0.8.0 
Update gomod-golang/text to 0.8.0 from 0.7.0
 2023-03-04 17:19:54 +01:00
bump
e7168b994b Update gomod-golang/text to 0.8.0 from 0.7.0 
Source diff 0.7.0..0.8.0 https://github.com/golang/text/compare/v0.7.0..v0.8.0
 2023-03-04 16:03:58 +00:00
Mattias Wadman
59ad7a9128
Merge pull request #601 from wader/help-format-options-nice-example 
help: Show default option value as JSON
 2023-03-04 10:04:17 +01:00
Mattias Wadman
c75a83c829 help: Show default option value as JSON 2023-03-04 09:53:33 +01:00
Mattias Wadman
a6370ec874
Merge pull request #600 from wader/markdown-text-fix 
help,markdown: Fix double line breaks when converting to text
 2023-03-02 23:51:20 +01:00
Mattias Wadman
dec433fc53 help,markdown: Fix double line breaks when converting to text 
Also fix ugly last line break hack
 2023-03-02 23:38:11 +01:00
Mattias Wadman
461783ede8
Merge pull request #599 from wader/pcap-link-type-raw-ipv4_v6 
pcap,pcapng,ipv4,ipv6: Support raw link type (ipv4 or ipv6)
 2023-03-02 18:47:39 +01:00
Mattias Wadman
6c032455eb pcap,pcapng,ipv4,ipv6: Support raw link type (ipv4 or ipv6) 2023-03-02 18:37:00 +01:00
Mattias Wadman
cbd2df2b06
Merge pull request #598 from wader/update-docs 
doc: Run make doc
 2023-02-26 21:50:41 +01:00
Mattias Wadman
3e0ebafa6d doc: Run make doc 2023-02-26 21:41:46 +01:00
Mattias Wadman
861ce59d01
Merge pull request #597 from wader/opt-file-value-error 
interp: Exit with error if -o name=@path fails to be read, also document
 2023-02-26 21:39:39 +01:00
Mattias Wadman
73db6587a0 interp: Exit with error if -o name=@path fails to be read, also document 2023-02-26 21:18:36 +01:00
Mattias Wadman
0165644295
Merge pull request #596 from wader/zip-correctly-peek-zip64-eocd 
zip: Correctly peek for zip64 EOCD
 2023-02-22 22:34:36 +01:00
Mattias Wadman
bdd6718ddb zip: Correctly peek for zip64 EOCD 2023-02-22 22:22:36 +01:00
Mattias Wadman
58b33ab5c4
Merge pull request #595 from wader/zip-correctly-look-for-eocds 
zip: Correctly look for and decode both zip32/64 EOCD record
 2023-02-22 19:43:43 +01:00
Mattias Wadman
5228fdd6cd zip: Correctly look for and decode both zip32/64 EOCD record 
There will always be zip(32) EOCD but optinally a zip64 EOCD

Related to #586
 2023-02-22 19:34:28 +01:00
Mattias Wadman
9f7d50bf0e
Merge pull request #594 from wader/xml-toml-fail-fast 
toml,xml: Fail fast on invalid content
 2023-02-22 16:33:13 +01:00
Mattias Wadman
56edb59e83 toml,xml: Fail fast on invalid content 
encoding/xml and github.com/BurntSushi/toml both reads a lot before detecting
that it can't decode. Now we instead read one UTF-8 and make sure it's valid
xml or toml.

Should speed up probing

Related to #586 bigzero-zip.zip
 2023-02-22 16:23:21 +01:00
Mattias Wadman
aaf60ec250
Merge pull request #592 from wader/bump-make-golangci-lint-1.51.2 
Update make-golangci-lint to 1.51.2 from 1.51.1
 2023-02-20 17:14:00 +01:00
Mattias Wadman
9078d4a618
Merge pull request #593 from wader/bump-github-golangci-lint-1.51.2 
Update github-golangci-lint to 1.51.2 from 1.51.1
 2023-02-20 17:13:53 +01:00
bump
75bfdda362 Update github-golangci-lint to 1.51.2 from 1.51.1 
Release notes https://github.com/golangci/golangci-lint/releases/tag/v1.51.2
 2023-02-20 16:03:57 +00:00
bump
70e08faa18 Update make-golangci-lint to 1.51.2 from 1.51.1 
Release notes https://github.com/golangci/golangci-lint/releases/tag/v1.51.2
 2023-02-20 16:03:55 +00:00
Mattias Wadman
7b6847c24e
Merge pull request #591 from wader/ipv4frag-tcp-test 
pcap: Add ipv4 fragments tcp test
 2023-02-20 11:59:12 +01:00
Mattias Wadman
d4ea6632fa pcap: Add ipv4 fragments tcp test 2023-02-20 11:45:12 +01:00
Mattias Wadman
ab80713ea4
Merge pull request #590 from wader/pcap-ipv45-link-frame 
ipv4_packet,ipv6_packet,sll_packet,sll2_packet: Support ipv4/ipv6 lin…
 2023-02-20 09:22:42 +01:00
Mattias Wadman
c8666eeb04 ipv4_packet,ipv6_packet,sll_packet,sll2_packet: Support ipv4/ipv6 link frames and pass correct in arg 
ipv4/ipv6 in sll* accidentally worked as it passed wrong arg with ether type
 2023-02-20 01:34:38 +01:00
Mattias Wadman
acc92e6996
Merge pull request #589 from wader/decode-multi-arg-refactor 
decode: Support multiple format args and some rename and refactor
 2023-02-18 21:56:03 +01:00
Mattias Wadman
8e0dde03d0 decode: Support multiple format args and some rename and refactor 
This will allow passing both cli options and format options to sub decoder.
Ex: pass keylog option to a tls decoder when decoding a pcap.
Ex: pass decode options to a format inside a http body inside a pcap.

Add ArgAs method to lookup argument based on type. This also makes the format
decode function have same signature as sub decoders in the decode API.

This change decode.Format a bit:
DecodeFn is now just func(d *D) any
DecodeInArg renamed to DefaultInArg
 2023-02-18 21:38:51 +01:00
Mattias Wadman
570a213178
Merge pull request #584 from wader/bump-docker-golang-1.20.1 
Update docker-golang to 1.20.1 from 1.20.0
 2023-02-17 12:40:41 +01:00
Mattias Wadman
c2d81fbd4f
Merge pull request #588 from wader/bump-github-go-version-1.20.1 
Update github-go-version to 1.20.1 from 1.20.0, 1.20.0, 1.20.0
 2023-02-17 12:40:23 +01:00
bump
02e573a902 Update github-go-version to 1.20.1 from 1.20.0, 1.20.0, 1.20.0 2023-02-17 10:51:30 +00:00
Mattias Wadman
feefd7eec3
Merge pull request #585 from wader/bump-gomod-golang-x-net-0.7.0 
Update gomod-golang-x-net to 0.7.0 from 0.6.0
 2023-02-15 11:42:52 +01:00
bump
dd8ab79927 Update gomod-golang-x-net to 0.7.0 from 0.6.0 
Tags https://github.com/golang/net/tags
 2023-02-15 10:35:04 +00:00
bump
0581ecea3e Update docker-golang to 1.20.1 from 1.20.0 2023-02-15 10:34:57 +00:00
Mattias Wadman
55375c0331
Merge pull request #583 from wader/help-cleanup 
doc,fq: Improve cli help and some cleanup
 2023-02-15 11:13:12 +01:00
Mattias Wadman
a1bb630a2a doc,fq: Improve cli help and some cleanup 2023-02-15 11:04:39 +01:00
Mattias Wadman
9bad37814e
Merge pull request #581 from wader/matroska-unknown-size-test 
matroska: Add unknown size test and add description to ebml header
 2023-02-10 10:39:22 +01:00
Mattias Wadman
9aaf2ddf27 matroska: Add unknown size test and add description to ebml header 2023-02-10 10:29:25 +01:00
Mattias Wadman
4579c7ee23
Merge pull request #580 from wader/matoska-update-spec 
matroska: Update spec and make refs in descriptions look nicer
 2023-02-09 23:46:22 +01:00
Mattias Wadman
c890a2899f matroska: Update spec and make refs in descriptions look nicer 2023-02-09 23:18:17 +01:00
Mattias Wadman
072a63ae6b
Merge pull request #576 from wader/matroska-master-unknown-size-end 
matroska: Assume master with unknown size has ended if a valid parent is found
 2023-02-09 20:26:25 +01:00
Mattias Wadman
a8d0bf4d3e matroska: Assume master with unknown size has ended if a valid parent is found 
Major refactor of ebml code generator, now decoupled from fq code
Cleanup element descriptions a bit, a bit shorter and less clutter
Cleanup old comments
 2023-02-09 20:10:47 +01:00
Mattias Wadman
7a718abaac
Merge pull request #579 from wader/bump-gomod-golang/text-0.7.0 
Update gomod-golang/text to 0.7.0 from 0.6.0
 2023-02-09 18:45:22 +01:00
Mattias Wadman
d946f10638
Merge pull request #578 from wader/bump-gomod-golang-x-net-0.6.0 
Update gomod-golang-x-net to 0.6.0 from 0.5.0
 2023-02-09 18:45:07 +01:00
Mattias Wadman
db90e16b99
Merge pull request #577 from wader/bump-gomod-golang-x-crypto-0.6.0 
Update gomod-golang-x-crypto to 0.6.0 from 0.5.0
 2023-02-09 18:44:48 +01:00
bump
97643b9873 Update gomod-golang/text to 0.7.0 from 0.6.0 
Source diff 0.6.0..0.7.0 https://github.com/golang/text/compare/v0.6.0..v0.7.0
 2023-02-09 16:04:05 +00:00
bump
2430fba7e5 Update gomod-golang-x-net to 0.6.0 from 0.5.0 
Tags https://github.com/golang/net/tags
 2023-02-09 16:04:02 +00:00
bump
b1d9306b18 Update gomod-golang-x-crypto to 0.6.0 from 0.5.0 
Tags https://github.com/golang/crypto/tags
 2023-02-09 16:03:59 +00:00
Mattias Wadman
0609369b56
Merge pull request #575 from wader/matoska-unknown-size-non-master 
matroska: Handle unknown size for non-master types a bit better
 2023-02-08 12:26:17 +01:00