ChopShop
0 (0)
A framework for creating and executing pynids-based decoders and detectors of APT tradecraft
DEPRECATION NOTICE: This software is no longer maintained. The goal of this project is to allow for accurate detection of HTTPS interception and robust TLS fingerprinting. This project is based off of The Security Impact of HTTPS Interception, and started as a port to Go of their processing scripts and fingerprints. More context about MITMEngine is available in this Cloudflare blog post. Quick Links: - Signatures and Fingerprints: Core Definitions - MITM Detection Methodology - API Example Usage - Building and Testing - How to Contribute - mergeDB utility Requirements - Go - Wireshark 3.0.0 (wireshark -v to check) Documentation: Detailed documentation lives with the code (copy package to $(GOPATH)/src/github.com/cloudflare/mitmengine first). Command to access documentation: godoc -http=:6060 http://localhost:6060/pkg/github.com/cloudflare/mitmengine Signature and Fingerprints: In this project, fingerprints map to concrete instantiations of an object, while signatures can represent multiple objects. We use this convention because a fingerprint is usually an inherent property of an object, while a signature can be chosen. In the same way, an actual client request seen by a server would have a fingerprint, while the software
A framework for creating and executing pynids-based decoders and detectors of APT tradecraft
A free DNS recursive service that blocks malicious host names and protects user privacy.
Fail2ban is a daemon that scans log files and bans IPs showing malicious signs to protect servers from brute-force attacks.
netsniff-ng is a free Linux networking toolkit with zero-copy mechanisms for network development, analysis, and auditing.
A low interaction Python honeypot designed to mimic various services and ports to attract attackers and log access attempts.
A method for profiling SSL/TLS Clients with easy-to-produce client fingerprints.