-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
LDAP analyzer #56
LDAP analyzer #56
Commits on May 10, 2021
-
* added LDAP stubbed out files * stubbing PDU types * work in progress (found asn1.spicy module) * more asn1 work in progress * more asn1 work in progress * more asn1 work in progress * more asn1 work in progress * more asn1 work in progress; compiling but some stuff has been commented out. need to examine one by one * more asn1 work in progress; compiling but some stuff has been commented out. need to examine one by one * asn1 work in progress * asn1 work in progress * stub out debug output * work in progress * added debug back in * more work on bind request * more work in progress on bind request * more work on ldap bindRequest * more work in progress, figururing out application ASN.1 BER class. see https://ldap.com/ldapv3-wire-protocol-reference-asn1-ber/ for a big help * more work in progress, figururing out application ASN.1 * more work in progress, figururing out application ASN.1 * working on bindrequest * more work on ldap * wip on ldap/spicy * comment out specifying vector length * more work in progress on ldap * LDAP work in progress * Fix indents and remove wrapper. * Spaces to tabs. * Switch to spaces. * Update source for trace file. * Fix various vector parsing issues. Also remove typing from the_type since we don't know all cases yet. * Added Cisco vendor IDs. * Update baselines. * Add another vendor id. * work in progress with zeek integration plumbing: * plumbing in place for logging * more logging work in progress * more logging work in progress * comment out some stuff * redue verbosity * print out numbers of unparsed bytes * debugging ldap * specify message length so we don't parse more than we should per-message * ldap work in progress * push 'catch-all' bytes &eod array to the sub-messages * debug print out the list of unparsed data * need to parse ldap messages in an array * Adding result * don't explicitly set a bool for hasResult * explicitly set a bool for hasResult * add column * use unset value instead of a separate boolean * progress on ldap.log * added more results * more work on ldap log * make op and result set of enum instead of vector of enum * add comments * need EOL * formatting and work on ldap processor * more work on ldap * working on putting search into its own separate log file * working on putting search into its own separate log file * more work on search filtering * work in progress on the ldap processor; asn1 can now be recursive, although I'm not using it yet because it's a whole mindshift from what i've been doing * Added more debug printing * Added more debug printing * for now store application types in a big 'bytes' array * Added more debug printing * recursive parsing for ldap via asn1 * great progress on ldap * great progress on ldap * great progress on ldap * Allow success with empty entries * formatting, and use &convert to decomplicate member access * use strings instead of enums for log output Co-authored-by: Keith Jones <keith@keithjjones.com> Co-authored-by: Robin Sommer <robin@corelight.com>
Configuration menu - View commit details
-
Copy full SHA for de1c46a - Browse repository at this point
Copy the full SHA de1c46aView commit details -
Configuration menu - View commit details
-
Copy full SHA for 3949c90 - Browse repository at this point
Copy the full SHA 3949c90View commit details -
Configuration menu - View commit details
-
Copy full SHA for 599c7a9 - Browse repository at this point
Copy the full SHA 599c7a9View commit details -
Configuration menu - View commit details
-
Copy full SHA for b5f36c7 - Browse repository at this point
Copy the full SHA b5f36c7View commit details -
Configuration menu - View commit details
-
Copy full SHA for 9594f6d - Browse repository at this point
Copy the full SHA 9594f6dView commit details
Commits on May 11, 2021
-
Configuration menu - View commit details
-
Copy full SHA for cd5c670 - Browse repository at this point
Copy the full SHA cd5c670View commit details -
Configuration menu - View commit details
-
Copy full SHA for 78ea982 - Browse repository at this point
Copy the full SHA 78ea982View commit details -
Configuration menu - View commit details
-
Copy full SHA for a666fb5 - Browse repository at this point
Copy the full SHA a666fb5View commit details -
Configuration menu - View commit details
-
Copy full SHA for 7cce9bb - Browse repository at this point
Copy the full SHA 7cce9bbView commit details -
Configuration menu - View commit details
-
Copy full SHA for 40fbc83 - Browse repository at this point
Copy the full SHA 40fbc83View commit details
Commits on May 12, 2021
-
Moving computation for |self.seq.submessages| to temporary local vari…
…able to fix CI integration error. Thanks to @bbannier in #56 (comment): "This combination of stringification, tuples, and|...| triggers the CI error you are seeing." This could be removed once zeek/spicy#919 is in.
Configuration menu - View commit details
-
Copy full SHA for 7737a0c - Browse repository at this point
Copy the full SHA 7737a0cView commit details -
changes made after @bbanier's review of PR #56. See the comments in t…
…hat review for the details.
Configuration menu - View commit details
-
Copy full SHA for d403227 - Browse repository at this point
Copy the full SHA d403227View commit details -
changes made after @bbanier's review of PR #56. See the comments in t…
…hat review for the details.
Configuration menu - View commit details
-
Copy full SHA for 6edc9ce - Browse repository at this point
Copy the full SHA 6edc9ceView commit details -
Configuration menu - View commit details
-
Copy full SHA for 9d470d1 - Browse repository at this point
Copy the full SHA 9d470d1View commit details -
Configuration menu - View commit details
-
Copy full SHA for 0962e6a - Browse repository at this point
Copy the full SHA 0962e6aView commit details
Commits on May 17, 2021
-
Configuration menu - View commit details
-
Copy full SHA for e5e5ffd - Browse repository at this point
Copy the full SHA e5e5ffdView commit details -
Configuration menu - View commit details
-
Copy full SHA for bf8b3d7 - Browse repository at this point
Copy the full SHA bf8b3d7View commit details
Commits on May 18, 2021
-
Configuration menu - View commit details
-
Copy full SHA for 8cedba7 - Browse repository at this point
Copy the full SHA 8cedba7View commit details -
try to expose less useless stuff in each unit, for #56
As per the suggestion here #56 (review)
Configuration menu - View commit details
-
Copy full SHA for 51ec8fd - Browse repository at this point
Copy the full SHA 51ec8fdView commit details -
Configuration menu - View commit details
-
Copy full SHA for 6696428 - Browse repository at this point
Copy the full SHA 6696428View commit details -
something in 51ec8fd broke something, this will (should) fix it
Squashed commit of the following: commit 4cd5e79 Author: SG <13872653+mmguero@users.noreply.github.com> Date: Tue May 18 12:32:26 2021 -0600 something in 51ec8fd broke something, this branch is debugging it commit bbf65a7 Author: SG <13872653+mmguero@users.noreply.github.com> Date: Tue May 18 12:29:39 2021 -0600 something in 51ec8fd broke something, this branch is debugging it commit 3636f30 Author: SG <13872653+mmguero@users.noreply.github.com> Date: Tue May 18 12:27:18 2021 -0600 Formatting commit 7957242 Author: SG <13872653+mmguero@users.noreply.github.com> Date: Tue May 18 12:24:38 2021 -0600 something in 51ec8fd broke something, this branch is debugging it commit 8bed45b Merge: d86336c 6696428 Author: SG <13872653+mmguero@users.noreply.github.com> Date: Tue May 18 12:21:58 2021 -0600 Merge remote-tracking branch 'mmguero-dev/main' into topic/ldapdebug commit d86336c Author: SG <13872653+mmguero@users.noreply.github.com> Date: Tue May 18 12:06:38 2021 -0600 something in 51ec8fd broke something, this branch is debugging it commit 292186c Author: SG <13872653+mmguero@users.noreply.github.com> Date: Tue May 18 11:59:45 2021 -0600 something in 51ec8fd broke something, this branch is debugging it
Configuration menu - View commit details
-
Copy full SHA for 3c5ccb4 - Browse repository at this point
Copy the full SHA 3c5ccb4View commit details