GQUIC Protocol Analyzer Logo

GQUIC Protocol Analyzer

0
Free
Visit Website

This analyzer parses GQUIC traffic in Zeek for logging and detection purposes. It examines the initial exchange between a client and server communicating over GQUIC, and extracts the information contained in the connection's client hello packet and server rejection packet. Currently, this protocol analyzer supports GQUIC versions Q039 to Q046. Installing the GQUIC Protocol Analyzer using Source Tree: For a standard installation: ./configure --zeek-dist=/path/to/zeek/dist make make install To see all options, including setting the install path, run: ./configure --help To provide further insight and help detect anomalous (and potentially malicious) GQUIC traffic, fingerprinting is utilized. The fingerprinting method, named "CYU" works by identifying the GQUIC version and tags present in client hello packets. First, the version of the packet is extracted, immediately followed by a comma. After this, each tag in the client hello packet is gathered and concatenated together with hyphens to delimit each tag. For example: 46,PAD-SNI-STK-VER-CCS-NONC-AEAD-UAID-SCID-TCID-PDMD-SMHL-ICSL-NONP-PUBS-MIDS-SCLS-KEXS-XLCT-CSCT-COPT-CCRT-IRTT-CFCW-SFCW. After this string, i

FEATURES

ALTERNATIVES

Mass IP port scanner for Internet-scale scanning with high speed and flexibility.

DirSearch is a simple tool for finding files and directories on a web server.

Network Dump data Displayer and Editor framework for tcpdump trace files manipulation.

An open-source security tool for testing data center resiliency to perimeter breaches and internal server infection.

A powerful command-line packet analyzer and a portable C/C++ library for network traffic capture with comprehensive documentation.

A technique to associate applications with TLS parameters for identifying malware and vulnerable applications.

Tcpreplay is a network traffic editing and replay tool used for testing network devices and applications.

Automated SSRF finder with options for XSS and open redirects

PINNED