From c43360f8e65d9caa590070c5fa7211be63e6b408 Mon Sep 17 00:00:00 2001
From: Luca <deri@ntop.org>
Date: Wed, 15 Jun 2022 18:57:46 +0200
Subject: [PATCH] Added new test pcaps

---
 tests/pcap/sql_injection.pcap       | Bin 0 -> 2852 bytes
 tests/pcap/xss.pcap                 | Bin 0 -> 3409 bytes
 tests/result/sql_injection.pcap.out |   8 ++++++++
 tests/result/xss.pcap.out           |  10 ++++++++++
 4 files changed, 18 insertions(+)
 create mode 100644 tests/pcap/sql_injection.pcap
 create mode 100644 tests/pcap/xss.pcap
 create mode 100644 tests/result/sql_injection.pcap.out
 create mode 100644 tests/result/xss.pcap.out

diff --git a/tests/pcap/sql_injection.pcap b/tests/pcap/sql_injection.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..06bbcec1765b084e16ad956a4c95fdcf2aa6003f
GIT binary patch
literal 2852
zcmai02~-nT7f#rONJK4G5YQ0~i)6C0hDORRixMD&MMQ@%Nk+1f%s@ayEUsvjDheuC
zQBhFz2elwzD^#>ni&hbF4Tx0`>u&u;v~~tuj-K<MKa+Rfn>+7)@4b8PckjJ?>PUqV
z$%ORjXF?+5F9jymsfz(K(%(j;k!BrLsLhV*b-S;%2{0!GlZ^UJe*c#At=U2QmMUWf
z-qJ7HkOYe5rGoBt&VKne<d-wTNhC7aoKiG*IOb^6y=S4pLVy`0iuVT<kQRkC%uGzK
zgf&nqB1cdJ)-tsja)jxJr15Fo5G0Mp4T5MKFSodPVNvtkVuK@t1BGrh4hMyGC>!r-
zoWS>Q_>e>627sU&NaJ|MVyOxQ#aE9GoJKqTXa~#@3I$9ygH5H(QE5>g!1m!V*q+`D
zE`!bTqEZ4?N+m2t5tWh$q{FZpgycvjOr^xBr5Y#=2E&wESd3|4Fb2-RU@fY}5%8~C
zSOfY?VI>YYSCxav<q*?@!2(<o*lb@Q5>aA0K<Dkb(9_)&@K>wla6FtEfuKwet`~#r
z3AjYe5zdXI19BuC20~$Ry2=#@lxb87n8{{w7%bueVj&5nLEbN+QvAhYSdDK-XoD$3
z6>>U+10!OHI6G5ENZfQ^N)>Y73_gqDLq`;l6lOx1h~)h+3r<ykkgAnZ`Yh(Gk*VIF
z!D<ny5>5kQomd7brLb=%Kb1R*NTtNU5?BLkcz_H=)jTHiGsXUYvwye|7_1bl(h#MT
z2S{@eH62KUC2|PGO)z?6FcRMx!%xox5EKj((h>CionR#x7yJIuuySNDVo+5&f=?FA
z5yS?^#)bv)G001WDKf+|cNr%GmSd^vOcjTn28%s?ff3^(Xf|K2%A!)J6oLe5oCE<l
zA&55W{-abNNI-HIy(UO7zk(nDK?IWEq76X+#qu4-`Qyp2lJR8(363`Ff(arJh_7g7
zq(M{CNc$4e^rmQ-K#Y6!zYtIT@)0qVK>Xm*0Efi_q9Ul2AY5HMK#0L~fb9;1V@muB
zhXZifJP&Uk#|sFZE2L6lVNE7sEq^s6mcdL8!=2&I23+D&F(rz*QYpbYHKKuW_a4FF
zaNpywd;m6w$713CQJg?xIf&B+)u`k=K&b-7goF+#Ff9sd;7puAX(RR%XdtNq`ZR?~
z5kZ=4`~)MO{L$_s97J&{eUyxP!Y6qotdycMoOoO>4=N>sV5vXBQk)Ek0#;!t-vi$s
z((&0W*5{1=H1`vlFk4Nm{6HgL+_g1Y80BNA1oS3+VA?wK(b#BQneZ;^hPU;*#yP{&
za%Us*PTK6EdAz!rUkPmZb$YP&R+w|#yuNxf=cn@h3m*UHq|_HNF4!{3V#4sy(4GGO
z-qPpU=6V18roYdmBhqzKdHLDA?{{^%pQ)i3rb58D-L`vzk8o{*Xk2TZ-tubqste-W
z<oH!_PREnOS4BUPvOWLWG5zZY9=}P2h@|h}xz66G^=nM+gI3wKZn~haD&1{6`6k^;
z@cOB}{y_RxyOj8WUJ?~atk@97da)875QMjC2NO~({g(OUuD!S9w&C$WS5e2dD%fJ;
ziNZC0tqx8)tibv!_7#b1=}xwU#Q`*K$YGBV?rA6XxIm+2r*r+mEycz074x04>b!5(
z2M(2#pud?HDepuM+&r>USrPn4W8bA08&B@j4p!SBTY4t;B{e@bZCTwt#d*Thvh$2K
zJF}3)1@ve})fM*6F50Q{$)-QdNNKxz-IVc5F;}W;eY7xo%mn8C9*bV(zO_~RF_(j`
zA;SFSUJ3h}>1)hGZ~0svL@h;&Mg4gVoUO-P5^gKW5A*|%B$GD=mG>mXnH#=`0#vTE
z+uCibraM}@JL!%*pCL&>_Dt!=c*Weco1-^A^R`q!4SC&B?cn&`Y&Nj_cC=N#yW_P!
z&*v#+YF5a;DW}ZmZTM?)`ITAA{+#>Rs7^&6Q+B6`j>OdzsC<tlA6y$8;a9F4!@4~)
zcSdVZYRcW+uBGt<u4An15(^DU^&y4Zzus%wtT_s*!YY^V4Jj+BJrQl`FfAo{>JJWv
zb^EuG%99ov@(-S*jN8?)sW)?C(%uZSZ3m98Tb*K``0U(6_2l)2^^K-)jb;>c6c3k&
zoC-a2cEJf%(nj!l4??MabE+9UeS~$OV5rS0r6-Ei>5#B^@sA!chbzaf8jBt)u7!Pz
zF$Jmi<f2VY?VZ{}?E;tP*=_RarUf~d?#x`d^u+eddGAhNGu2(&n|D*Ry-WYp&g$Wl
z`wew>s|&u#y5n2=bJ2?f7Xw$ei!L2z@o!|LKdi`v<4Sj4tCu}q?O<8l&+k22#xEW^
zAlvY~X_5GV4W=%T#T=X%-QacRWU9%nD>Y_~hMmbd8~kU!%~Drx`>w@T_8^nCBQKP!
zFnMQnX34Te!iy6_a^oU~Pc*fMD|tJQm3LIju5`X!<ha?vd1hTqPIhIg#o2sA{<8r_
zQ;y&3CsQk(`<;I+Ion>hdYQIo=^LK8;K|LvGyi-AQ<_%99zK>~WDhi)-rN~-2pLxM
z?BPlGYwlsZ8&L*-9j_slrttXr@zs{z3%L#TnbtSz2aN*~CNW-7OKN)EYr2ZB+LF)d
zv!y<=2UXhxIt!=kFAbVG`_*ON)meqtCeVK=v<0i1pjp2^*p$}WQnc{suCWn2+6pE~
ziURjbjJg{)t*%_+_(anFz_ja9&yqTG(n<NObz%C7@q6Y?*wc~p#<jE~2FA96#$s`J
zbA(?m5&6kZW~4;Cx+2<_k)IqPdP7A1q&1&MetQ2%F0moM3OM(9<bRe`vlK0H0q%8I
zL%ly;e3!Li$>vbI>y3+qL*C8Ip9U&DYwU0A&0ffo=-DDf@oMQk`SSCnMaK(Dew6=t
zTx{HS%a-1-Vu4T)XdGcNh1Pd#_*}ca;Mc9~`@-!S>f?2Wp%D7uY3<p1VQne-&xo>J
zdd@z~_-(({-pd<q*O%?AkB+(Ua#ziv6{1$*6W6r4txiQp97Rr^flbyECzMW4Dn7CJ
zkj3-Emn*cxGI=&Bqa)+d<v$MB8bmJG9_Tv5I(h!WSvhB?UGQ;#`!J``q+-5Q*8)0W
ziX0Vd+c$T++~)tfc-pp??C!y=zspt_d9LDbu^l^ZoW*{bF7c5eC-Eh1f!;CIZP(i^
zE&PX@-;pgQSzekwezbBWaX%&PFDqA)yGaM3=tJj;giR=Wv~t~H+`SI`2T$7f<G_!V
K>yLQi4*eJCZ*lto

literal 0
HcmV?d00001

diff --git a/tests/pcap/xss.pcap b/tests/pcap/xss.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..1a9c1f5c9a1d578e7b948ce9e918fc4af2b14dc3
GIT binary patch
literal 3409
zcma)<3p`Y5AIE0~mC<0)RdEVQ=01bW7?JxRcgePyGvgR1GiUA$Qnpgkja|x{D5a8j
zrKFuzYt@!gX+@W}ZL=lSyCRp}l8U_NkS==P{k${td_HIX&vU-d?>x`{_n&8Op06$?
z;Pi1HUivsZ`lX$4RA{`+5XVQav1SpHqe=~V;Ml2}xpWH72ZwWeGv5Q}F-a#sTdpTX
zTT%-V7uxDqc>*1b+fR7i=l2~BN6<H@(I-qH=K2+tU~#;j-einy^$~fDImRC&<8T<c
z`df^O(Q%<I#CYFZ`6#`5zuDVtck&1F$x}0ZG5R>!<s<UvnnyNc<da74HBZHb>dJVm
zam}q)KaeMCcKwL_e`%gN>$<QQrL!^3n`%FhCu;T;7~+<q60r7}X7)(-sAjVXn%OA5
zB-0c>P;G{;D}Hp1%P=ywzQKP>d}D(Vbt&(OV>?%ku5kfIgtI;;E<=e22)NNUQ6nM$
zjV(qzHT}O5XW|Ez&H9w+=MxFgyrY+UQly|t4Jm2K8VLd^K_M)G)i9)@X;rGYc-oS9
zC;`++)I1+VEP+*tb}TQIND0f;b}S!I0x8uC84hTS_C5&sM@ELy7*qy{=r2>LIRL|z
zNo6=Mrn0CEx(kWuB|{KMq=sb(2S|b-IR%u!$q*U`MTrmv?Nuvf5)L2*wG>bc@#rLC
zlw7O?;~`1_qJl&kB}55_6dFjSR-tUPR|P34o?-|=rwW#(!4e5bbE49Lg)s~U7YKq8
zjTX=@c8+sqI{=<?xdd7c2?Jp@&57kgWjO;21N|d|gUEmcPJ#eGNR%XV0K5{FGATr3
z(3w;^_68!r1W*aTyM;vb6p0`?I-MHQs%eR8se}xoU|0lVPes#W5l8LBs8qsL@aR-m
zGAu=(iv}jc3GXgbAfbFbDo4cRMYKhuLl=L7Rl#Beil;zYQ6h+lA#O5H$QmP#3!?ZS
zB3V3)h&g~b4VIGubn7Ib8eQ8l!IU8MMh!YS2Y}U-fJic|ekTb+C{Ypb=7f;Zi_x8u
zCBf+6Q2)>fpNNP6Z=MEpk!hp~Q6f8$semLJp*&f}WW+-vXD%?hH?TUDCy}L)h$JHB
zfiFMuz-NACTQjhX{dP5)u^-o%f>yudW~c{ViLJ&m7IhRKtpsHlaTqehJvG3MwuwZ8
zd)7>hxc%J!BJy6mCkA1}@l*wvbUF|cNFsWp%f$gAH4qtKumQdXL3@}?fXU!EF*r<D
zz%MwGM2vux$&iwRW)qgOG$xfzWix<<Q9=!();N%eK3X}fgwX69<uF<AICNKl!Q{~C
z=x2;GA>$DlMT7y#fK;PWQ<P9L>Wui&{R>rsVkyW0#)puI(V#LFRWO=}@ArMwTx!$_
z?;~TG@F5-qA!2nR>KnEzYMnsLex8{9&|HS4kW8cIIib^oS{{Rr8t-GPei-|K7MUu?
z?i_ak7tKti3R3el>IBMSEC;N&PQl7L4ySi0CN9L%)pVV4c>RWElNqgxx|AW)+S+nF
z9QKy`8`h+>2IQUO22B0^)R}<=`)_2tv`kOALCTu6)S_YF&R<0*cqK~=*Ks*ZejG|4
z%xjV^=qN6}e#-mLHPgcy-|U-Yv87mU?6y6HQ%u*ps;In`F}Nzn$J-<dnWr1R$|dF7
z-dcEIIzmy!^ae2horSmj>MN_4_rrdkBe1XenV((1i@AAy$VQ6+WZ#_Pbqn+mz;1IE
zbJMns224J&w6akg|FWv3+;2cJw^`ZR#|Q2UmKxXWn%^E>zPH;dV>tP`&DJ_WFC{fY
z-zb+aF2B>28@0a9IQ)@I8E#gXsMog8HS^Gghs&OlY%hi~X@c1;fM76qMqp1lxnsV`
z5c|wdyFSy|`RlwdiqGcO>|i}M(vkbjo!0lik!-DhVzesEf#Fkq_`<3FXQu5NlDs-{
zqa24dC!YRv+$F4YZh)=Jf&;1o{0m)Sj=>kOcblf&cYmMm-X8go<7#`0U%TxMhJKm)
z?drpX;^u|zX1y8bud$1KriI<)mG%T((gr@}_k^%S*KSyZ*BkAnK_^{YTyq!ID*Wd8
zcwNNDaR)Om+H0rI>(C0rFL3K)$x6{yrXr`vquFVD$d~y?!2OSRpB7rxQo%=rT>l-D
zD7fe=+O2Km*k->6P*6@Q;b8ySQ;%Y%T{cfivz~&?^W5uI0J()+hS!qT-uSK5?r<Te
zrlp}j85ePGy~*rn6tmR%S1l^^c+(TXBRhoO->$qF-k*O<uzYRJV`}a9e{>b<%>1tq
z8r#qH{n__Oz;*lUE26$-hHHA~D{fi8J})xOdS|!soLb%79<#w~F^jLu?%3GSd#oBe
zTh7bQXL=v)d4Zg*b4utAZD~8`xMbwVLutl`69rU3Y`{8vA$-<1dfJyZcD`>e(QP+y
zx08P>9m*z68L&65pubY?dl)?9pyI`al|aMRO8<}>7O%YBqo$4Y#b@7kjtUVyHjlcS
z(|=YI_mky}lG%-{`}Lbw7<?1WP9xK6{ZCIXT%EV$Ct_gL%40RU;Mfg}bdz7_dKj%a
zkyF;;eTe?VKyIJ)V8*TM{h<VcXvZN7=X+wrj&o%=x086xd|6ap-d=HG^nP1DeRGlH
zz1v52?p`I@oj!PE1&t40352_97ch?c&1Kk~Im+knUS^=xb3Zn@r%CU*tvubmO=>#-
zu8qR`_kqTGCzbe|QI*Y>MjPPpUct5oRqCdEm)^8qOGC$Fc6-R(t)Xyl=k%4kOf?Rv
z5e|Kut|Q&P4nG{MJH5C~^Sq>J%8CYy8}=Q^0gJYsDQ7=*u0!r!YSt5s+@hQdX=}rc
zF!lw2PuhOyal@U)xBrmo=9yWM;XdO3*S)0Bl#-o&hQy`?rxmx}Hr4Y%$D;Uxu-i6y
zUDW|QTD+NGyDG8*{ni!-QtE11;@-D*ua9)^dt}`&etze7^V04`-(Z!0Qi37w8hR|o
z+QiC_ueWAll|QfT)5`xFZ}hihCjOOm!l#vge#^B|6K#}T-;y<(9pz2#qScqT8%Huk
zS07jJ6F5gc89Xpcx9eb+!t-meqIv7A+b$Mf<Yrmo(43wEm%Fi()l^aM%8PFmvVS(s
zZc3;$wS5rqj}6mw_yZ>l(_$|gIhv8nVk)ZLkt!2i>}i6{a07#9Sy5U1vb`!fc9msP
z2_d-j^^1*@htr-3!t`ks%7^osWj))nB;5~JM5t;=ityO3oIQ6<>xnVnnCI?s?u+dV
z-&q7@-zn};2Yc*3N9pDA>&fvqGZwefOf}upYZngS8Eev>r<)(KIl8N!YvM4EaG|@U
zP!g#u<9|n5TY9+P==QYAM9ZkkUA$wG$^%>>wSl~|e4~SJk!khd6_57yrkiMUz9>nU
zU)5`VDcEZ1FDrfGsyr`PJN`1{dXsfs*x>f)d17P;`)zI3(BmM1Pjs_5rI7KjCw<vq
zP(gJiVZ|ldtH7m~o_TaRK6{<H{FM8X8KOs*pUteRH^>(r@9sTTFf0vTUYA>|-!Oc#
zV`Rsck;%s;_mBPg#n|7RoRq&ie!sE9Hdm+l^k{qBEZ+BCBYIHyBkuY8qiqFxSP1$L
DKyNDN

literal 0
HcmV?d00001

diff --git a/tests/result/sql_injection.pcap.out b/tests/result/sql_injection.pcap.out
new file mode 100644
index 00000000000..654b3c3b859
--- /dev/null
+++ b/tests/result/sql_injection.pcap.out
@@ -0,0 +1,8 @@
+Guessed flow protos:	0
+
+DPI Packets (TCP):	3	(3.00 pkts/flow)
+Confidence DPI              : 1 (flows)
+
+HTTP	5	2748	1
+
+	1	TCP 192.168.3.109:53528 <-> 192.168.3.107:80 [proto: 7/HTTP][ClearText][Confidence: DPI][cat: Web/5][2 pkts/823 bytes <-> 3 pkts/1925 bytes][Goodput ratio: 84/90][0.00 sec][Hostname/SNI: 192.168.3.107][URL: 192.168.3.107/DVWA-master/vulnerabilities/sqli/?id=%3Fid%3Da%27+UNION+SELECT+%22text1%22%2C%22text2%22%3B--+-%26Submit%3DSubmit&Submit=Submit][StatusCode: 200][Content-Type: text/html][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36][Risk: ** SQL Injection **** HTTP Numeric IP Address **][Risk Score: 260][Risk Info: Found host 192.168.3.107][PLAIN TEXT (GET /DV)][Plen Bins: 0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0]
diff --git a/tests/result/xss.pcap.out b/tests/result/xss.pcap.out
new file mode 100644
index 00000000000..f90889953a3
--- /dev/null
+++ b/tests/result/xss.pcap.out
@@ -0,0 +1,10 @@
+Guessed flow protos:	1
+
+DPI Packets (TCP):	9	(4.50 pkts/flow)
+Confidence Match by port    : 1 (flows)
+Confidence DPI              : 1 (flows)
+
+HTTP	11	3209	2
+
+	1	TCP 192.168.3.109:53514 <-> 192.168.3.107:80 [proto: 7/HTTP][ClearText][Confidence: DPI][cat: Web/5][4 pkts/880 bytes <-> 4 pkts/2115 bytes][Goodput ratio: 69/87][0.01 sec][Hostname/SNI: 192.168.3.107][bytes ratio: -0.412 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/2 5/4 2/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 220/529 674/1514 262/591][URL: 192.168.3.107/DVWA-master/vulnerabilities/xss_d/?default=English%3Cscript%3Ealert(1)%3C/script%3E][StatusCode: 200][Content-Type: text/html][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36][Risk: ** XSS Attack **** HTTP Numeric IP Address **][Risk Score: 260][Risk Info: Found host 192.168.3.107][PLAIN TEXT (FGET /DVWA)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0]
+	2	TCP 192.168.3.109:53516 <-> 192.168.3.107:80 [proto: 7/HTTP][ClearText][Confidence: Match by port][cat: Web/5][2 pkts/140 bytes <-> 1 pkts/74 bytes][Goodput ratio: 0/0][0.00 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]