Skip to content

Commit

Permalink
fix issue #49
Browse files Browse the repository at this point in the history
  • Loading branch information
noeltimothy committed Jan 22, 2024
1 parent c78c184 commit 590869d
Showing 1 changed file with 26 additions and 14 deletions.
40 changes: 26 additions & 14 deletions python/ja4ssh.py
Original file line number Diff line number Diff line change
Expand Up @@ -42,22 +42,15 @@ def process_extra_parameters(entry, x, direction):
## we return 1 whenever a new stats entry is added based on the sample rate
## This way the caller can print this packet out
def update_ssh_entry(entry, x, ssh_sample_count, debug_stream=None):
if (entry['count'] % ssh_sample_count) == 0:
to_ja4ssh(entry) if entry['count'] != 0 else None

if entry['count'] == 0 and len(entry['stats']) == 0:
entry['stats'].append(dict(ja4sh_stats))

if debug_stream and int(x['stream']) == debug_stream:
if entry['count'] != 0:
idx = len(entry['stats']) - 1
try:
computed = entry[f'JA4SSH.{idx}']
print (f'computed JA4SSH.{idx}: {computed}')
except Exception as e:
pass

entry['count'] += 1
# Only count SSH PSHACK packets
if 'ssh' in x['protos']:
entry['count'] += 1


# Now we update the payload lengths, and the acks
e = entry['stats'][-1]
direction = 'client' if entry['src'] == x['src'] else 'server'

Expand All @@ -73,12 +66,31 @@ def update_ssh_entry(entry, x, ssh_sample_count, debug_stream=None):
if 'ssh' in x['protos']:
process_extra_parameters(entry, x, direction)

if x['stream'] == debug_stream:
print (f"stats[{len(entry['stats'])}]:tcp flag = {x['flags']}, c{e['client_packets']}s{e['server_packets']}_c{e['client_acks']}s{e['server_acks']}")

if (entry['count'] % ssh_sample_count) == 0:
to_ja4ssh(entry) if entry['count'] != 0 else None
if (entry['count'] / ssh_sample_count) == len(entry['stats']):
print (f'adding new entry at count {entry["count"]}')
entry['stats'].append(dict(ja4sh_stats))

if debug_stream and int(x['stream']) == debug_stream:
if entry['count'] != 0:
idx = len(entry['stats']) - 1
try:
computed = entry[f'JA4SSH.{idx}']
print (f'computed JA4SSH.{idx}: {computed}')
except Exception as e:
pass

# computes the JA4SSH from the segment x:
# The segment has data as specified by ja4sh_stats
##
def to_ja4ssh(x):
e = x['stats'][-1]
idx = len(x['stats'])
print (f'calling ja4ssh with idx = {idx}')
e = x['stats'][idx-1]
if e['client_payloads'] or e['server_payloads']:
mode_client = max(e['client_payloads'], key=e['client_payloads'].count) if e['client_payloads'] else 0
mode_server = max(e['server_payloads'], key=e['server_payloads'].count) if e['server_payloads'] else 0
Expand Down

0 comments on commit 590869d

Please sign in to comment.