Enabled the "Enable TLS Analysis" checkbox

Author: Dr. Brandon Wiley

AdversaryLabSwift/Base.lproj/Main.storyboard

@@ -1565,7 +1565,7 @@
                             <button verticalHuggingPriority="750" fixedFrame="YES" translatesAutoresizingMaskIntoConstraints="NO" id="qWY-FO-Xfj">
                                 <rect key="frame" x="418" y="624" width="144" height="18"/>
                                 <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
-                                <buttonCell key="cell" type="check" title="Enable TLS Analysis" bezelStyle="regularSquare" imagePosition="left" enabled="NO" inset="2" id="m3M-iX-HUs">
+                                <buttonCell key="cell" type="check" title="Enable TLS Analysis" bezelStyle="regularSquare" imagePosition="left" inset="2" id="m3M-iX-HUs">
                                     <behavior key="behavior" changeContents="YES" doesNotDimImage="YES" lightByContents="YES"/>
                                     <font key="font" metaFont="system"/>
                                 </buttonCell>

AdversaryLabSwift/Controllers/ConnectionInspector.swift

@@ -11,7 +11,7 @@ import Auburn
 
 class ConnectionInspector
 {
-    func analyzeConnections(enableSequenceAnalysis: Bool)
+    func analyzeConnections(enableSequenceAnalysis: Bool, enableTLSAnalysis: Bool)
     {
         analysisQueue.async
         {
@@ -36,7 +36,7 @@ class ConnectionInspector
 
                 let allowedConnection = ObservedConnection(connectionType: .allowed, connectionID: allowedConnectionID)
 
-                self.analyze(connection: allowedConnection, enableSequenceAnalysis: enableSequenceAnalysis)
+                self.analyze(connection: allowedConnection, enableSequenceAnalysis: enableSequenceAnalysis, enableTLSAnalysis: enableTLSAnalysis)
             }
 
             // Blocked Connections
@@ -59,32 +59,35 @@ class ConnectionInspector
 
                 let blockedConnection = ObservedConnection(connectionType: .blocked, connectionID: blockedConnectionID)
 
-                self.analyze(connection: blockedConnection, enableSequenceAnalysis: enableSequenceAnalysis)
+                self.analyze(connection: blockedConnection, enableSequenceAnalysis: enableSequenceAnalysis, enableTLSAnalysis: enableTLSAnalysis)
             }
 
-            self.scoreConnections()
+            self.scoreConnections(enableSequenceAnalysis: enableSequenceAnalysis, enableTLSAnalysis: enableTLSAnalysis)
         }
 
         // New Data Available for UI
         print("Analysis loop complete: SENDING UI UPDATE NOTIFICATION")
         NotificationCenter.default.post(name: .updateStats, object: nil)
     }
 
-    func scoreConnections()
+    func scoreConnections(enableSequenceAnalysis: Bool, enableTLSAnalysis: Bool)
     {
         sleep(1)
         scoreAllPacketLengths()
         sleep(1)
-        scoreAllFloatSequences()
-        sleep(1)
+        if enableSequenceAnalysis
+        {
+            scoreAllFloatSequences()
+            sleep(1)
+        }
         scoreAllEntropy()
         sleep(1)
         scoreAllTiming()
         sleep(1)
         NotificationCenter.default.post(name: .updateStats, object: nil)
     }
 
-    func analyze(connection: ObservedConnection, enableSequenceAnalysis: Bool)
+    func analyze(connection: ObservedConnection, enableSequenceAnalysis: Bool, enableTLSAnalysis: Bool)
     {
         print("Analyzing a new connection: \(connection.connectionID)")
         // Process Packet Lengths
@@ -130,11 +133,13 @@ class ConnectionInspector
             }
         }
 
-        if let knownProtocol = detectKnownProtocol(connection: connection) {
-            NSLog("It's TLS!")
-            processKnownProtocol(knownProtocol, connection)
-        } else {
-            NSLog("Not TLS.")
+        if enableTLSAnalysis {
+            if let knownProtocol = detectKnownProtocol(connection: connection) {
+                NSLog("It's TLS!")
+                processKnownProtocol(knownProtocol, connection)
+            } else {
+                NSLog("Not TLS.")
+            }
         }
     }
 }

AdversaryLabSwift/ViewController.swift

@@ -77,6 +77,23 @@ class ViewController: NSViewController
             }
         }
     }
+    
+    var enableTLSAnalysis: Bool
+    {
+        get
+        {
+            switch enableTLSCheck.state
+            {
+            case .on:
+                return true
+            case .off:
+                return false
+            default: //No Mixed State
+                return false
+            }
+        }
+    }
+    
     override func viewDidLoad()
     {
         super.viewDidLoad()
@@ -93,7 +110,7 @@ class ViewController: NSViewController
 
     @IBAction func runClick(_ sender: NSButton)
     {
-        self.connectionInspector.analyzeConnections(enableSequenceAnalysis: enableSequenceAnalysis)
+        self.connectionInspector.analyzeConnections(enableSequenceAnalysis: enableSequenceAnalysis, enableTLSAnalysis: enableTLSAnalysis)
         self.loadLabelData()
     }
 
@@ -302,7 +319,7 @@ class ViewController: NSViewController
                         continue
                     }
 
-                    self.connectionInspector.analyzeConnections(enableSequenceAnalysis: self.enableSequenceAnalysis)
+                    self.connectionInspector.analyzeConnections(enableSequenceAnalysis: self.enableSequenceAnalysis, enableTLSAnalysis: self.enableTLSAnalysis)
                 }
             }
         }