[Snort-openappid] Looking for AppID of Browsec Chrome Extension

Cliff Judge (cljudge) cljudge at ...5...
Tue May 31 18:00:53 EDT 2016


Hello Javed,

Here are some tips to get you in the right direction:

If you want to create an application detector for this app, what you should do is install it, and then use it a bit while taking packet captures with wireshark.

Examine the TLS handshake for any server_name extentions in the Client Hello packet, or commonName fields in packets that contain Certificate.

If you find anything that looks unique to Browsec, you can use that as a pattern for an SSL detector.


Thanks,
Cliff Judge

________________________________
From: Javed Iqbal <javed.iqbal at ...132...>
Sent: Wednesday, May 25, 2016 2:34 PM
To: snort-openappid at lists.sourceforge.net
Subject: [Snort-openappid] Looking for AppID of Browsec Chrome Extension

Hi All,


I am looking for application detection of "Browsec" chrome extension but i am unable to find its detector in appMappaing.data. Can anybody help me out for creating custom application detector for "Browsec". Below is URL of application:

URL : https://chrome.google.com/webstore/detail/browsec-vpn-privacy-and-s/omghfjlpggmjjaagoclmmobgdodcjboh?hl=en



I will be very thankful and quick response will be highly appriciated.

--


Best Regard,


Javed Iqbal   Sr. Network Administrator, Northbay Solutions Pvt. Ltd


Phone:   +92-42-35290165
Mobile:   +92-302-8480764
Email:     javed.iqbal at ...132...<mailto:Javed.iqbal at ...132...>
Website:  www.northbaysolutions.com<http://www.northbaysolutions.com/>
Address: 410 - G4 Johar Town Lahore


P Please consider the environment and don't print this e-mail unless you really need to..
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-openappid/attachments/20160531/74960f30/attachment.html>


More information about the Snort-openappid mailing list