Differences

This shows you the differences between two versions of the page.

--- lua:quic [2018/12/13 18:15]
veera [Flow Tags]
+++ lua:quic [2019/08/14 14:55] (current)
veera [QUIC protocol analysis using the Trisul Scripting API]
@@ Line 6: / Line 6: @@
 This article describes how you can pull out key indicators from QUIC into Trisul using the [[https://www.trisul.org/docs/lua/index.html|Lua Scripting API]].
+<note>
+**UPDATES**  14-Aug-19   Updated to support QUIC version 46</note>
+<note>
 The QUIC analysis LUA scripts can be found here in the [[https://github.com/trisulnsm/bitmaul/tree/master/examples/quic|BITMAUL/examples/quic]] repo
+</note>
 ===== Network Security Monitoring for QUIC =====
@@ Line 60: / Line 67: @@
 ===== Extract X.509 Certificate in QUIC =====
-Just as we do for all SSL flows, we pull out the certificates from the server. Found in the REJECT message into Trisul.
+Just as we do for all SSL flows, we pull out the certificates in QUIC from the server. Apparently QUIC also uses a 64-bit cert FLV.1 hash for well known certificate chains (like googles),but we were unable to get our Chrome browser to use them. We always got full certs.
 This took a while for me to get the certificate extraction right due to the following issues.
@@ Line 68: / Line 75: @@
   * the certificate spans multiple UDP packets hence needs some reassembly. Put together a very naive reassembly code in quic-dissect.lua
-This is the result of the extracted certificate.  Go to Resources > SSL Certs > press ENTER or search quic
+Go to Resources > SSL Certs > press ENTER or search //quic//

Trisul Network Analytics Developer Zone

User Tools

Site Tools

Differences

Page Tools

Trisul Network Analytics
Developer Zone