Zeek Package Manager
 

zeek-package-detect-DoH

https://github.com/stratosphereips/zeek-package-detect-DoH
4
1
1
0
Last Push 4/12/23, 2:49 PM

Goal

Detect DoH servers by adding a is_DoH field in ssl.log and add timeout to them so that the DoH connection won't take too long

Running Zeek using this script will result in a is_DoH column in ssl.log that is set to true if the destination IP is a DoH server

Example

This command

bro -C -i wlp3s0 zeek-package-detect-DoH

Will result in the following is_DoH column ssl.log

ssl.log

The is_DoH value of IP 64.20.34.50 is set to T because it is a DoH server.

Package Version :

Description :

Detect DoH servers by adding a is_DoH field in ssl.log and add timeout to them so that the DoH connection won't take too long

Tags :

DoH, SSL, zeek plugin, dns, features extraction

Package Checks :

License:
Info:
Found license 'LICENSE'
Readme:
Info:
Found readme 'README.md'
Build Command:
Bad Extension:
Expensive Events:
Unsafe Functions:
Charset: