diff options
author | Evan Huus <eapache@gmail.com> | 2014-06-29 08:50:21 -0400 |
---|---|---|
committer | Evan Huus <eapache@gmail.com> | 2014-06-30 21:10:11 +0000 |
commit | f1ff6635a8356e0832350fd806cc3810132b2102 (patch) | |
tree | 841a11722aafad604f40f97be880be559b020c38 /epan/dissectors/packet-http.c | |
parent | 60d0faf9c9bee0defc42d7ad633ae46a8008bd6c (diff) |
Warn about unencrypted HTTP traffic over port 443
At the suggestion of Toralf Förster. This includes an expert info, as well as
making SSL a new-style dissector and rejecting traffic that looks like
unencrypted text.
Change-Id: Ib09ea0d97952330f092590ff3fc6488807cdbb81
Reviewed-on: https://code.wireshark.org/review/2693
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Evan Huus <eapache@gmail.com>
Diffstat (limited to 'epan/dissectors/packet-http.c')
-rw-r--r-- | epan/dissectors/packet-http.c | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/epan/dissectors/packet-http.c b/epan/dissectors/packet-http.c index 2cf673c122..056e79a2da 100644 --- a/epan/dissectors/packet-http.c +++ b/epan/dissectors/packet-http.c @@ -135,6 +135,8 @@ static gint ett_http_header_item = -1; static expert_field ei_http_chat = EI_INIT; static expert_field ei_http_chunked_and_length = EI_INIT; static expert_field ei_http_subdissector_failed = EI_INIT; +static expert_field ei_http_ssl_port = EI_INIT; + static dissector_handle_t http_handle; @@ -700,7 +702,7 @@ dissect_http_message(tvbuff_t *tvb, int offset, packet_info *pinfo, const guchar *linep, *lineend; int orig_offset; int first_linelen, linelen; - gboolean is_request_or_reply; + gboolean is_request_or_reply, is_ssl = FALSE; gboolean saw_req_resp_or_header; guchar c; http_type_t http_type; @@ -780,6 +782,8 @@ dissect_http_message(tvbuff_t *tvb, int offset, packet_info *pinfo, } } + proto_get_frame_protocols(pinfo->layers, NULL, NULL, NULL, NULL, &is_ssl); + stat_info = wmem_new(wmem_packet_scope(), http_info_value_t); stat_info->framenum = pinfo->fd->num; stat_info->response_code = 0; @@ -974,8 +978,6 @@ dissect_http_message(tvbuff_t *tvb, int offset, packet_info *pinfo, col_add_fstr(pinfo->cinfo, COL_INFO, "%s ", format_text(firstline, first_linelen)); else col_set_str(pinfo->cinfo, COL_INFO, "Continuation"); - - first_loop = FALSE; } if ((tree) && (http_tree == NULL)) { @@ -983,6 +985,13 @@ dissect_http_message(tvbuff_t *tvb, int offset, packet_info *pinfo, http_tree = proto_item_add_subtree(ti, ett_http); } + if (first_loop && !is_ssl && pinfo->ptype == PT_TCP && + (pinfo->srcport == 443 || pinfo->destport == 443)) { + expert_add_info(pinfo, ti, &ei_http_ssl_port); + } + + first_loop = FALSE; + /* * Process this line. */ @@ -1027,10 +1036,8 @@ dissect_http_message(tvbuff_t *tvb, int offset, packet_info *pinfo, if (tree && stat_info->http_host && stat_info->request_uri) { proto_item *e_ti; - gboolean is_ssl = FALSE; gchar *uri; - proto_get_frame_protocols(pinfo->layers, NULL, NULL, NULL, NULL, &is_ssl); uri = wmem_strdup_printf(wmem_packet_scope(), "%s://%s%s", is_ssl ? "https" : "http", g_strstrip(wmem_strdup(wmem_packet_scope(), stat_info->http_host)), stat_info->request_uri); @@ -3058,6 +3065,7 @@ proto_register_http(void) { &ei_http_chat, { "http.chat", PI_SEQUENCE, PI_CHAT, "Formatted text", EXPFILL }}, { &ei_http_chunked_and_length, { "http.chunkd_and_length", PI_MALFORMED, PI_WARN, "It is incorrect to specify a content-length header and chunked encoding together.", EXPFILL }}, { &ei_http_subdissector_failed, { "http.subdissector_failed", PI_MALFORMED, PI_NOTE, "HTTP body subdissector failed, trying heuristic subdissector", EXPFILL }}, + { &ei_http_ssl_port, { "http.ssl_port", PI_SECURITY, PI_WARN, "Unencrypted HTTP protocol detected over encrypted port, could indicate a dangerous misconfiguration.", EXPFILL }}, }; /* UAT for header fields */ |