Troubleshooting Tip: WAD Debugging - VIP Example (Deep Inspection)

martinsd · ‎08-28-2024

Description

This article describes an example of a WAD Debug for a VIP with Deep Inspection.

Scope

FortiGate and FortiProxy.

Solution

Diagram:

WAD Debug:

First, collect the debug logs and check which process is handling the traffic hitting the firewall policy ID 25. In this case, it is PID 13074:

diagnose wad filter vd root
diagnose wad filter firewall-policy 25
diagnose debug console timestamp enable
diagnose wad debug enable all
diagnose wad debug display pid enable
diagnose wad debug enable level verbose
diagnose debug enable

[Log Level] Timestamp [pid] [session] wad_function :log_id log_message

Client -> Proxy - Socket (file descriptor 116):

[I]2024-07-09 15:49:36.299650 [p:13074] wad_unix_stream_on_read_msg :488 recvmsg
[I]2024-07-09 15:49:36.299703 [p:13074] wad_unix_stream_on_read_msg :488 recvmsg
[I]2024-07-09 15:49:36.299817 [p:13074] wad_tcp_port_alloc :1464 alloc tcp_port=0x7f88cca048
[I]2024-07-09 15:49:36.299847 [p:13074] __wad_tcp_port_rebuild :2485 rebuild client TCP 85.245.105.249:60006 -> 192.168.20.18:443 on 116
[V]2024-07-09 15:49:36.299881 [p:13074] wad_session_start_traffic_timer :435 ses_ctx:0x7f88db5568 start traffic timer:300
[I]2024-07-09 15:49:36.299890 [p:13074] wad_ipc_ips_tcp_make :3175 am->type=5/13 proxy_type=9
[I]2024-07-09 15:49:36.299908 [p:13074] wad_tcp_port_learn_v4_session :125 Redir session state=0x306 state2=0x1 state_ext=0x0.
[V]2024-07-09 15:49:36.299927 [p:13074][s:928263] wad_policy_profile_learn :507 app=5 proxy=9, pn=0x7f88bdcdb8
[I]2024-07-09 15:49:36.299942 [p:13074][s:928263] wad_tcp_port_learn_session_config :443 vf_id=0 ses_ctx=0x7f88db5568 policy-id=25, sec_profile=0x7f89241348 app_type=tcp
wan_opt_mode=0 av_idx=0 dd_method=0 wan_opt_tcp=0
tp-mode=0 web_cache=0 webcache_ssl=0
check_policy: http=0 ssh=0 ssh_tun=0 fw_ztna=0 ap=0
ipsapp_redirect=1
ssl_enabled=1 ssl_full=1 wanopt_ssl=0 ssl_proc=dubei2
ses_ctx:t|P|M|Hf|C|A7|O fwdsvr=''

Proxy -> Server - Socket (file descriptor 121):

[I]2024-07-09 15:49:36.299960 [p:13074][s:928263] wad_tcp_port_alloc :1464 alloc tcp_port=0x7f88cca190
[I]2024-07-09 15:49:36.299969 [p:13074][s:928263] __wad_tcp_port_rebuild :2493 rebuild server TCP 85.245.105.249:60006 -> 192.168.20.18:443 on 121

TLS Handshakes:

[I]2024-07-09 15:49:36.300040 [p:13074][s:928263] wad_ssl_port_open :20819 wsp=0x7f88cca190/7 making SSL port
[V]2024-07-09 15:49:36.300060 [p:13074][s:928263] wad_ssl_negotiate_make :2392 nego=0x7f88cb55d0
[I]2024-07-09 15:49:36.300083 [p:13074][s:928263] wad_ssl_port_open :21112 wsp=0x7f88a1f048/7 SSL-port open succ type=7 port=0x7f88cca190 vd=0 svr=192.168.20.18:443: succ
[I]2024-07-09 15:49:36.300096 [p:13074][s:928263] wad_ssl_port_open :20819 wsp=0x7f88cca048/6 making SSL port
[V]2024-07-09 15:49:36.300107 [p:13074][s:928263] wad_ssl_negotiate_make :2392 nego=0x7f88cb58d8
[I]2024-07-09 15:49:36.300119 [p:13074][s:928263] wad_ssl_port_open :21112 wsp=0x7f88a1f3f0/6 SSL-port open succ type=6 port=0x7f88cca048 vd=0 svr=192.168.20.18:443: succ
[I]2024-07-09 15:49:36.300132 [p:13074][s:928263] wad_ssl_port_run :21149 sp=0x7f88a1f3f0/6 state=1
[I]2024-07-09 15:49:36.300141 [p:13074][s:928263] wad_ssl_port_run :21149 sp=0x7f88a1f048/7 state=1
[V]2024-07-09 15:49:36.300149 [p:13074][s:928263] wad_tcp_port_out_read_block :1005 tcp_port 0x7f88cca048 fd=116 on=0 n_out_block=1~>0 in(/out)_shutdown=0/0 closed=0 state=2.
[V]2024-07-09 15:49:36.300160 [p:13074][s:928263] wad_tcp_port_transport_read_block :960 tcp_port 0x7f88cca048 fd=116 on=0 n_out_block=1~>0 in(/out)_shutdown=0/0 closed=0 events=0x0.
[V]2024-07-09 15:49:36.300171 [p:13074][s:928263] wad_tcp_port_transport_read_block :992 sock 116 read_block removed, turn on readability.
[V]2024-07-09 15:49:36.300180 [p:13074][s:928263] wad_tcp_port_out_read_block :1005 tcp_port 0x7f88cca190 fd=121 on=0 n_out_block=1~>0 in(/out)_shutdown=0/0 closed=0 state=2.
[V]2024-07-09 15:49:36.300190 [p:13074][s:928263] wad_tcp_port_transport_read_block :960 tcp_port 0x7f88cca190 fd=121 on=0 n_out_block=1~>0 in(/out)_shutdown=0/0 closed=0 events=0x0.
[V]2024-07-09 15:49:36.300200 [p:13074][s:928263] wad_tcp_port_transport_read_block :992 sock 121 read_block removed, turn on readability.
[I]2024-07-09 15:49:36.300492 [p:13074][s:928263] wad_tcp_port_on_event :1887 start processing tcp event=0x1 events=0x1 fd=116 n_out_block=0 state=2 close/shut=0/0 n_out_block=0
[I]2024-07-09 15:49:36.300510 [p:13074][s:928263] wad_tcp_port_on_read :1763 sock 116 read (0,4080)
[13074] read [(0,899) (16 03 01 03 7e 01 00 03 7a 03 03 39 23 b6 b7 cd 4c 01 33 7a 98 b9 0b ad 6b 03 ce 2b d3 27 15 73 d1 ca 30 92 ad ca cf b2 17 84 33 20 d3 db dc 9c 8e 6d 4c 6c ff 48 e4 c3 0b b3 a8 52 71 91 72 57 b2 55 2f ed 7e fb e1 71 43 00 3f 1c 00 20 3a 3a 13 01 13 02 13 03 c0 2b c0 2f c0 2c c0 30 cc a9 cc a8 c0 13 c0 14 00 9c 00 9d 00 2f 00 35 01 00 03 11 ea ea 00 00 00
0d 00 12 00 10 04 03 08 04 04 01 05 03 08 05 05 01 08 06 06 01 00 1b 00 03 02 00 02 00 17 00 00 00 05 00 05 01 00 00 00 00 00 2d 00 02 01 01 ff 01 00 01 00 00 00 00 11 00 0f 00 00 0c 77 73 73 2e 64 73 72 73 64 2e 70 74 00 23 00 00 00 10 00 0e 00 0c 02 68 32 08 68 74 74 70 2f 31 2e 31 44 69 00 05 00 03 02 68 32 00 2b 00 07 06 2a 2a 03 04 03 03 00 0b 00 02 01 00 )(....~...z..9#
...L.3z....k..+.'.s..0.......3 .....mLl.H.....Rq.rW.U/.~..qC.?.. ::.......+./.,.0............./.5...................................................-..................wss.dsrsd.pt.#.........h2.http/1.1Di.....h2.+...**..........)]
[(fe 0d 00 fa 00 00 01 00 01 e3 00 20 55 53 4b 08 c3 74 7d ab 24 00 ce ce b2 3b f2 91 5c 7c 4d bc d7 78 99 ba d9 f0 ee c7 82 07 e1 1a 00 d0 e3 7e 62 b5 03 43 5d 54 06 31 6c 3f 7d 31 8e 7a f1 ba ff bd d6 20 2e 5d d6 01 1b 80 0b 7a e4 1d ba d9 14 8b 67 dc 03 ef 68 aa 1d ef 00 0f 85 a0 0a b6 38 58 bc 67 77 31 9f fd 62 cc ea b5 6e 1c a0 41 49 02 71 1a c4 4f 7c 57 1e e9 9c ba
f8 7b b9 41 bd 45 78 6e 79 e7 3b 08 99 c7 d5 f5 7f 3f 7e e7 8c 52 f3 21 44 fd 40 ec 70 44 34 0b c6 3d 79 93 36 20 ab 37 b4 a4 89 59 46 1a 22 f2 0d 06 37 51 c7 cc fb fd db f2 5e f1 b8 75 23 91 84 91 90 13 9d 09 f7 41 39 ea e1 1f 67 b7 84 91 75 0c 9a 43 3c 32 23 bd 8e b9 6f 2f 65 45 9f b6 b3 a8 4b 6d 86 cf 0a 46 2d 74 60 2e 8c a0 b1 4e ff f5 6b 9e )(........... USK..t}.$....;..\
|M..x.............~b..C]T.1l?}1.z..... .].....z......g...h.........8X.gw1..b...n..AI.q..O|W.....{.A.Exny.;......?~..R.!D.@.pD4..=y.6 .7...YF."...7Q......^..u#........A9...g...u..C<2#...o/eE....Km...F-t`....N..k.)]
[(5c 5b e8 f6 a8 93 ae 76 ab 86 28 c1 4c 5a 00 0a 00 0a 00 08 ea ea 00 1d 00 17 00 18 00 33 00 2b 00 29 ea ea 00 01 00 00 1d 00 20 c0 3e d8 2d 47 b6 e4 31 ef b5 62 4b 83 a7 0a 19 aa 76 f2 bc 69 19 1b fe 2e 5c 55 e2 25 24 0a 31 00 12 00 00 8a 8a 00 01 00 00 29 01 4b 01 26 01 20 e4 95 e3 9a d8 7e 06 2f 6d 27 52 4d e1 b7 a4 7a 31 9c 6c b8 99 7a d7 96 4e f9 9e 48 be ff 83 7c
3e 52 cf 27 b7 73 23 fa 69 1a c9 cf 1c 88 f0 7a 0b c3 6b 80 65 82 09 fa 15 24 e5 2b 15 97 0e 98 74 3a 06 52 53 51 17 2a 55 5e 81 51 58 38 54 8c a7 f8 8b 43 c9 8e e9 bb 73 29 bf e1 8d 6e 63 7b 9a 90 ef 8a 4b 60 ba 57 ef 6c c8 55 ca fc 8c 00 6a 46 43 4e 89 da 5a ba 1f 95 be 1c a9 5f 20 a9 c3 12 ac 05 41 6b 17 3f 1e b2 3d b2 15 0a a3 87 95 bc 65 a2 )(\[.....v..(.LZ...............
3.+.)........ .>.-G..1..bK.....v..i....\U.%$.1..........).K.&. .....~./m'RM...z1.l..z..N..H...|>R.'.s#.i......z..k.e....$.+....t:.RSQ.*U^.QX8T....C....s)...nc{....K`.W.l.U....jFCN..Z......_ .....Ak.?..=.......e.)]
[V]2024-07-09 15:49:36.301392 [p:13074][s:928263] wad_ssl_sock_port_in_ops_read_buff:16574 sp=0x7f88a1f3f0/6 len=899
[V]2024-07-09 15:49:36.301403 [p:13074][s:928263] wad_ssl_sock_port_in_ops_sync :16584 sp=0x7f88a1f3f0/6 sync state=1 start
[V]2024-07-09 15:49:36.301411 [p:13074][s:928263] wad_ssl_sock_port_exec_up_forward :16257 sp=0x7f88a1f3f0/6
[I]2024-07-09 15:49:36.301423 [p:13074][s:928263] wad_ssl_sock_port_exec_up_forward_txn:16238 sp=0x7f88a1f3f0/6 forwarded len=899/899
[I]2024-07-09 15:49:36.301433 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f3f0/6 cts 1 pts 2 hs 0/0 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/0 cti 0/0 ci 1/899/5 cto 0/0 wb 0/0
[I]2024-07-09 15:49:36.301450 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f3f0/6 cts 3 pts 2 hs 2/0 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/0 cti 0/0 ci 1/899/899 cto 0/0 wb 0/0
[I]2024-07-09 15:49:36.301467 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f3f0/6 cts 2 pts 2 hs 2/0 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/0 cti 1/899 ci 0/0/5 cto 0/0 wb 0/0
[V]2024-07-09 15:49:36.302114 [p:13074][s:928263] wad_ssl_port_caps_on_dec_start :15062 sp=0x7f88a1f3f0/6 dec start 0x7f88d8d3e8 type 22 ver 0000 len 894 (01 00 03 7a 03 03 39 23 b6 b7 cd 4c 01 33 7a 98 b9 0b ad 6b 03 ce 2b d3 27 15 73 d1 ca 30 92 ad ca cf b2 17 84 33 20 d3 db dc 9c 8e 6d 4c 6c ff 48 e4 c3 0b b3 a8 52 71 91 72 57 b2 55 2f ed 7e fb e1 71 43 00 3f 1c 00 2
0 3a 3a 13 01 13 02 13 03 c0 2b c0 2f c0 2c c0 30 cc a9 cc a8 c0 13 c0 14 00 9c 00 9d 00 2f 00 35 01 00 03 11 ea ea 00 00 00 0d 00 12 00 10 04 03 08 04 04 01 05 03 08 05 05 01 08 06 06 01 00 1b 00 03 02 00 02 00 17 00 00 00 05 00 05 01 00 00 00 00 00 2d 00 02 01 01 ff 01 00 01 00 00 00 00 11 00 0f 00 00 0c 77 73 73 2e 64 73 72 73 64 2e 70 74 00 23 00 00 00 10 00 0e 00 0c 02 68
32 08 68 74 74 70 2f 31 2e 31 44 69 00 05 00 03 02 68 32 00 2b 00 07 06 2a 2a 03 04 03 03 00 0b 00 02 01 00 fe 0d 00 fa 00 00 01 00 01 e3 00 20 55 53 4b 08 c3 74 7d ab 24 00 ce ce b2 3b f2 91 5c 7c 4d bc d7 78 99 ba d9 f0 ee c7 82 07 e1 1a 00 d0 e3 7e 62 b5 03 43
[V]2024-07-09 15:49:36.302824 [p:13074][s:928263] wad_ssl_port_caps_on_dec_done :15087 sp=0x7f88a1f3f0/6 dec done 0x7f88d8d3e8 type 22 ver 0000 status 0 len 894 (01 00 03 7a 03 03 39 23 b6 b7 cd 4c 01 33 7a 98 b9 0b ad 6b 03 ce 2b d3 27 15 73 d1 ca 30 92 ad ca cf b2 17 84 33 20 d3 db dc 9c 8e 6d 4c 6c ff 48 e4 c3 0b b3 a8 52 71 91 72 57 b2 55 2f ed 7e fb e1 71 43 00 3f
1c 00 20 3a 3a 13 01 13 02 13 03 c0 2b c0 2f c0 2c c0 30 cc a9 cc a8 c0 13 c0 14 00 9c 00 9d 00 2f 00 35 01 00 03 11 ea ea 00 00 00 0d 00 12 00 10 04 03 08 04 04 01 05 03 08 05 05 01 08 06 06 01 00 1b 00 03 02 00 02 00 17 00 00 00 05 00 05 01 00 00 00 00 00 2d 00 02 01 01 ff 01 00 01 00 00 00 00 11 00 0f 00 00 0c 77 73 73 2e 64 73 72 73 64 2e 70 74 00 23 00 00 00 10 00 0e 00
0c 02 68 32 08 68 74 74 70 2f 31 2e 31 44 69 00 05 00 03 02 68 32 00 2b 00 07 06 2a 2a 03 04 03 03 00 0b 00 02 01 00 fe 0d 00 fa 00 00 01 00 01 e3 00 20 55 53 4b 08 c3 74 7d ab 24 00 ce ce b2 3b f2 91 5c 7c 4d bc d7 78 99 ba d9 f0 ee c7 82 07 e1 1a 00 d0 e3 7e 62 b
[I]2024-07-09 15:49:36.302881 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f3f0/6 cts 2 pts 2 hs 2/0 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 1/894/0 cti 0/0 ci 0/0/5 cto 0/0 wb 0/0
[I]2024-07-09 15:49:36.302896 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f3f0/6 cts 2 pts 4 hs 2/0 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 1/894/894 cti 0/0 ci 0/0/5 cto 0/0 wb 0/0
[I]2024-07-09 15:49:36.302928 [p:13074][s:928263] wad_ssl_port_get_client_hello_sni :7841 wsp(0x7f88a1f3f0/6) get clt_hello sni(wss.dsrsd.pt), copied: 1
[I]2024-07-09 15:49:36.302941 [p:13074][s:928263] wad_ssl_proxy_srv_proc_client_hello:8074 sp=0x7f88a1f3f0/6 renego=0 ssl_proc=dubei2 minor ver/min/max=0304/0303/0304.
[I]2024-07-09 15:49:36.302957 [p:13074][s:928263] wad_ssl_port_c2p_continue_urlf :7907 wsp(0x7f88a1f3f0/6) continue with urlf!
[I]2024-07-09 15:49:36.302975 [p:13074][s:928263] wad_ssl_check_urlf_and_exempt :5365 wsp=0x7f88a1f3f0/6 ssl.deep_scan=1/1/1 ssl_proc=dubei2 host=wss.dsrsd.pt ip=0 rating=0 exempt=x_none(SNI.x_none same unknown.x_none):
[I]2024-07-09 15:49:36.302991 [p:13074][s:928263] wad_ssl_proxy_srv_continue_client_hello:8376 wsp=0x7f88a1f3f0/6 ssl_proc=dubei2 bypass-chk=1 sni=1 cic=0 tls1.3=1
[V]2024-07-09 15:49:36.303002 [p:13074][s:928263] wad_ssl_bypass_cache_find :21381 Try to find (192.168.20.18, wss.dsrsd.pt) in ssl-bypass cache.
[V]2024-07-09 15:49:36.303015 [p:13074][s:928263] wad_ssl_proxy_srv_check_abbreviated_handshake:7645 wsp=0x7f88a1f3f0/6
[V]2024-07-09 15:49:36.303023 [p:13074][s:928263] wad_ssl_port_client_hello_validate_psk:7583 wsp=0x7f88a1f3f0/6 wsp(0x7f88a1f3f0/6)
[V]2024-07-09 15:49:36.303033 [p:13074][s:928263] wad_ssl_port_c2p_validate_psk :7425 wsp=0x7f88a1f3f0/6 id=(nil) modes=0
[V]2024-07-09 15:49:36.303044 [p:13074][s:928263] wad_ssl_port_find_psk_identity :7262 wsp(0x7f88a1f3f0/6) OfferedPsks.identity 1
[V]2024-07-09 15:49:36.303053 [p:13074][s:928263] wad_ssl_port_find_psk_identity :7270 wsp(0x7f88a1f3f0/6) matching ticket with identity 1
[V]2024-07-09 15:49:36.303185 [p:13074][s:928263] wad_ssl_port_match_psk_cipher :7372 wsp=0x7f88a1f3f0/6 cs_strenth: 2
[V]2024-07-09 15:49:36.303198 [p:13074][s:928263] wad_ssl_port_psk_cipher_compare :7349 wsp=0x7f88a1f3f0/6 elliptic-curve 29
[I]2024-07-09 15:49:36.303207 [p:13074][s:928263] wad_ssl_port_c2p_validate_psk :7482 wsp(0x7f88a1f3f0/6) found cipher 1303
[V]2024-07-09 15:49:36.303220 [p:13074][s:928263] wad_ticket_extension_sni_unpack :6681 wsp=0x7f88a1f3f0/6 unpacked session ticket sni: wss.dsrsd.pt
[V]2024-07-09 15:49:36.303298 [p:13074][s:928263] wad_ticket_extension_svr_arm_unpack:6765 wsp(0x7f88a1f3f0/6) validate ticket!
[V]2024-07-09 15:49:36.303311 [p:13074][s:928263] wad_ssl_port_c2p_validate_psk :7524 wsp(0x7f88a1f3f0/6) PSK verified!
[I]2024-07-09 15:49:36.303320 [p:13074][s:928263] wad_ssl_port_client_hello_validate_psk:7603 wsp(0x7f88a1f3f0/6) verified PSK: 1
[I]2024-07-09 15:49:36.303328 [p:13074][s:928263] wad_ssl_proxy_srv_check_abbreviated_handshake:7648 wsp=0x7f88a1f3f0/6 client data verified!
[I]2024-07-09 15:49:36.303340 [p:13074][s:928263] wad_ssl_proxy_srv_continue_fwd_client_hello:8290 sp=0x7f88a1f3f0/6 start handshake with server. changed_ch=1
[V]2024-07-09 15:49:36.303356 [p:13074][s:928263] wad_ssl_proxy_caps_ciphers :14192 sp=0x7f88a1f048/7
[V]2024-07-09 15:49:36.303376 [p:13074][s:928263] wad_key_share_bucket_get_entry :172 key_share 0x7f8a049d48 g=29 use_cnt=98 holding=1 reuseable 1
[V]2024-07-09 15:49:36.303400 [p:13074][s:928263] wad_ssl_proxy_caps_clt_include_alpn:15116 wsp =0x7f88a1f048, alpn http2 is allowed
[V]2024-07-09 15:49:36.303410 [p:13074][s:928263] wad_ssl_proxy_caps_clt_include_alpn:15108 wsp =0x7f88a1f048, alpn http1.1 is allowed
[V]2024-07-09 15:49:36.303428 [p:13074][s:928263] wad_ssl_proxy_caps_clt_include_alpn:15116 wsp =0x7f88a1f048, alpn http2 is allowed
[V]2024-07-09 15:49:36.303436 [p:13074][s:928263] wad_ssl_proxy_caps_clt_include_alpn:15108 wsp =0x7f88a1f048, alpn http1.1 is allowed
[V]2024-07-09 15:49:36.303458 [p:13074][s:928263] wad_ssl_port_caps_on_handshake_sent:11239 sp=0x7f88a1f048/7 sent type=1
[V]2024-07-09 15:49:36.303701 [p:13074][s:928263] wad_ssl_port_caps_on_enc_start :15012 sp=0x7f88a1f048/7 enc start 0x7f88d8da28 type 22 ver 0301 len 340 (01 00 01 50 03 03 42 54 75 13 eb a8 6c d7 f4 e5 a2 0d a3 a6 a3 14 91 53 21 f1 08 cf 80 0c c2 34 7c 5b ed ec be ed 20 d3 db dc 9c 8e 6d 4c 6c ff 48 e4 c3 0b b3 a8 52 71 91 72 57 b2 55 2f ed 7e fb e1 71 43 00 3f 1c 00 1
e 13 01 13 02 13 03 c0 2b c0 2f c0 2c c0 30 cc a9 cc a8 c0 13 c0 14 00 9c 00 9d 00 2f 00 35 01 00 00 e9 00 2b 00 05 04 03 04 03 03 00 0b 00 02 01 00 00 0a 00 08 00 06 00 1d 00 17 00 18 ff 01 00 01 00 00 00 00 11 00 0f 00 00 0c 77 73 73 2e 64 73 72 73 64 2e 70 74 00 05 00 05 01 00 00 00 00 00 10 00 0e 00 0c 02 68 32 08 68 74 74 70 2f 31 2e 31 00 0d 00 12 00 10 04 03 08 04 04 01
05 03 08 05 05 01 08 06 06 01 00 17 00 00 00 2d 00 02 01 01 00 33 00 26 00 24 00 1d 00 20 07 2b 95 fa dc 3e 5e 28 1c 3f da ee 52 8a f1 77 e7 05 ee 02 88 35 52 99 8d ce 7f 12 39 1e 0a 10 00 29 00 4b 00 26 00 20 25 ea 52 b3 fb 5f ec 56 58 40 e1 54 40 b9 65 f3 01 d3
[V]2024-07-09 15:49:36.305788 [p:13074][s:928263] wad_ssl_port_caps_on_enc_done :15039 sp=0x7f88a1f048/7 enc done 0x7f88d8da28 type 22 ver 0301 status 0 len 345 (16 03 01 01 54 01 00 01 50 03 03 42 54 75 13 eb a8 6c d7 f4 e5 a2 0d a3 a6 a3 14 91 53 21 f1 08 cf 80 0c c2 34 7c 5b ed ec be ed 20 d3 db dc 9c 8e 6d 4c 6c ff 48 e4 c3 0b b3 a8 52 71 91 72 57 b2 55 2f ed 7e fb
e1 71 43 00 3f 1c 00 1e 13 01 13 02 13 03 c0 2b c0 2f c0 2c c0 30 cc a9 cc a8 c0 13 c0 14 00 9c 00 9d 00 2f 00 35 01 00 00 e9 00 2b 00 05 04 03 04 03 03 00 0b 00 02 01 00 00 0a 00 08 00 06 00 1d 00 17 00 18 ff 01 00 01 00 00 00 00 11 00 0f 00 00 0c 77 73 73 2e 64 73 72 73 64 2e 70 74 00 05 00 05 01 00 00 00 00 00 10 00 0e 00 0c 02 68 32 08 68 74 74 70 2f 31 2e 31 00 0d 00 12
00 10 04 03 08 04 04 01 05 03 08 05 05 01 08 06 06 01 00 17 00 00 00 2d 00 02 01 01 00 33 00 26 00 24 00 1d 00 20 07 2b 95 fa dc 3e 5e 28 1c 3f da ee 52 8a f1 77 e7 05 ee 02 88 35 52 99 8d ce 7f 12 39 1e 0a 10 00 29 00 4b 00 26 00 20 25 ea 52 b3 fb 5f ec 56 58 40 e
[V]2024-07-09 15:49:36.305820 [p:13074][s:928263] wad_ssl_sock_port_fts_in_write :15780 sp=0x7f88a1f048/7 start=0 len=345
[V]2024-07-09 15:49:36.305833 [p:13074][s:928263] wad_ssl_sock_port_out_ops_sync :17172 sp=0x7f88a1f048/7 state=1 fts-input=345 proxy-input=0
[V]2024-07-09 15:49:36.305843 [p:13074][s:928263] wad_ssl_sock_port_exec_dn_forward :16932 sp=0x7f88a1f048/7 ib-len=345
[V]2024-07-09 15:49:36.305854 [p:13074][s:928263] wad_tcp_port_out_read_sync :944 tcp_port(0x7f88cca190) sync 345
[I]2024-07-09 15:49:36.305864 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f048/7 cts 2 pts 2 hs 3/0 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/4 cti 0/0 ci 0/0/5 cto 0/0 wb 0/0
[I]2024-07-09 15:49:36.305880 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f3f0/6 cts 2 pts 2 hs 25/2 cpcs 0 ppcs 0 se 0 ed 0/0 ph 1 pti 0/0/890 cti 0/0 ci 0/0/5 cto 0/0 wb 0/0
[V]2024-07-09 15:49:36.305895 [p:13074][s:928263] wad_tcp_port_window_adjust :463 tcp_port 0x7f88cca048 window-type 0 set 1 SNDBUF 131072 RCVBUF 349520
[V]2024-07-09 15:49:36.305915 [p:13074][s:928263] wad_tcp_port_update_fixed_window :389 tcp_port 0x7f88cca048 fixed window size set to 163840
[I]2024-07-09 15:49:36.305977 [p:13074][s:928263] wad_tcp_port_flush :1556 sock 121 write (1,345,345) n_written=345 tcp_port 0x7f88cca190
[13074] write [(1,345) (16 03 01 01 54 01 00 01 50 03 03 42 54 75 13 eb a8 6c d7 f4 e5 a2 0d a3 a6 a3 14 91 53 21 f1 08 cf 80 0c c2 34 7c 5b ed ec be ed 20 d3 db dc 9c 8e 6d 4c 6c ff 48 e4 c3 0b b3 a8 52 71 91 72 57 b2 55 2f ed 7e fb e1 71 43 00 3f 1c 00 1e 13 01 13 02 13 03 c0 2b c0 2f c0 2c c0 30 cc a9 cc a8 c0 13 c0 14 00 9c 00 9d 00 2f 00 35 01 00 00 e9 00 2b 00 05 04 03 0
4 03 03 00 0b 00 02 01 00 00 0a 00 08 00 06 00 1d 00 17 00 18 ff 01 00 01 00 00 00 00 11 00 0f 00 00 0c 77 73 73 2e 64 73 72 73 64 2e 70 74 00 05 00 05 01 00 00 00 00 00 10 00 0e 00 0c 02 68 32 08 68 74 74 70 2f 31 2e 31 00 0d 00 12 00 10 04 03 08 04 04 01 05 03 08 05 05 01 08 06 06 01 00 17 00 00 00 2d 00 02 01 01 00 33 00 26 00 24 00 1d 00 20 07 2b 95 fa dc 3e )(....T...P..B
Tu...l..........S!......4|[.... .....mLl.H.....Rq.rW.U/.~..qC.?..........+./.,.0............./.5.....+.......................................wss.dsrsd.pt................h2.http/1.1...........................-.....3.&.$... .+...>)]
[(5e 28 1c 3f da ee 52 8a f1 77 e7 05 ee 02 88 35 52 99 8d ce 7f 12 39 1e 0a 10 00 29 00 4b 00 26 00 20 25 ea 52 b3 fb 5f ec 56 58 40 e1 54 40 b9 65 f3 01 d3 60 13 c5 6b 84 78 64 35 60 79 8c 28 68 8c a5 53 2c d2 00 21 20 8f 8b 4e b9 23 83 a7 a5 10 ad f7 5b 7c d7 6e 2c 6d 4e 29 3a a4 37 fd 88 f8 8d 0b b0 ac 0c 3c a3 )(^(.?..R..w.....5R.....9....).K.&. %.R.._.VX@.T@.e...`.
.k.xd5`y.(h..S,..! ..N.#......[|.n,mN):.7........<.)]
[I]2024-07-09 15:49:36.312045 [p:13074][s:928263] wad_tcp_port_on_event :1887 start processing tcp event=0x1 events=0x1 fd=121 n_out_block=0 state=2 close/shut=0/0 n_out_block=0
[I]2024-07-09 15:49:36.312102 [p:13074][s:928263] wad_tcp_port_on_read :1763 sock 121 read (0,4080)
[13074] read [(0,244) (16 03 03 00 80 02 00 00 7c 03 03 c2 ce c7 8b 9f b8 b4 0c 89 72 19 69 83 98 0c 79 f6 5f cc a3 41 a1 07 6b 0c 70 5c f8 3b f9 31 70 20 d3 db dc 9c 8e 6d 4c 6c ff 48 e4 c3 0b b3 a8 52 71 91 72 57 b2 55 2f ed 7e fb e1 71 43 00 3f 1c 13 01 00 00 34 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 01 ca 09 06 46 2d 7a 51 a1 28 91 3c f1 6b 0a 63 ce 36 60 79 26 98 a8 35
9f 11 5a 67 d5 99 3f 18 00 29 00 02 00 00 14 03 03 00 01 01 17 03 03 00 2a 26 bb 00 df 4f f2 ca 19 7d ed de 87 4f 64 1d f7 4d e9 a6 ab 29 1a 99 10 c1 40 5b 5f ca 2f 12 e7 ab 7e dc ec 2d eb 6e 9c 60 4e 17 03 03 00 35 0c f4 ef 38 42 47 67 e9 8c 60 52 5e 8a 71 19 95 1f 85 c3 67 90 4c e1 7e 06 9e a4 b0 d6 f2 12 05 95 09 b2 0d 38 5f 63 98 49 35 8c 5c 21 41 2c f0 ca )(........|....
.......r.i...y._..A..k.p\.;.1p .....mLl.H.....Rq.rW.U/.~..qC.?.....4.+.....3.$... ....F-zQ.(.<.k.c.6`y&..5..Zg..?..)..............*&...O...}...Od..M...)....@[_./...~..-.n.`N....5...8BGg..`R^.q.....g.L.~............8_c.I5.\!A,..)]
[(54 6f f1 b0 )(To..)]
[V]2024-07-09 15:49:36.312403 [p:13074][s:928263] wad_ssl_sock_port_in_ops_read_buff:16574 sp=0x7f88a1f048/7 len=244
[V]2024-07-09 15:49:36.312415 [p:13074][s:928263] wad_ssl_sock_port_in_ops_sync :16584 sp=0x7f88a1f048/7 sync state=1 start
[V]2024-07-09 15:49:36.312424 [p:13074][s:928263] wad_ssl_sock_port_exec_up_forward :16257 sp=0x7f88a1f048/7
[I]2024-07-09 15:49:36.312438 [p:13074][s:928263] wad_ssl_sock_port_exec_up_forward_txn:16238 sp=0x7f88a1f048/7 forwarded len=244/244
[I]2024-07-09 15:49:36.312448 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f048/7 cts 2 pts 2 hs 3/0 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/4 cti 0/0 ci 1/244/5 cto 0/0 wb 0/0
[I]2024-07-09 15:49:36.312464 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f048/7 cts 3 pts 2 hs 3/0 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/4 cti 0/0 ci 1/244/133 cto 0/0 wb 0/0
[I]2024-07-09 15:49:36.312479 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f048/7 cts 2 pts 2 hs 3/0 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/4 cti 1/133 ci 1/111/5 cto 0/0 wb 0/0
[V]2024-07-09 15:49:36.312582 [p:13074][s:928263] wad_ssl_port_caps_on_dec_start :15062 sp=0x7f88a1f048/7 dec start 0x7f88d8dd48 type 22 ver 0301 len 128 (02 00 00 7c 03 03 c2 ce c7 8b 9f b8 b4 0c 89 72 19 69 83 98 0c 79 f6 5f cc a3 41 a1 07 6b 0c 70 5c f8 3b f9 31 70 20 d3 db dc 9c 8e 6d 4c 6c ff 48 e4 c3 0b b3 a8 52 71 91 72 57 b2 55 2f ed 7e fb e1 71 43 00 3f 1c 13 0
1 00 00 34 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 01 ca 09 06 46 2d 7a 51 a1 28 91 3c f1 6b 0a 63 ce 36 60 79 26 98 a8 35 9f 11 5a 67 d5 99 3f 18 00 29 00 02 00 00 )
[V]2024-07-09 15:49:36.312682 [p:13074][s:928263] wad_ssl_port_caps_on_dec_done :15087 sp=0x7f88a1f048/7 dec done 0x7f88d8dd48 type 22 ver 0301 status 0 len 128 (02 00 00 7c 03 03 c2 ce c7 8b 9f b8 b4 0c 89 72 19 69 83 98 0c 79 f6 5f cc a3 41 a1 07 6b 0c 70 5c f8 3b f9 31 70 20 d3 db dc 9c 8e 6d 4c 6c ff 48 e4 c3 0b b3 a8 52 71 91 72 57 b2 55 2f ed 7e fb e1 71 43 00 3f
1c 13 01 00 00 34 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 01 ca 09 06 46 2d 7a 51 a1 28 91 3c f1 6b 0a 63 ce 36 60 79 26 98 a8 35 9f 11 5a 67 d5 99 3f 18 00 29 00 02 00 00 )
[I]2024-07-09 15:49:36.312693 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f048/7 cts 2 pts 2 hs 3/0 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 1/128/4 cti 0/0 ci 1/111/5 cto 0/0 wb 0/0
[I]2024-07-09 15:49:36.312708 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f048/7 cts 2 pts 4 hs 3/0 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 1/128/128 cti 0/0 ci 1/111/5 cto 0/0 wb 0/0
[I]2024-07-09 15:49:36.312729 [p:13074][s:928263] wad_ssl_proxy_clt_on_server_hello :9737 wsp=0x7f88a1f048/7 
[V]2024-07-09 15:49:36.312744 [p:13074][s:928263] wad_ssl_proxy_caps_ciphers :14192 sp=0x7f88a1f048/7
[I]2024-07-09 15:49:36.312752 [p:13074][s:928263] wad_ssl_proxy_find_matching_cipher_suite:8555 wsp(0x7f88a1f048/7) looking for cs=1301
[I]2024-07-09 15:49:36.312763 [p:13074][s:928263] wad_ssl_proxy_clt_check_13_abbrev_handshake:9112 wsp(0x7f88a1f048/7) sh_cipher: 1301
[I]2024-07-09 15:49:36.312772 [p:13074][s:928263] wad_ssl_proxy_clt_check_13_abbrev_handshake:9120 wsp(0x7f88a1f048/7) found psk!
[I]2024-07-09 15:49:36.312781 [p:13074][s:928263] wad_ssl_proxy_clt_check_13_abbrev_handshake:9135 wsp(0x7f88a1f048/7) client-cipher:1303, server-cipher:1301
[I]2024-07-09 15:49:36.312793 [p:13074][s:928263] wad_ssl_proxy_clt_check_13_abbrev_handshake:9158 wsp(0x7f88a1f048/7) set peer key, g=29, ke_len=32, modes=2
[I]2024-07-09 15:49:36.312804 [p:13074][s:928263] wad_ssl_session_ticket_13_accept :3777 wsp(0x7f88a1f048/7) ke(0x7f84c09c70) id(0x7f88c5a908)
[V]2024-07-09 15:49:36.313537 [p:13074][s:928263] wad_key_share_soft_impl_put :353 key_share 0x7f8a049d48 g=29 use_cnt=99 holding=1 put
[I]2024-07-09 15:49:36.313611 [p:13074][s:928263] wad_ssl_proxy_clt_on_server_hello :9963 wsp=0x7f88a1f048/7 sess=(nil) sh_v=0304 got-sp_v=0304 offer-ng_v=0304 drop=0 group=0 hshk_done=0 fwd_chg=1: ssl resume abbreviated handshake>>
[I]2024-07-09 15:49:36.313627 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f048/7 cts 2 pts 3 hs 29/3 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/124 cti 0/0 ci 1/111/5 cto 0/0 wb 0/0
[I]2024-07-09 15:49:36.313643 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f048/7 cts 3 pts 3 hs 29/3 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/124 cti 0/0 ci 1/111/6 cto 0/0 wb 0/0
[I]2024-07-09 15:49:36.313658 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f048/7 cts 2 pts 3 hs 29/3 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/124 cti 1/6 ci 1/105/5 cto 0/0 wb 0/0
[V]2024-07-09 15:49:36.313676 [p:13074][s:928263] wad_ssl_port_caps_on_dec_start :15062 sp=0x7f88a1f048/7 dec start 0x7f898c4630 type 20 ver 0303 len 1 (01 )
[V]2024-07-09 15:49:36.313689 [p:13074][s:928263] wad_ssl_port_caps_on_dec_done :15087 sp=0x7f88a1f048/7 dec done 0x7f898c4630 type 20 ver 0303 status 0 len 1 (01 )
[I]2024-07-09 15:49:36.313699 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f048/7 cts 2 pts 3 hs 29/3 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 1/1/124 cti 0/0 ci 1/105/5 cto 0/0 wb 0/0
[I]2024-07-09 15:49:36.313715 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f048/7 cts 2 pts 3 hs 29/3 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/124 cti 0/0 ci 1/105/5 cto 0/0 wb 0/0
[I]2024-07-09 15:49:36.313729 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f048/7 cts 3 pts 3 hs 29/3 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/124 cti 0/0 ci 1/105/47 cto 0/0 wb 0/0
[I]2024-07-09 15:49:36.313743 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f048/7 cts 2 pts 3 hs 29/3 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/124 cti 1/47 ci 1/58/5 cto 0/0 wb 0/0
[V]2024-07-09 15:49:36.313786 [p:13074][s:928263] wad_ssl_port_caps_on_dec_start :15062 sp=0x7f88a1f048/7 dec start 0x7f898c4630 type 23 ver 0303 len 42 (26 bb 00 df 4f f2 ca 19 7d ed de 87 4f 64 1d f7 4d e9 a6 ab 29 1a 99 10 c1 40 5b 5f ca 2f 12 e7 ab 7e dc ec 2d eb 6e 9c 60 4e )
[V]2024-07-09 15:49:36.313825 [p:13074][s:928263] wad_ssl_port_caps_on_dec_done :15087 sp=0x7f88a1f048/7 dec done 0x7f898c4630 type 22 ver 0303 status 0 len 25 (08 00 00 15 00 13 00 00 00 00 00 10 00 0b 00 09 08 68 74 74 70 2f 31 2e 31 )
[I]2024-07-09 15:49:36.313836 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f048/7 cts 2 pts 3 hs 29/3 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 1/25/124 cti 0/0 ci 1/58/5 cto 0/0 wb 0/0
[I]2024-07-09 15:49:36.313851 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f048/7 cts 2 pts 5 hs 29/3 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 1/25/25 cti 0/0 ci 1/58/5 cto 0/0 wb 0/0
[I]2024-07-09 15:49:36.313868 [p:13074][s:928263] wad_ssl_proxy_caps_clt_on_encrypted_extensions:10789 wsp(0x7f88a1f048/7) got eext!
[V]2024-07-09 15:49:36.313877 [p:13074][s:928263] wad_ssl_port_caps_on_handshake_recv:10741 sp=0x7f88a1f048/7 recv type=8 len=25
[I]2024-07-09 15:49:36.313888 [p:13074][s:928263] wad_ssl_proxy_caps_clt_on_encrypted_extensions:10815 server port =0x7f88a1f048,select alpn, http2/http1.1=0/1
[I]2024-07-09 15:49:36.313897 [p:13074][s:928263] wad_ssl_proxy_client_hello_accept :3941 wsp(0x7f88a1f048/7) accepted ch! wst=0x7f89331678
[V]2024-07-09 15:49:36.313910 [p:13074][s:928263] wad_key_share_bucket_get_entry :172 key_share 0x7f8a049d48 g=29 use_cnt=99 holding=1 reuseable 0
[V]2024-07-09 15:49:36.313920 [p:13074][s:928263] wad_key_share_cache_del :142 key_share 0x7f8a049d48 g=29 use_cnt=99 holding=1 cache del
[V]2024-07-09 15:49:36.314183 [p:13074][s:928263] wad_ssl_port_caps_on_enc_start :15012 sp=0x7f88a1f3f0/6 enc start 0x7f88d8dde8 type 22 ver 0303 len 128 (02 00 00 7c 03 03 63 e8 67 eb 79 48 a8 7f 59 2d 32 73 39 92 53 4d 37 ec 7a 81 ff 27 42 b0 74 46 73 72 4c 8b 21 cf 20 d3 db dc 9c 8e 6d 4c 6c ff 48 e4 c3 0b b3 a8 52 71 91 72 57 b2 55 2f ed 7e fb e1 71 43 00 3f 1c 13 0
1 00 00 34 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 07 2b 95 fa dc 3e 5e 28 1c 3f da ee 52 8a f1 77 e7 05 ee 02 88 35 52 99 8d ce 7f 12 39 1e 0a 10 00 29 00 02 00 00 )
[V]2024-07-09 15:49:36.314289 [p:13074][s:928263] wad_ssl_port_caps_on_enc_done :15039 sp=0x7f88a1f3f0/6 enc done 0x7f88d8dde8 type 22 ver 0303 status 0 len 133 (16 03 03 00 80 02 00 00 7c 03 03 63 e8 67 eb 79 48 a8 7f 59 2d 32 73 39 92 53 4d 37 ec 7a 81 ff 27 42 b0 74 46 73 72 4c 8b 21 cf 20 d3 db dc 9c 8e 6d 4c 6c ff 48 e4 c3 0b b3 a8 52 71 91 72 57 b2 55 2f ed 7e fb
e1 71 43 00 3f 1c 13 01 00 00 34 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 07 2b 95 fa dc 3e 5e 28 1c 3f da ee 52 8a f1 77 e7 05 ee 02 88 35 52 99 8d ce 7f 12 39 1e 0a 10 00 29 00 02 00 00 )
[V]2024-07-09 15:49:36.314301 [p:13074][s:928263] wad_ssl_sock_port_fts_in_write :15780 sp=0x7f88a1f3f0/6 start=0 len=133
[V]2024-07-09 15:49:36.314311 [p:13074][s:928263] wad_ssl_sock_port_out_ops_sync :17172 sp=0x7f88a1f3f0/6 state=1 fts-input=133 proxy-input=0
[V]2024-07-09 15:49:36.314320 [p:13074][s:928263] wad_ssl_sock_port_exec_dn_forward :16932 sp=0x7f88a1f3f0/6 ib-len=133
[V]2024-07-09 15:49:36.314331 [p:13074][s:928263] wad_tcp_port_out_read_sync :944 tcp_port(0x7f88cca048) sync 133
[V]2024-07-09 15:49:36.314340 [p:13074][s:928263] wad_ssl_sock_port_fts_in_write :15780 sp=0x7f88a1f3f0/6 start=0 len=6
[V]2024-07-09 15:49:36.314349 [p:13074][s:928263] wad_ssl_sock_port_out_ops_sync :17172 sp=0x7f88a1f3f0/6 state=1 fts-input=6 proxy-input=0
[V]2024-07-09 15:49:36.314358 [p:13074][s:928263] wad_ssl_sock_port_exec_dn_forward :16932 sp=0x7f88a1f3f0/6 ib-len=6
[V]2024-07-09 15:49:36.314366 [p:13074][s:928263] wad_tcp_port_out_read_sync :944 tcp_port(0x7f88cca048) sync 139
[V]2024-07-09 15:49:36.314942 [p:13074][s:928263] wad_ssl_port_caps_on_handshake_sent:11239 sp=0x7f88a1f3f0/6 sent type=8
[V]2024-07-09 15:49:36.314971 [p:13074][s:928263] wad_ssl_port_caps_on_enc_start :15012 sp=0x7f88a1f3f0/6 enc start 0x7f898c4ac8 type 22 ver 0303 len 21 (08 00 00 11 00 0f 00 10 00 0b 00 09 08 68 74 74 70 2f 31 2e 31 )
[V]2024-07-09 15:49:36.315020 [p:13074][s:928263] wad_ssl_port_caps_on_enc_done :15039 sp=0x7f88a1f3f0/6 enc done 0x7f898c4ac8 type 22 ver 0303 status 0 len 43 (17 03 03 00 26 c2 be 5e 0e 2b ca c2 c3 cd ee 45 7e e2 55 89 ef b7 19 3f ae 1c b2 ab 7c 31 17 64 6b 87 80 a2 a4 c4 23 25 45 95 72 )
[V]2024-07-09 15:49:36.315032 [p:13074][s:928263] wad_ssl_sock_port_fts_in_write :15780 sp=0x7f88a1f3f0/6 start=0 len=43
[V]2024-07-09 15:49:36.315041 [p:13074][s:928263] wad_ssl_sock_port_out_ops_sync :17172 sp=0x7f88a1f3f0/6 state=1 fts-input=43 proxy-input=0
[V]2024-07-09 15:49:36.315050 [p:13074][s:928263] wad_ssl_sock_port_exec_dn_forward :16932 sp=0x7f88a1f3f0/6 ib-len=43
[V]2024-07-09 15:49:36.315059 [p:13074][s:928263] wad_tcp_port_out_read_sync :944 tcp_port(0x7f88cca048) sync 182
[V]2024-07-09 15:49:36.315078 [p:13074][s:928263] wad_ssl_port_caps_on_handshake_sent:11239 sp=0x7f88a1f3f0/6 sent type=20
[V]2024-07-09 15:49:36.315112 [p:13074][s:928263] wad_ssl_port_caps_on_enc_start :15012 sp=0x7f88a1f3f0/6 enc start 0x7f898c4ac8 type 22 ver 0303 len 36 (14 00 00 20 3e b7 80 91 21 2b 58 a4 44 51 2a f3 9a 88 4e e9 cf 35 f2 93 26 e9 39 16 f9 59 2b 52 54 ea 96 98 )
[V]2024-07-09 15:49:36.315168 [p:13074][s:928263] wad_ssl_port_caps_on_enc_done :15039 sp=0x7f88a1f3f0/6 enc done 0x7f898c4ac8 type 22 ver 0303 status 0 len 58 (17 03 03 00 35 99 1c 55 68 b8 42 6b 52 a8 fd ef 4b 39 c2 0a 9d 81 bc d3 5f d7 3b 82 57 ee 06 b6 7b 1f 26 07 19 d2 9f 3c 56 b5 ce 23 43 b4 12 5f a0 a9 7d 0d b6 60 3e 9a df c7 )
[V]2024-07-09 15:49:36.315189 [p:13074][s:928263] wad_ssl_sock_port_fts_in_write :15780 sp=0x7f88a1f3f0/6 start=0 len=58
[V]2024-07-09 15:49:36.315200 [p:13074][s:928263] wad_ssl_sock_port_out_ops_sync :17172 sp=0x7f88a1f3f0/6 state=1 fts-input=58 proxy-input=0
[V]2024-07-09 15:49:36.315209 [p:13074][s:928263] wad_ssl_sock_port_exec_dn_forward :16932 sp=0x7f88a1f3f0/6 ib-len=58
[V]2024-07-09 15:49:36.315218 [p:13074][s:928263] wad_tcp_port_out_read_sync :944 tcp_port(0x7f88cca048) sync 240
[V]2024-07-09 15:49:36.315260 [p:13074][s:928263] wad_ssl_port_caps_on_keys :11460 sp=0x7f88a1f3f0/6 client_write_key 46 d9 bd a0 7b 83 32 77 de 16 7c cf 85 0a 34 1a
[V]2024-07-09 15:49:36.315280 [p:13074][s:928263] wad_ssl_port_caps_on_keys :11467 sp=0x7f88a1f3f0/6 server_write_key f2 cc 90 d2 4f 51 27 39 5a e1 bc 0d 93 7d 51 46
[V]2024-07-09 15:49:36.315298 [p:13074][s:928263] wad_ssl_port_caps_on_keys :11475 sp=0x7f88a1f3f0/6 client_write_iv 50 bc 86 9d 91 43 6c 22 75 4d 78 ed
[V]2024-07-09 15:49:36.315315 [p:13074][s:928263] wad_ssl_port_caps_on_keys :11484 sp=0x7f88a1f3f0/6 server_write_iv 61 78 49 1e 8e 09 8c b1 15 d2 d8 23
[I]2024-07-09 15:49:36.315345 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f3f0/6 cts 2 pts 3 hs 28/2 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/890 cti 0/0 ci 0/0/5 cto 0/0 wb 0/0
[I]2024-07-09 15:49:36.315362 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f048/7 cts 2 pts 3 hs 33/29 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/21 cti 0/0 ci 1/58/5 cto 0/0 wb 0/0
[I]2024-07-09 15:49:36.315377 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f048/7 cts 3 pts 3 hs 33/29 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/21 cti 0/0 ci 1/58/58 cto 0/0 wb 0/0
[I]2024-07-09 15:49:36.315392 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f048/7 cts 2 pts 3 hs 33/29 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/21 cti 1/58 ci 0/0/5 cto 0/0 wb 0/0
[V]2024-07-09 15:49:36.315442 [p:13074][s:928263] wad_ssl_port_caps_on_dec_start :15062 sp=0x7f88a1f048/7 dec start 0x7f898c4630 type 23 ver 0303 len 53 (0c f4 ef 38 42 47 67 e9 8c 60 52 5e 8a 71 19 95 1f 85 c3 67 90 4c e1 7e 06 9e a4 b0 d6 f2 12 05 95 09 b2 0d 38 5f 63 98 49 35 8c 5c 21 41 2c f0 ca 54 6f f1 b0 )
[V]2024-07-09 15:49:36.315482 [p:13074][s:928263] wad_ssl_port_caps_on_dec_done :15087 sp=0x7f88a1f048/7 dec done 0x7f898c4630 type 22 ver 0303 status 0 len 36 (14 00 00 20 1d 5f c3 53 81 41 af ca a9 69 a9 11 cb 68 c2 56 e5 62 dc c5 d2 8f 25 0c f5 92 57 49 e2 9d cb 57 )
[I]2024-07-09 15:49:36.315493 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f048/7 cts 2 pts 3 hs 33/29 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 1/36/21 cti 0/0 ci 0/0/5 cto 0/0 wb 0/0
[I]2024-07-09 15:49:36.315507 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f048/7 cts 2 pts 5 hs 33/29 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 1/36/36 cti 0/0 ci 0/0/5 cto 0/0 wb 0/0
[V]2024-07-09 15:49:36.315522 [p:13074][s:928263] wad_ssl_proxy_clt_on_handshake_recv:10895 sp=0x7f88a1f048/7 recv type=20 len=36 cache=1
[V]2024-07-09 15:49:36.315567 [p:13074][s:928263] wad_ssl_port_caps_on_keys :11460 sp=0x7f88a1f048/7 client_write_key a8 3b d8 dd c7 2c 7e e2 30 aa d1 9a da 20 48 9f
[V]2024-07-09 15:49:36.315588 [p:13074][s:928263] wad_ssl_port_caps_on_keys :11467 sp=0x7f88a1f048/7 server_write_key 37 be dd 22 12 5d 81 28 5b 06 79 ba a1 9b 3b 5b
[V]2024-07-09 15:49:36.315605 [p:13074][s:928263] wad_ssl_port_caps_on_keys :11475 sp=0x7f88a1f048/7 client_write_iv 43 ab fd aa f8 17 21 d2 50 0a 18 ff
[V]2024-07-09 15:49:36.315622 [p:13074][s:928263] wad_ssl_port_caps_on_keys :11484 sp=0x7f88a1f048/7 server_write_iv 84 df ac a4 28 20 d1 14 7a 99 e1 b7
[V]2024-07-09 15:49:36.315647 [p:13074][s:928263] wad_ssl_sock_port_fts_in_write :15780 sp=0x7f88a1f048/7 start=0 len=6
[V]2024-07-09 15:49:36.315667 [p:13074][s:928263] wad_ssl_sock_port_out_ops_sync :17172 sp=0x7f88a1f048/7 state=1 fts-input=6 proxy-input=0
[V]2024-07-09 15:49:36.315677 [p:13074][s:928263] wad_ssl_sock_port_exec_dn_forward :16932 sp=0x7f88a1f048/7 ib-len=6
[V]2024-07-09 15:49:36.315686 [p:13074][s:928263] wad_tcp_port_out_read_sync :944 tcp_port(0x7f88cca190) sync 6
[V]2024-07-09 15:49:36.315702 [p:13074][s:928263] wad_ssl_port_caps_on_handshake_sent:11239 sp=0x7f88a1f048/7 sent type=20
[V]2024-07-09 15:49:36.315736 [p:13074][s:928263] wad_ssl_port_caps_on_enc_start :15012 sp=0x7f88a1f048/7 enc start 0x7f898c4b70 type 22 ver 0303 len 36 (14 00 00 20 a7 b0 68 99 99 9c ee 13 48 6b 96 7a 57 65 dc d9 d0 9c 08 f4 3a 2a b9 09 06 67 3a 7a 0e 25 9d a6 )
[V]2024-07-09 15:49:36.315793 [p:13074][s:928263] wad_ssl_port_caps_on_enc_done :15039 sp=0x7f88a1f048/7 enc done 0x7f898c4b70 type 22 ver 0303 status 0 len 58 (17 03 03 00 35 1c 39 7f 71 17 5a 74 bb 36 66 7a f7 93 ec 31 6d ba 69 be fa 9a 9f 85 05 5a 3a 35 b5 a9 6e 26 38 6b 83 23 5a 50 67 dc 27 3d f6 15 47 bb e3 e0 0d fe 3f 48 bf 12 )
[V]2024-07-09 15:49:36.315804 [p:13074][s:928263] wad_ssl_sock_port_fts_in_write :15780 sp=0x7f88a1f048/7 start=0 len=58
[V]2024-07-09 15:49:36.315813 [p:13074][s:928263] wad_ssl_sock_port_out_ops_sync :17172 sp=0x7f88a1f048/7 state=1 fts-input=58 proxy-input=0
[V]2024-07-09 15:49:36.315822 [p:13074][s:928263] wad_ssl_sock_port_exec_dn_forward :16932 sp=0x7f88a1f048/7 ib-len=58
[V]2024-07-09 15:49:36.315830 [p:13074][s:928263] wad_tcp_port_out_read_sync :944 tcp_port(0x7f88cca190) sync 64
[I]2024-07-09 15:49:36.315844 [p:13074][s:928263] wad_ssl_common_on_handshake_done :10045 sp=0x7f88a1f048/7 SSL handshake done! cipher-num=0x1301
[I]2024-07-09 15:49:36.315858 [p:13074][s:928263] wad_ssl_proxy_issue_c2p_session_ticket:10446 wsp=0x7f88a1f3f0/6 not issuing: ver=0304 wst=0x7f89331678wst=(0x7f89331678 0 0 0) tic=(nil)
[I]2024-07-09 15:49:36.315876 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f048/7 cts 2 pts 3 hs 34/33 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/32 cti 0/0 ci 0/0/5 cto 0/0 wb 0/0
[V]2024-07-09 15:49:36.315891 [p:13074][s:928263] wad_tcp_port_out_read_block :1005 tcp_port 0x7f88cca190 fd=121 on=1 n_out_block=0~>1 in(/out)_shutdown=0/0 closed=0 state=2.
[V]2024-07-09 15:49:36.315902 [p:13074][s:928263] wad_tcp_port_transport_read_block :960 tcp_port 0x7f88cca190 fd=121 on=1 n_out_block=0~>1 in(/out)_shutdown=0/0 closed=0 events=0x1.
[V]2024-07-09 15:49:36.315912 [p:13074][s:928263] wad_tcp_port_transport_read_block :974 sock 121 read_block enforced, turn off readability.
[I]2024-07-09 15:49:36.315920 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f048/7 cts 2 pts 3 hs 34/33 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/32 cti 0/0 ci 0/0/5 cto 0/0 wb 0/0
[I]2024-07-09 15:49:36.315935 [p:13074][s:928263] wad_tcp_port_on_event :1963 sock 121 remove readability events=0x0.
[V]2024-07-09 15:49:36.315949 [p:13074][s:928263] wad_tcp_port_window_adjust :463 tcp_port 0x7f88cca190 window-type 0 set 1 SNDBUF 131072 RCVBUF 349520
[V]2024-07-09 15:49:36.315968 [p:13074][s:928263] wad_tcp_port_update_fixed_window :389 tcp_port 0x7f88cca190 fixed window size set to 163840
[I]2024-07-09 15:49:36.316020 [p:13074][s:928263] wad_tcp_port_flush :1556 sock 116 write (4,240,240) n_written=240 tcp_port 0x7f88cca048
[13074] write [(4,240) (16 03 03 00 80 02 00 00 7c 03 03 63 e8 67 eb 79 48 a8 7f 59 2d 32 73 39 92 53 4d 37 ec 7a 81 ff 27 42 b0 74 46 73 72 4c 8b 21 cf 20 d3 db dc 9c 8e 6d 4c 6c ff 48 e4 c3 0b b3 a8 52 71 91 72 57 b2 55 2f ed 7e fb e1 71 43 00 3f 1c 13 01 00 00 34 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 07 2b 95 fa dc 3e 5e 28 1c 3f da ee 52 8a f1 77 e7 05 ee 02 88 35 52 9
9 8d ce 7f 12 39 1e 0a 10 00 29 00 02 00 00 14 03 03 00 01 01 17 03 03 00 26 c2 be 5e 0e 2b ca c2 c3 cd ee 45 7e e2 55 89 ef b7 19 3f ae 1c b2 ab 7c 31 17 64 6b 87 80 a2 a4 c4 23 25 45 95 72 17 03 03 00 35 99 1c 55 68 b8 42 6b 52 a8 fd ef 4b 39 c2 0a 9d 81 bc d3 5f d7 3b 82 57 ee 06 b6 7b 1f 26 07 19 d2 9f 3c 56 b5 ce 23 43 b4 12 5f a0 a9 7d 0d b6 60 3e 9a df c7 )(........|..c
.g.yH..Y-2s9.SM7.z..'B.tFsrL.!. .....mLl.H.....Rq.rW.U/.~..qC.?.....4.+.....3.$... .+...>^(.?..R..w.....5R.....9....)..............&..^.+.....E~.U....?....|1.dk.....#%E.r....5..Uh.BkR...K9......_.;.W...{.&....<V..#C.._..}..`>...)]
[I]2024-07-09 15:49:36.316345 [p:13074][s:928263] wad_tcp_port_flush :1556 sock 121 write (2,64,64) n_written=64 tcp_port 0x7f88cca190
[13074] write [(2,64) (14 03 03 00 01 01 17 03 03 00 35 1c 39 7f 71 17 5a 74 bb 36 66 7a f7 93 ec 31 6d ba 69 be fa 9a 9f 85 05 5a 3a 35 b5 a9 6e 26 38 6b 83 23 5a 50 67 dc 27 3d f6 15 47 bb e3 e0 0d fe 3f 48 bf 12 )(..........5.9.q.Zt.6fz...1m.i......Z:5..n&8k.#ZPg.'=..G.....?H..)]
[I]2024-07-09 15:49:36.321006 [p:13074][s:928263] wad_tcp_port_on_event :1887 start processing tcp event=0x1 events=0x1 fd=116 n_out_block=0 state=2 close/shut=0/0 n_out_block=0
[I]2024-07-09 15:49:36.321042 [p:13074][s:928263] wad_tcp_port_on_read :1763 sock 116 read (899,3181)
[13074] read [(899,64) (14 03 03 00 01 01 17 03 03 00 35 2d c3 55 98 8c 61 86 59 5d 64 86 39 42 c5 1d 03 12 20 ac dd ca 4d 17 8d 57 79 37 19 8b 2f 7d 06 bc d9 46 8b 4d 53 24 0c 3a 69 69 46 95 fd 33 b7 1f 90 5b 39 76 )(..........5-.U..a.Y]d.9B.... ...M..Wy7../}...F.MS$.:iiF..3...[9v)]
[V]2024-07-09 15:49:36.321138 [p:13074][s:928263] wad_ssl_sock_port_in_ops_read_buff:16574 sp=0x7f88a1f3f0/6 len=64
[V]2024-07-09 15:49:36.321149 [p:13074][s:928263] wad_ssl_sock_port_in_ops_sync :16584 sp=0x7f88a1f3f0/6 sync state=1 start
[V]2024-07-09 15:49:36.321158 [p:13074][s:928263] wad_ssl_sock_port_exec_up_forward :16257 sp=0x7f88a1f3f0/6
[I]2024-07-09 15:49:36.321174 [p:13074][s:928263] wad_ssl_sock_port_exec_up_forward_txn:16238 sp=0x7f88a1f3f0/6 forwarded len=64/963
[I]2024-07-09 15:49:36.321183 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f3f0/6 cts 2 pts 3 hs 28/2 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/890 cti 0/0 ci 1/64/5 cto 0/0 wb 0/0
[I]2024-07-09 15:49:36.321199 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f3f0/6 cts 3 pts 3 hs 28/2 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/890 cti 0/0 ci 1/64/6 cto 0/0 wb 0/0
[I]2024-07-09 15:49:36.321214 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f3f0/6 cts 2 pts 3 hs 28/2 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/890 cti 1/6 ci 1/58/5 cto 0/0 wb 0/0
[V]2024-07-09 15:49:36.321234 [p:13074][s:928263] wad_ssl_port_caps_on_dec_start :15062 sp=0x7f88a1f3f0/6 dec start 0x7f898c55f0 type 20 ver 0303 len 1 (01 )
[V]2024-07-09 15:49:36.321248 [p:13074][s:928263] wad_ssl_port_caps_on_dec_done :15087 sp=0x7f88a1f3f0/6 dec done 0x7f898c55f0 type 20 ver 0303 status 0 len 1 (01 )
[I]2024-07-09 15:49:36.321259 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f3f0/6 cts 2 pts 3 hs 28/2 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 1/1/890 cti 0/0 ci 1/58/5 cto 0/0 wb 0/0
[I]2024-07-09 15:49:36.321275 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f3f0/6 cts 2 pts 3 hs 28/2 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/890 cti 0/0 ci 1/58/5 cto 0/0 wb 0/0
[I]2024-07-09 15:49:36.321289 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f3f0/6 cts 3 pts 3 hs 28/2 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/890 cti 0/0 ci 1/58/58 cto 0/0 wb 0/0
[I]2024-07-09 15:49:36.321304 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f3f0/6 cts 2 pts 3 hs 28/2 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/890 cti 1/58 ci 0/0/5 cto 0/0 wb 0/0
[V]2024-07-09 15:49:36.321355 [p:13074][s:928263] wad_ssl_port_caps_on_dec_start :15062 sp=0x7f88a1f3f0/6 dec start 0x7f898c55f0 type 23 ver 0303 len 53 (2d c3 55 98 8c 61 86 59 5d 64 86 39 42 c5 1d 03 12 20 ac dd ca 4d 17 8d 57 79 37 19 8b 2f 7d 06 bc d9 46 8b 4d 53 24 0c 3a 69 69 46 95 fd 33 b7 1f 90 5b 39 76 )
[V]2024-07-09 15:49:36.321425 [p:13074][s:928263] wad_ssl_port_caps_on_dec_done :15087 sp=0x7f88a1f3f0/6 dec done 0x7f898c55f0 type 22 ver 0303 status 0 len 36 (14 00 00 20 da f8 3f 0b 71 03 d0 a6 28 36 78 d5 9c 27 a7 6f a0 47 fd 18 ed 02 88 f0 1f 62 f2 3b e0 c8 e8 a7 )
[I]2024-07-09 15:49:36.321438 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f3f0/6 cts 2 pts 3 hs 28/2 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 1/36/890 cti 0/0 ci 0/0/5 cto 0/0 wb 0/0
[I]2024-07-09 15:49:36.321453 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f3f0/6 cts 2 pts 5 hs 28/2 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 1/36/36 cti 0/0 ci 0/0/5 cto 0/0 wb 0/0
[V]2024-07-09 15:49:36.321469 [p:13074][s:928263] wad_ssl_port_caps_on_handshake_recv:10741 sp=0x7f88a1f3f0/6 recv type=20 len=36
[I]2024-07-09 15:49:36.321498 [p:13074][s:928263] wad_ssl_common_on_handshake_done :10045 sp=0x7f88a1f3f0/6 SSL handshake done! cipher-num=0x1301
[I]2024-07-09 15:49:36.321518 [p:13074][s:928263] wad_http_srv_selector_static_make :1014 make static server selector.
[I]2024-07-09 15:49:36.321536 [p:13074][s:928263] wad_http_srv_slct_static_set_connectable:458 static server selector connectable set to 0.
[V]2024-07-09 15:49:36.321545 [p:13074][s:928263] wad_http_srv_connected :7342 addr::0, proto=1 req=(nil) tun_non_http=1 expect_tun=0
[I]2024-07-09 15:49:36.321556 [p:13074][s:928263] wad_http_srv_slct_static_set_connectable:458 static server selector connectable set to 0.
[I]2024-07-09 15:49:36.321565 [p:13074][s:928263] wad_http_full_ses_make :16314 make ok session=0x7f8a0bbde8 server=0x7f88a1f258.
[I]2024-07-09 15:49:36.321575 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f048/7 cts 2 pts 3 hs 34/33 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/32 cti 0/0 ci 0/0/5 cto 0/0 wb 0/0
[V]2024-07-09 15:49:36.321591 [p:13074][s:928263] wad_tcp_port_out_read_block :1005 tcp_port 0x7f88cca190 fd=121 on=0 n_out_block=1~>0 in(/out)_shutdown=0/0 closed=0 state=2.
[V]2024-07-09 15:49:36.321602 [p:13074][s:928263] wad_tcp_port_transport_read_block :960 tcp_port 0x7f88cca190 fd=121 on=0 n_out_block=1~>0 in(/out)_shutdown=0/0 closed=0 events=0x0.
[V]2024-07-09 15:49:36.321612 [p:13074][s:928263] wad_tcp_port_transport_read_block :992 sock 121 read_block removed, turn on readability.
[I]2024-07-09 15:49:36.321624 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f048/7 cts 2 pts 3 hs 34/33 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/32 cti 0/0 ci 0/0/5 cto 0/0 wb 0/0
[I]2024-07-09 15:49:36.321663 [p:13074][s:928263] wad_ssl_proxy_issue_c2p_session_ticket:10446 wsp=0x7f88a1f3f0/6 not issuing: ver=0304 wst=0x7f89331678wst=(0x7f89331678 0 0 0) tic=(nil)
[V]2024-07-09 15:49:36.321674 [p:13074][s:928263] wad_key_share_soft_impl_put :353 key_share 0x7f8a049d48 g=29 use_cnt=100 holding=1 put
[I]2024-07-09 15:49:36.321714 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f3f0/6 cts 2 pts 3 hs 34/28 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/32 cti 0/0 ci 0/0/5 cto 0/0 wb 0/0
[V]2024-07-09 15:49:36.321731 [p:13074][s:928263] wad_tcp_port_window_adjust :463 tcp_port 0x7f88cca048 window-type 0 set 1 SNDBUF 327680 RCVBUF 327680
[I]2024-07-09 15:49:36.322577 [p:13074][s:928263] wad_tcp_port_on_event :1887 start processing tcp event=0x1 events=0x1 fd=121 n_out_block=0 state=2 close/shut=0/0 n_out_block=0
[I]2024-07-09 15:49:36.322597 [p:13074][s:928263] wad_tcp_port_on_read :1763 sock 121 read (244,3836)
[13074] read [(244,79) (17 03 03 00 4a b1 02 b8 8d 8f 92 df 06 d9 bf 55 cb fd 63 32 5b df ee de 50 55 07 61 b6 11 0f 0f db 63 ef 55 20 d4 4f bf 28 9a 02 cf a0 72 a5 e9 16 f0 5a 8d 5e 01 aa e9 d9 0a ea 92 b3 8f 7b 8a af c8 00 93 97 f4 c8 06 db d4 c8 a6 59 71 31 )(....J..........U..c2[...PU.a.....c.U .O.(....r....Z.^.........{.............Yq1)]
[V]2024-07-09 15:49:36.322722 [p:13074][s:928263] wad_ssl_sock_port_in_ops_read_buff:16574 sp=0x7f88a1f048/7 len=79
[V]2024-07-09 15:49:36.322733 [p:13074][s:928263] wad_ssl_sock_port_in_ops_sync :16584 sp=0x7f88a1f048/7 sync state=3 start
[V]2024-07-09 15:49:36.322741 [p:13074][s:928263] wad_ssl_sock_port_exec_up_forward :16257 sp=0x7f88a1f048/7
[I]2024-07-09 15:49:36.322752 [p:13074][s:928263] wad_ssl_sock_port_exec_up_forward_txn:16238 sp=0x7f88a1f048/7 forwarded len=79/323
[I]2024-07-09 15:49:36.322762 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f048/7 cts 2 pts 3 hs 34/33 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/32 cti 0/0 ci 1/79/5 cto 0/0 wb 0/0
[I]2024-07-09 15:49:36.322776 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f048/7 cts 3 pts 3 hs 34/33 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/32 cti 0/0 ci 1/79/79 cto 0/0 wb 0/0
[I]2024-07-09 15:49:36.322792 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f048/7 cts 2 pts 3 hs 34/33 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/32 cti 1/79 ci 0/0/5 cto 0/0 wb 0/0
[V]2024-07-09 15:49:36.322858 [p:13074][s:928263] wad_ssl_port_caps_on_dec_start :15062 sp=0x7f88a1f048/7 dec start 0x7f898c4ac8 type 23 ver 0303 len 74 (b1 02 b8 8d 8f 92 df 06 d9 bf 55 cb fd 63 32 5b df ee de 50 55 07 61 b6 11 0f 0f db 63 ef 55 20 d4 4f bf 28 9a 02 cf a0 72 a5 e9 16 f0 5a 8d 5e 01 aa e9 d9 0a ea 92 b3 8f 7b 8a af c8 00 93 97 f4 c8 06 db d4 c8 a6 59 71
31 )
[V]2024-07-09 15:49:36.322920 [p:13074][s:928263] wad_ssl_port_caps_on_dec_done :15087 sp=0x7f88a1f048/7 dec done 0x7f898c4ac8 type 22 ver 0303 status 0 len 57 (04 00 00 35 00 01 51 80 98 b7 08 a4 08 00 00 00 00 00 00 00 00 00 20 22 e3 de 41 c8 da 25 de 26 33 6e 10 33 4f df d3 f8 ec 0a 5a d3 47 33 db 49 39 01 48 90 ce 6c e3 00 00 )
[I]2024-07-09 15:49:36.322932 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f048/7 cts 2 pts 3 hs 34/33 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 1/57/32 cti 0/0 ci 0/0/5 cto 0/0 wb 0/0
[I]2024-07-09 15:49:36.322947 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f048/7 cts 2 pts 5 hs 34/33 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 1/57/57 cti 0/0 ci 0/0/5 cto 0/0 wb 0/0
[I]2024-07-09 15:49:36.322970 [p:13074][s:928263] wad_ssl_proxy_clt_on_new_session_ticket:13986 sp=0x7f88a1f048/7 recv new session ticket, lifetime_hint 86400 len 32
[I]2024-07-09 15:49:36.322985 [p:13074][s:928263] wad_ssl_proxy_clt_on_new_session_ticket:14077 wsp(0x7f88a1f048/7) offers a stk to the peer.
[I]2024-07-09 15:49:36.323001 [p:13074][s:928263] wad_ssl_session_ticket_13_issue :3863 wsp(0x7f88a1f3f0/6) starts to make 1.3 ticket, svr_tkt(0x7f84c06390)
[V]2024-07-09 15:49:36.323012 [p:13074][s:928263] wad_ticket_extension_sni_pack :10295 pack sni done!
[V]2024-07-09 15:49:36.323022 [p:13074][s:928263] wad_ssl_proxy_session_ticket_detail_make:10412 wsp(0x7f88a1f3f0/6) send session ticket extra data len = 146
[W]2024-07-09 15:49:36.323030 [p:13074][s:928263] wad_ssl_session_ticket_13_issue :3886 wsp(0x7f88a1f3f0/6) issue 1.3 ticket.
[V]2024-07-09 15:49:36.323109 [p:13074][s:928263] wad_ssl_port_caps_on_handshake_sent:11239 sp=0x7f88a1f3f0/6 sent type=4
[V]2024-07-09 15:49:36.323332 [p:13074][s:928263] wad_ssl_port_caps_on_enc_start :15012 sp=0x7f88a1f3f0/6 enc start 0x7f898c4240 type 22 ver 0303 len 313 (04 00 01 35 00 00 1c 20 ae 1f 8a 4c 08 00 00 00 00 00 00 00 01 01 20 e4 95 e3 9a d8 7e 06 2f 6d 27 52 4d e1 b7 a4 7a 38 25 bf 41 d9 c0 06 54 aa 78 39 1b d7 f9 66 b7 73 7e 37 4a e0 0a 55 66 8f f7 1b 33 a4 19 f1 b7 e6 b
4 76 c3 a4 9a aa 71 43 c5 2e 05 11 9b 24 38 ac c1 fa 03 42 14 48 b4 ae 1d 59 86 9d fb 21 99 42 8b 84 8c b8 10 6f 9e 68 d9 d3 04 a5 b4 5f 2e 4f e9 b6 70 eb f9 5e 07 5b 10 54 bc be 2c de 81 fa ad bd 45 48 ea 69 5a 84 61 6a 5b 74 64 98 2c fd bf 8f 23 ab d7 8c a5 d1 33 54 b2 f4 9d 9a 8f da ed 88 7c 6b 63 98 10 05 f7 69 49 8c 11 a9 4e e9 89 30 16 ae 08 eb b9 d4 5c 20 3b 43 23 53 27
f8 52 2e 28 7c 03 ea f5 ef 28 d8 18 ad 89 04 96 ee c4 cc 74 b0 a1 4b 47 02 bd dc 1d ec 45 93 46 e2 00 9a 23 f6 fa 81 8c da 7e 20 08 fa fb cd c5 c8 aa 5e ac 58 a2 f2 7e 64 fb 77 b1 23 5f 74 cb 48 a2 72 51 61 78 4a ec a1 05 35 fb e9 1f a5 7f d9 77 f9 5b 0d 2f c5 4c
[V]2024-07-09 15:49:36.323585 [p:13074][s:928263] wad_ssl_port_caps_on_enc_done :15039 sp=0x7f88a1f3f0/6 enc done 0x7f898c4240 type 22 ver 0303 status 0 len 335 (17 03 03 01 4a a0 1d 64 eb 01 a1 f8 33 46 f9 13 ab a6 34 fb 33 d7 18 df 51 0a 05 57 cd 0d 5d 39 e7 15 b4 d4 fd 16 76 dd f2 49 3c c8 1b 74 86 1b 2a b9 cf 8d f7 ae d7 fa ef c5 89 6b 51 69 0f ea 37 89 47 02 00 02
f6 b4 0a 3f 77 b3 84 2c 48 94 83 2c 5a 23 cc 4f 1a d8 10 36 c4 89 8c 7d 21 53 09 30 70 1d 0d e5 12 e1 55 b5 d5 13 4d ea 80 a1 ea 26 85 2b 69 4a 3d 9b 5d 50 37 e6 fa e8 1c cb 2e 53 d0 87 44 6b ca 54 6e ed 4c 83 f4 e5 0b 66 06 5f 89 53 a3 3f c9 43 22 c4 92 6b a4 46 2f fc 4f 6f 37 59 d3 b1 bb 8f 00 ed 1c 77 9c c8 f7 94 67 20 a3 7b 51 f4 6b 14 ce b0 81 4e f4 bd 13 1a 53 5f 8a fd
2d 50 51 27 71 11 e9 2d 71 3b a4 08 20 af f1 e2 a4 1f 10 29 bb cf cb dd 46 c3 c9 44 00 67 d0 27 d0 f3 d8 a6 ae e0 af 43 5a f6 f4 13 bf 54 cc f9 c0 a7 4c 34 20 71 4d aa ca fb 97 bf fb 96 37 82 b6 d9 b4 3d f8 24 5b 5b 9e 96 c2 a7 f9 93 05 a2 a0 c9 fa f8 f0 5c 97 f0 0
[V]2024-07-09 15:49:36.323602 [p:13074][s:928263] wad_ssl_sock_port_fts_in_write :15780 sp=0x7f88a1f3f0/6 start=0 len=335
[V]2024-07-09 15:49:36.323612 [p:13074][s:928263] wad_ssl_sock_port_out_ops_sync :17172 sp=0x7f88a1f3f0/6 state=3 fts-input=335 proxy-input=0
[V]2024-07-09 15:49:36.323622 [p:13074][s:928263] wad_ssl_sock_port_exec_dn_forward :16932 sp=0x7f88a1f3f0/6 ib-len=335
[V]2024-07-09 15:49:36.323632 [p:13074][s:928263] wad_tcp_port_out_read_sync :944 tcp_port(0x7f88cca048) sync 335
[I]2024-07-09 15:49:36.323642 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f3f0/6 cts 2 pts 3 hs 34/28 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/32 cti 0/0 ci 0/0/5 cto 0/0 wb 0/0
[I]2024-07-09 15:49:36.323656 [p:13074][s:928263] wad_ssl_proxy_issue_c2p_session_ticket:10459 wsp=0x7f88a1f3f0/6 ver=0304 wst=0x7f89331678wst=(0x7f89331678 1 0 0) tic=(nil)peer=0x7f88a1f048/7 issue-ticket=1
[I]2024-07-09 15:49:36.323666 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f048/7 cts 2 pts 3 hs 34/34 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/53 cti 0/0 ci 0/0/5 cto 0/0 wb 0/0
[V]2024-07-09 15:49:36.323680 [p:13074][s:928263] wad_tcp_port_window_adjust :463 tcp_port 0x7f88cca190 window-type 0 set 1 SNDBUF 327680 RCVBUF 327680
[I]2024-07-09 15:49:36.323729 [p:13074][s:928263] wad_tcp_port_flush :1556 sock 116 write (1,335,335) n_written=335 tcp_port 0x7f88cca048
[13074] write [(1,335) (17 03 03 01 4a a0 1d 64 eb 01 a1 f8 33 46 f9 13 ab a6 34 fb 33 d7 18 df 51 0a 05 57 cd 0d 5d 39 e7 15 b4 d4 fd 16 76 dd f2 49 3c c8 1b 74 86 1b 2a b9 cf 8d f7 ae d7 fa ef c5 89 6b 51 69 0f ea 37 89 47 02 00 02 f6 b4 0a 3f 77 b3 84 2c 48 94 83 2c 5a 23 cc 4f 1a d8 10 36 c4 89 8c 7d 21 53 09 30 70 1d 0d e5 12 e1 55 b5 d5 13 4d ea 80 a1 ea 26 85 2b 69 4a 3
d 9b 5d 50 37 e6 fa e8 1c cb 2e 53 d0 87 44 6b ca 54 6e ed 4c 83 f4 e5 0b 66 06 5f 89 53 a3 3f c9 43 22 c4 92 6b a4 46 2f fc 4f 6f 37 59 d3 b1 bb 8f 00 ed 1c 77 9c c8 f7 94 67 20 a3 7b 51 f4 6b 14 ce b0 81 4e f4 bd 13 1a 53 5f 8a fd 2d 50 51 27 71 11 e9 2d 71 3b a4 08 20 af f1 e2 a4 1f 10 29 bb cf cb dd 46 c3 c9 44 00 67 d0 27 d0 f3 d8 a6 ae e0 af 43 5a f6 f4 13 )(....J..d....
3F....4.3...Q..W..]9......v..I<..t..*..........kQi..7.G......?w..,H..,Z#.O...6...}!S.0p.....U...M....&.+iJ=.]P7......S..Dk.Tn.L....f._.S.?.C"..k.F/.Oo7Y.......w....g .{Q.k....N....S_..-PQ'q..-q;.. ......)....F..D.g.'.......CZ...)]
[(bf 54 cc f9 c0 a7 4c 34 20 71 4d aa ca fb 97 bf fb 96 37 82 b6 d9 b4 3d f8 24 5b 5b 9e 96 c2 a7 f9 93 05 a2 a0 c9 fa f8 f0 5c 97 f0 01 93 1b 26 d3 7c ad 0a 7d 17 5a 07 d4 0d 4f bb 55 38 08 f5 8b de 11 c8 1b 29 3a bb cb 89 0a f0 8a c6 70 ab ee a2 7a 9b ad 99 85 00 2f 57 eb cc 0a 1c b8 )(.T....L4 qM.......7....=.$[[.............\.....&.|..}.Z...O.U8.......):.......p...z.
..../W.....)]

HTTPS Traffic Resumed after TLS Handshake. Client Request.

[I]2024-07-09 15:49:36.325625 [p:13074][s:928263] wad_tcp_port_on_event :1887 start processing tcp event=0x1 events=0x1 fd=116 n_out_block=0 state=2 close/shut=0/0 n_out_block=0
[I]2024-07-09 15:49:36.325643 [p:13074][s:928263] wad_tcp_port_on_read :1763 sock 116 read (963,3117)
[13074] read [(963,761) (17 03 03 02 f4 67 51 9f 65 bd d1 8e 24 3d 68 72 9e 00 bb 5a 94 f5 3b 19 22 f8 69 a9 ba dd 5c 4f a7 3d 3d ca 80 f6 18 b3 3e 28 4e 27 9d 7a ae 53 8d 9a e3 e3 39 dd ff ea 9c 15 8f ba 4c bb e0 96 38 07 c9 07 99 e4 a5 0e 6c 62 c6 84 02 f4 cb 6c 41 3f bf a2 a3 f5 05 fc 41 38 5f c6 4c a1 4a 2a e3 6d 6c 38 b7 2a 8d 2f 86 60 0e c0 20 a5 22 2a 75 04 9f 77 b9 39
af 69 44 00 54 b0 07 f8 af e7 e0 6a f2 2d d6 cf a6 59 ab aa 35 3f 01 8f d9 4a d8 0a 61 c8 2b e4 30 56 57 72 fb d2 d7 d7 6e 12 56 80 8a ac a7 35 f8 99 aa 65 6b 90 4b a8 69 b2 9d 62 8e 92 63 e2 a1 07 3c 18 12 f3 bb b7 34 9d 7c 96 ef d3 e7 a5 2a 23 b7 bc e9 72 ca ff 32 7d da 35 12 fe a3 60 58 4a 77 11 8f 1a a5 b1 f7 97 34 da 79 d3 25 c6 c3 32 98 73 b2 c9 ac 57 fe f7 )(.....gQ.e..
.$=hr...Z..;.".i...\O.==.....>(N'.z.S....9.......L...8.......lb.....lA?......A8_.L.J*.ml8.*./.`.. ."*u..w.9.iD.T......j.-...Y..5?...J..a.+.0VWr....n.V....5...ek.K.i..b..c...<.....4.|.....*#...r..2}.5...`XJw.......4.y.%..2.s...W..)]
[(2e 79 d1 41 5b 33 f1 f7 c8 a4 0f 60 44 8a ef c1 d8 77 14 07 33 91 8e 87 6b 6e c3 19 be ad 9b e8 46 52 c2 fb c7 4e c7 99 d3 81 91 c2 c3 04 21 46 57 e5 bf ff 13 cd 0a 0b d2 5d 37 cd 5f f8 20 48 95 a4 ad e6 c8 2e c4 00 77 b6 d4 c1 4b 92 7d 68 0a 40 8c 79 bd c2 1e b7 d0 77 ce 1b a9 d5 88 f6 29 7a 41 8d d0 4e 34 77 8e 07 b6 96 51 27 8b 2a ff 21 c5 76 a0 00 c4 6a 6d 6f 20 e7
44 e0 d1 b0 cd 88 fa 51 73 98 e8 e5 09 38 19 cf 46 e6 62 ae 5e e0 ba fb cf d6 60 a5 c5 93 bb 93 0b 60 f9 86 0b 5f 6c aa 3f 84 bb 50 13 88 7c c5 db 54 ee 2b dc e4 26 89 a8 63 18 15 a7 cc a3 7e 6c 97 cd 94 49 c1 e6 ee 04 79 6c 83 e8 87 4a 9f dd 43 bc 19 42 14 73 0e 99 63 a3 60 15 70 58 c9 2d 04 77 c3 2a 27 d7 28 02 85 6e be 35 4a 29 4d a6 de ef 6b )(.y.A[3.....`D....w..3...kn...
...FR...N........!FW........]7._. H........w...K.}h.@.y.....w......)zA..N4w....Q'.*.!.v...jmo .D......Qs....8..F.b.^.....`......`..._l.?..P..|..T.+..&..c.....~l...I....yl...J..C..B.s..c.`.pX.-.w.*'.(..n.5J)M...k)]
[(18 90 ad b1 a0 17 45 8a 6e 72 3a b7 0b 2c 50 cd 5d bf de bb 44 ac 3d 44 37 8f 7f f4 bb b4 3f 97 82 8e fd 4a a1 a2 dd 85 21 4b 29 7f 74 5e 31 00 3d 00 0b be a4 7a f6 94 b3 54 6f 87 e0 7c 0f 7c e3 00 63 18 b8 6f 00 45 2c 52 97 40 54 f3 57 1c ca 90 75 db bd ab 00 75 e0 6c 84 66 6a ad 7b 72 23 15 6d a2 9d 53 a2 f5 e3 5f 1c 5a 9c 29 28 53 95 71 d4 cc da 76 42 a5 de de 5d 78
66 95 13 f4 4b e7 33 fd 39 73 5f ed cc e7 fc dc 72 60 8d 54 b7 5e ac 9a 7d 13 0d 97 d8 38 66 41 c9 17 1f 52 cb 68 08 1e 39 87 71 d5 dd 12 8f 6d e6 34 03 30 37 aa f1 cc 6e fe e4 3f ae 5b bf 84 6e ed 44 3a 0d 10 84 84 a7 f2 d5 19 b2 3d 99 1b 2f f2 44 0b 2d 53 43 39 b0 cf 19 8e 98 c0 57 55 74 3d fe ec be a5 15 74 78 2d 77 0b 37 23 33 b2 66 ac 22 18 )(......E.nr:..,P.]...D.=D7....
.?....J....!K).t^1.=....z...To..|.|..c..o.E,R.@T.W...u....u.l.fj.{r#.m..S..._.Z.)(S.q...vB...]xf...K.3.9s_.....r`.T.^..}....8fA...R.h..9.q....m.4.07...n..?.[..n.D:.........=../.D.-SC9......WUt=.....tx-w.7#3.f.".)]
[V]2024-07-09 15:49:36.326433 [p:13074][s:928263] wad_ssl_sock_port_in_ops_read_buff:16574 sp=0x7f88a1f3f0/6 len=761
[V]2024-07-09 15:49:36.326442 [p:13074][s:928263] wad_ssl_sock_port_in_ops_sync :16584 sp=0x7f88a1f3f0/6 sync state=3 start
[V]2024-07-09 15:49:36.326451 [p:13074][s:928263] wad_ssl_sock_port_exec_up_forward :16257 sp=0x7f88a1f3f0/6
[I]2024-07-09 15:49:36.326461 [p:13074][s:928263] wad_ssl_sock_port_exec_up_forward_txn:16238 sp=0x7f88a1f3f0/6 forwarded len=761/1724
[I]2024-07-09 15:49:36.326470 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f3f0/6 cts 2 pts 3 hs 34/28 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/32 cti 0/0 ci 1/761/5 cto 0/0 wb 0/0
[I]2024-07-09 15:49:36.326494 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f3f0/6 cts 3 pts 3 hs 34/28 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/32 cti 0/0 ci 1/761/761 cto 0/0 wb 0/0
[I]2024-07-09 15:49:36.326511 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f3f0/6 cts 2 pts 3 hs 34/28 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/32 cti 1/761 ci 0/0/5 cto 0/0 wb 0/0

Traffic Decryption and Parsing (HTTP GET received from Client):

[V]2024-07-09 15:49:36.327015 [p:13074][s:928263] wad_ssl_port_caps_on_dec_start :15062 sp=0x7f88a1f3f0/6 dec start 0x7f898c44e0 type 23 ver 0303 len 756 (67 51 9f 65 bd d1 8e 24 3d 68 72 9e 00 bb 5a 94 f5 3b 19 22 f8 69 a9 ba dd 5c 4f a7 3d 3d ca 80 f6 18 b3 3e 28 4e 27 9d 7a ae 53 8d 9a e3 e3 39 dd ff ea 9c 15 8f ba 4c bb e0 96 38 07 c9 07 99 e4 a5 0e 6c 62 c6 84 02 f
4 cb 6c 41 3f bf a2 a3 f5 05 fc 41 38 5f c6 4c a1 4a 2a e3 6d 6c 38 b7 2a 8d 2f 86 60 0e c0 20 a5 22 2a 75 04 9f 77 b9 39 af 69 44 00 54 b0 07 f8 af e7 e0 6a f2 2d d6 cf a6 59 ab aa 35 3f 01 8f d9 4a d8 0a 61 c8 2b e4 30 56 57 72 fb d2 d7 d7 6e 12 56 80 8a ac a7 35 f8 99 aa 65 6b 90 4b a8 69 b2 9d 62 8e 92 63 e2 a1 07 3c 18 12 f3 bb b7 34 9d 7c 96 ef d3 e7 a5 2a 23 b7 bc e9 72
ca ff 32 7d da 35 12 fe a3 60 58 4a 77 11 8f 1a a5 b1 f7 97 34 da 79 d3 25 c6 c3 32 98 73 b2 c9 ac 57 fe f7 2e 79 d1 41 5b 33 f1 f7 c8 a4 0f 60 44 8a ef c1 d8 77 14 07 33 91 8e 87 6b 6e c3 19 be ad 9b e8 46 52 c2 fb c7 4e c7 99 d3 81 91 c2 c3 04 21 46 57 e5 bf ff
[V]2024-07-09 15:49:36.327549 [p:13074][s:928263] wad_ssl_port_caps_on_dec_done :15087 sp=0x7f88a1f3f0/6 dec done 0x7f898c44e0 type 23 ver 0303 status 0 len 739 (47 45 54 20 2f 20 48 54 54 50 2f 31 2e 31 0d 0a 48 6f 73 74 3a 20 77 73 73 2e 64 73 72 73 64 2e 70 74 3a 38 34 34 34 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 6b 65 65 70 2d 61 6c 69 76 65 0d 0a 50 72 61 67 6d
61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 73 65 63 2d 63 68 2d 75 61 3a 20 22 4e 6f 74 2f 41 29 42 72 61 6e 64 22 3b 76 3d 22 38 22 2c 20 22 43 68 72 6f 6d 69 75 6d 22 3b 76 3d 22 31 32 36 22 2c 20 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 3b 76 3d 22 31 32 36 22 0d 0a 73 65 63 2d 63 68 2d 75 61 2d 6d
6f 62 69 6c 65 3a 20 3f 30 0d 0a 73 65 63 2d 63 68 2d 75 61 2d 70 6c 61 74 66 6f 72 6d 3a 20 22 57 69 6e 64 6f 77 73 22 0d 0a 55 70 67 72 61 64 65 2d 49 6e 73 65 63 75 72 65 2d 52 65 71 75 65 73 74 73 3a 20 31 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 6f 7a 69 6
[I]2024-07-09 15:49:36.327596 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f3f0/6 cts 2 pts 3 hs 34/28 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 1/739/32 cti 0/0 ci 0/0/5 cto 0/0 wb 0/0
[I]2024-07-09 15:49:36.327612 [p:13074][s:928263] wad_ssl_app_port_fts_in_write :17364 sp=0x7f88a1f3f0/6 decrypted up stream len=739
[V]2024-07-09 15:49:36.327622 [p:13074][s:928263] wad_http_mstrm_read :1631 hs=0x7f88ddc8e8 mstrm=0x7f88ddc918 is_clt=1 len=739
[V]2024-07-09 15:49:36.327637 [p:13074][s:928263] wad_http_req_line_reader_parse :549 request line method_len=3 url_len=1 ver_len=8 len=16
[V]2024-07-09 15:49:36.327658 [p:13074][s:928263][r:7] wad_http_req_alloc :1572 req=0x7f889c7048(ses_ctx:t|P|M|Hfe|C|A1|O) dst(orig=144.64.251.248:8444 dst=192.168.20.18:443 srv=192.168.20.18:443) hs=0x7f88ddc8e8 clt_port=0x7f88a1f600 svr_port=0x7f88a1f258
[V]2024-07-09 15:49:36.327691 [p:13074][s:928263][r:7] __wad_http_clt_read_req_line :1857 http client request line clt=0x7f88ddc918
[V]2024-07-09 15:49:36.327702 [p:13074][s:928263][r:7] wad_http_hdr_reader_parse :1157 header line len=25 name_len=4 val_len=17 is_piggy=0 invalid=0
[V]2024-07-09 15:49:36.327718 [p:13074][s:928263][r:7] wad_http_msg_read_hdr :785 header name=Host: id=37 invalid=0.
[V]2024-07-09 15:49:36.327729 [p:13074][s:928263][r:7] wad_http_hdr_reader_parse :1157 header line len=24 name_len=10 val_len=10 is_piggy=0 invalid=0
[V]2024-07-09 15:49:36.327741 [p:13074][s:928263][r:7] wad_http_msg_read_hdr :785 header name=Connection: id=18 invalid=0.
[V]2024-07-09 15:49:36.327764 [p:13074][s:928263][r:7] wad_http_hdr_reader_parse :1157 header line len=18 name_len=6 val_len=8 is_piggy=0 invalid=0
[V]2024-07-09 15:49:36.327776 [p:13074][s:928263][r:7] wad_http_msg_read_hdr :785 header name=Pragma: id=52 invalid=0.
[V]2024-07-09 15:49:36.327786 [p:13074][s:928263][r:7] wad_http_hdr_reader_parse :1157 header line len=25 name_len=13 val_len=8 is_piggy=0 invalid=0
[V]2024-07-09 15:49:36.327797 [p:13074][s:928263][r:7] wad_http_msg_read_hdr :785 header name=Cache-Control: id=17 invalid=0.
[V]2024-07-09 15:49:36.327808 [p:13074][s:928263][r:7] wad_http_hdr_reader_parse :1157 header line len=77 name_len=9 val_len=64 is_piggy=0 invalid=0
[V]2024-07-09 15:49:36.327820 [p:13074][s:928263][r:7] wad_http_msg_read_hdr :801 header name=sec-ch-ua invalid=0.
[V]2024-07-09 15:49:36.327830 [p:13074][s:928263][r:7] wad_http_hdr_reader_parse :1157 header line len=22 name_len=16 val_len=2 is_piggy=0 invalid=0
[V]2024-07-09 15:49:36.327840 [p:13074][s:928263][r:7] wad_http_msg_read_hdr :801 header name=sec-ch-ua-mobile invalid=0.
[V]2024-07-09 15:49:36.327850 [p:13074][s:928263][r:7] wad_http_hdr_reader_parse :1157 header line len=31 name_len=18 val_len=9 is_piggy=0 invalid=0
[V]2024-07-09 15:49:36.327861 [p:13074][s:928263][r:7] wad_http_msg_read_hdr :801 header name=sec-ch-ua-platform invalid=0.
[V]2024-07-09 15:49:36.327870 [p:13074][s:928263][r:7] wad_http_hdr_reader_parse :1157 header line len=30 name_len=25 val_len=1 is_piggy=0 invalid=0
[V]2024-07-09 15:49:36.327881 [p:13074][s:928263][r:7] wad_http_msg_read_hdr :801 header name=Upgrade-Insecure-Requests invalid=0.
[V]2024-07-09 15:49:36.327891 [p:13074][s:928263][r:7] wad_http_hdr_reader_parse :1157 header line len=125 name_len=10 val_len=111 is_piggy=0 invalid=0
[V]2024-07-09 15:49:36.327902 [p:13074][s:928263][r:7] wad_http_msg_read_hdr :785 header name=User-Agent: id=78 invalid=0.
[V]2024-07-09 15:49:36.327913 [p:13074][s:928263][r:7] wad_http_hdr_reader_parse :1157 header line len=145 name_len=6 val_len=135 is_piggy=0 invalid=0
[V]2024-07-09 15:49:36.327925 [p:13074][s:928263][r:7] wad_http_msg_read_hdr :785 header name=Accept: id=0 invalid=0.
[V]2024-07-09 15:49:36.327934 [p:13074][s:928263][r:7] wad_http_hdr_reader_parse :1157 header line len=22 name_len=14 val_len=4 is_piggy=0 invalid=0
[V]2024-07-09 15:49:36.327945 [p:13074][s:928263][r:7] wad_http_msg_read_hdr :801 header name=Sec-Fetch-Site invalid=0.
[V]2024-07-09 15:49:36.327954 [p:13074][s:928263][r:7] wad_http_hdr_reader_parse :1157 header line len=26 name_len=14 val_len=8 is_piggy=0 invalid=0
[V]2024-07-09 15:49:36.327965 [p:13074][s:928263][r:7] wad_http_msg_read_hdr :801 header name=Sec-Fetch-Mode invalid=0.
[V]2024-07-09 15:49:36.327974 [p:13074][s:928263][r:7] wad_http_hdr_reader_parse :1157 header line len=20 name_len=14 val_len=2 is_piggy=0 invalid=0
[V]2024-07-09 15:49:36.327985 [p:13074][s:928263][r:7] wad_http_msg_read_hdr :801 header name=Sec-Fetch-User invalid=0.
[V]2024-07-09 15:49:36.327995 [p:13074][s:928263][r:7] wad_http_hdr_reader_parse :1157 header line len=26 name_len=14 val_len=8 is_piggy=0 invalid=0
[V]2024-07-09 15:49:36.328006 [p:13074][s:928263][r:7] wad_http_msg_read_hdr :801 header name=Sec-Fetch-Dest invalid=0.
[V]2024-07-09 15:49:36.328016 [p:13074][s:928263][r:7] wad_http_hdr_reader_parse :1157 header line len=42 name_len=15 val_len=23 is_piggy=0 invalid=0
[V]2024-07-09 15:49:36.328027 [p:13074][s:928263][r:7] wad_http_msg_read_hdr :785 header name=Accept-Encoding: id=2 invalid=0.
[V]2024-07-09 15:49:36.328037 [p:13074][s:928263][r:7] wad_http_hdr_reader_parse :1157 header line len=63 name_len=15 val_len=44 is_piggy=0 invalid=0
[V]2024-07-09 15:49:36.328055 [p:13074][s:928263][r:7] wad_http_msg_read_hdr :785 header name=Accept-Language: id=3 invalid=0.
[V]2024-07-09 15:49:36.328065 [p:13074][s:928263][r:7] wad_http_hdr_reader_parse :1162 empty line.
[I]2024-07-09 15:49:36.328077 [p:13074][s:928263][r:7] wad_dump_http_request :2621 hreq=0x7f889c7048 Received request from client: 85.245.105.249:60006

GET / HTTP/1.1
Host: wss.dsrsd.pt:8444
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
sec-ch-ua: "Not/A)Brand";v="8", "Chromium";v="126", "Google Chrome";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9,pt-PT;q=0.8,pt;q=0.7,es;q=0.6

[V]2024-07-09 15:49:36.328109 [p:13074][s:928263][r:7] wad_http_marker_uri :1272 path=/ len=1
[V]2024-07-09 15:49:36.328126 [p:13074][s:928263][r:7] wad_http_parse_host :1651 host_len=17
[V]2024-07-09 15:49:36.328135 [p:13074][s:928263][r:7] wad_http_parse_host :1687 len=12
[V]2024-07-09 15:49:36.328144 [p:13074][s:928263][r:7] wad_http_parse_host :1696 len=4
[I]2024-07-09 15:49:36.328160 [p:13074][s:928263][r:7] wad_http_str_canonicalize :2198 enc=0 path=/ len=1 changes=0
[V]2024-07-09 15:49:36.328171 [p:13074][s:928263][r:7] wad_http_normalize_uri :2292 host_len=12 path_len=1 query_len=0
[I]2024-07-09 15:49:36.328181 [p:13074][s:928263][r:7] wad_http_req_detect_special :15156 captive_portal detected: false, preflight=(null)

Traffic analysis:

[V]2024-07-09 15:49:36.328193 [p:13074][s:928263][r:7] wad_http_req_exec_act :13587 request(0x7f889c7048), intercept(pass), block(0)
[V]2024-07-09 15:49:36.328204 [p:13074][s:928263][r:7] wad_http_req_exec_act :13676 dst_addr_type=1 wc_nontp=0 sec_web=1 web_cache=0 req_bypass=0
[V]2024-07-09 15:49:36.328215 [p:13074][s:928263][r:7] wad_http_parse_auth_cookie :1300 cookie_parsed=0 strip=2 pid=13074
[I]2024-07-09 15:49:36.328239 [p:13074][s:928263][r:7] wad_http_urlfilter_check :383 uri_norm=1 inval_host=0 inval_url=0 scan-hdr/body=1/0 url local=0 block=0 user-cat=0 allow=0 ftgd=0 keyword=0 wisp=0
[I]2024-07-09 15:49:36.328255 [p:13074][s:928263][r:7] wad_http_req_proc_waf :1309 req=0x7f889c7048 ssl.deep_scan=1 proto=10 exempt=0 waf=(nil) body_len=0 ua=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 skip_scan=0
[V]2024-07-09 15:49:36.328268 [p:13074][s:928263][r:7] wad_http_req_proc_antiphish :8380 No profile
[I]2024-07-09 15:49:36.328281 [p:13074][s:928263][r:7] wad_http_srv_attach_req :319 [0x7f889c7048] Use old server0x7f88c5a968: :0
[V]2024-07-09 15:49:36.328292 [p:13074][s:928263][r:7] wad_http_req_get_svr :9356 http session 0x7f88ddc8e8 req=0x7f889c7048 connected
[V]2024-07-09 15:49:36.328302 [p:13074][s:928263][r:7] wad_http_msg_start_setup_proc :2208 msg(0x7f889c7048) proc-setup started from: req_scan.
[V]2024-07-09 15:49:36.328311 [p:13074][s:928263][r:7] wad_http_def_proc_msg_plan :2170 msg(0x7f889c7048) setting up processor(req_scan)
[I]2024-07-09 15:49:36.328326 [p:13074][s:928263][r:7] wad_http_scan_init :485 hs=0x7f8a302df8 state=initialized:
[V]2024-07-09 15:49:36.328338 [p:13074][s:928263][r:7] wad_http_scan_init :528 scan setup done
[V]2024-07-09 15:49:36.328349 [p:13074][s:928263][r:7] wad_http_req_scan_start_proc :1012 req(0x7f889c7048)
[V]2024-07-09 15:49:36.328367 [p:13074][s:928263][r:7] wad_http_scan_start :606 hs=0x7f8a302df8 state=initialized: begin
[V]2024-07-09 15:49:36.328377 [p:13074][s:928263][r:7] wad_http_scan_upd_msg :793 hs=0x7f8a302df8 state=appending: hdr_len=739 body_len=0 comfort_enable=0 comfort_amount=1
[I]2024-07-09 15:49:36.328388 [p:13074][s:928263][r:7] wad_http_ipsscan__upd_msg :619 ipsscan=0x7f899ab960 state=init: direction forward
[I]2024-07-09 15:49:36.328402 [p:13074][s:928263][r:7] wad_http_ipsscan_init_session_info:160 vd_id=0 policy_id=25 appfw=0 src=[85.245.105.249]:60006 src_if=25 dst=[192.168.20.18]:8444 dst_if=33 username="" usergroup=""
2024-07-09 15:49:36.328424 [p:13074][s:928263][r:7] ipsapp svc 3 create session 2
2024-07-09 15:49:36.328433 [p:13074][s:928263][r:7] ipsapp ses 2 open
2024-07-09 15:49:36.328444 [p:13074][s:928263][r:7] ipsapp ses 2 send start msg 0 len 0 dir 0
[V]2024-07-09 15:49:36.328453 [p:13074][s:928263][r:7] wad_mem_c_malloc :138 size 65568 exceeds max_elm_size (18396); not using bucket
2024-07-09 15:49:36.328592 [p:13074][s:928263][r:7] ipsapp ses 2 queue message 0x7f8a2d49a8 len 16 dir 0
2024-07-09 15:49:36.328604 [p:13074][s:928263][r:7] ipsapp ses 2 message 0x7f8a2d49a8 expand by 25 bytes
2024-07-09 15:49:36.328614 [p:13074][s:928263][r:7] ipsapp ses 2 message 0x7f8a2d49a8 expand by 24 bytes
2024-07-09 15:49:36.328622 [p:13074][s:928263][r:7] ipsapp ses 2 message 0x7f8a2d49a8 expand by 18 bytes
2024-07-09 15:49:36.328631 [p:13074][s:928263][r:7] ipsapp ses 2 message 0x7f8a2d49a8 expand by 25 bytes
2024-07-09 15:49:36.328639 [p:13074][s:928263][r:7] ipsapp ses 2 message 0x7f8a2d49a8 expand by 77 bytes
2024-07-09 15:49:36.328648 [p:13074][s:928263][r:7] ipsapp ses 2 message 0x7f8a2d49a8 expand by 22 bytes
2024-07-09 15:49:36.328656 [p:13074][s:928263][r:7] ipsapp ses 2 message 0x7f8a2d49a8 expand by 31 bytes
2024-07-09 15:49:36.328664 [p:13074][s:928263][r:7] ipsapp ses 2 message 0x7f8a2d49a8 expand by 30 bytes
2024-07-09 15:49:36.328673 [p:13074][s:928263][r:7] ipsapp ses 2 message 0x7f8a2d49a8 expand by 125 bytes
2024-07-09 15:49:36.328681 [p:13074][s:928263][r:7] ipsapp ses 2 message 0x7f8a2d49a8 expand by 145 bytes
2024-07-09 15:49:36.328689 [p:13074][s:928263][r:7] ipsapp ses 2 message 0x7f8a2d49a8 expand by 22 bytes
2024-07-09 15:49:36.328698 [p:13074][s:928263][r:7] ipsapp ses 2 message 0x7f8a2d49a8 expand by 26 bytes
2024-07-09 15:49:36.328706 [p:13074][s:928263][r:7] ipsapp ses 2 message 0x7f8a2d49a8 expand by 20 bytes
2024-07-09 15:49:36.328715 [p:13074][s:928263][r:7] ipsapp ses 2 message 0x7f8a2d49a8 expand by 26 bytes
2024-07-09 15:49:36.328723 [p:13074][s:928263][r:7] ipsapp ses 2 message 0x7f8a2d49a8 expand by 42 bytes
2024-07-09 15:49:36.328731 [p:13074][s:928263][r:7] ipsapp ses 2 message 0x7f8a2d49a8 expand by 63 bytes
2024-07-09 15:49:36.328740 [p:13074][s:928263][r:7] ipsapp ses 2 message 0x7f8a2d49a8 expand by 2 bytes
[V]2024-07-09 15:49:36.328750 [p:13074][s:928263][r:7] wad_http_clt_read_sync :1951 hs=0x7f88ddc8e8 pause=(0/0x0) ret=1 execute=wad_http_clt_read_req_line
[I]2024-07-09 15:49:36.328762 [p:13074][s:928263][r:7] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f3f0/6 cts 2 pts 3 hs 34/28 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/32 cti 0/0 ci 0/0/5 cto 0/0 wb 0/0
[V]2024-07-09 15:49:36.328778 [p:13074][s:928263][r:7] wad_tcp_port_window_adjust :463 tcp_port 0x7f88cca048 window-type 0 set 1 SNDBUF 327680 RCVBUF 327680
2024-07-09 15:49:36.328793 [p:13074] ipsapp ses 2 send msg 1 len 739 dir 0 count 1
2024-07-09 15:49:36.328803 [p:13074] ipsapp ses 2 send writing msg 0 of 1, for length 739
2024-07-09 15:49:36.331329 [p:13074] ipsapp us 120 write (1,1219)
[V]2024-07-09 15:49:36.331359 [p:13074] wad_mem_c_free :176 freeing memory not in bucket
[V]2024-07-09 15:49:36.331483 [p:13074] wad_mem_c_malloc :138 size 65568 exceeds max_elm_size (18396); not using bucket
2024-07-09 15:49:36.331519 [p:13074] ipsapp us 120 read (0,65536)
2024-07-09 15:49:36.331538 [p:13074] ipsapp ses 2 msg 0 eval response dir 0 act 0 app 0 proto 0 tlv_len 0
[V]2024-07-09 15:49:36.331550 [p:13074] wad_mem_c_free :176 freeing memory not in bucket
[V]2024-07-09 15:49:36.331610 [p:13074] wad_mem_c_malloc :138 size 65568 exceeds max_elm_size (18396); not using bucket
2024-07-09 15:49:36.331631 [p:13074] ipsapp us 120 read (0,65536)
2024-07-09 15:49:36.331666 [p:13074] ipsapp ses 2 msg 1 eval response dir 0 act 0 app 0 proto 1 tlv_len 0
[I]2024-07-09 15:49:36.331677 [p:13074][s:928263][r:7] wad_http_ipsscan__ips_app__action :778 ipsscan=0x7f899ab960 state=proc_body: action=permit len=739 tlv_len=0
[V]2024-07-09 15:49:36.331689 [p:13074][s:928263][r:7] wad_http_scan_engine__on_unblock :1394 hs=0x7f8a302df8 engine=ipsscan state=init: unblocking: current=unblocked
[I]2024-07-09 15:49:36.331701 [p:13074][s:928263][r:7] wad_http_ipsscan_handle_result :347 ipsscan=0x7f899ab960 state=proc_body: action=pass resp_type=pass
[I]2024-07-09 15:49:36.331711 [p:13074][s:928263][r:7] wad_http_scan_engine__on_scan_done:1260 hs=0x7f8a302df8 engine=ipsscan state=init: scan complete: action=pass resp_type=pass
[I]2024-07-09 15:49:36.331724 [p:13074][s:928263][r:7] wad_http_scan_handle_finished :1151 hs=0x7f8a302df8 state=scanning: result(action=pass resp_type=pass): engine(name=ipsscan state=done utm=no)
[I]2024-07-09 15:49:36.331735 [p:13074][s:928263][r:7] wad_http_finish_scan_proc :908 HTTP req=0x7f889c7048 action=pass
[I]2024-07-09 15:49:36.331744 [p:13074][s:928263][r:7] wad_http_scan_ack_result :865 hs=0x7f8a302df8 state=scanning: action=pass resp_type=pass
[I]2024-07-09 15:49:36.331768 [p:13074][s:928263][r:7] wad_http_scan_finished_proc :886 HTTP req=0x7f889c7048 hdr_len=739 body_len=0 msg_done=1
[V]2024-07-09 15:49:36.331779 [p:13074][s:928263][r:7] wad_http_def_proc_msg_plan :2170 msg(0x7f891f0e88) setting up processor(req_quota)
[V]2024-07-09 15:49:36.331788 [p:13074][s:928263][r:7] wad_http_def_proc_msg_plan :2170 msg(0x7f891f0e88) setting up processor(req_cache)
[V]2024-07-09 15:49:36.331797 [p:13074][s:928263][r:7] wad_http_def_proc_msg_plan :2170 msg(0x7f891f0e88) setting up processor(req_vs)
[V]2024-07-09 15:49:36.331805 [p:13074][s:928263][r:7] wad_http_def_proc_msg_plan :2170 msg(0x7f891f0e88) setting up processor(req_forward)
[I]2024-07-09 15:49:36.331819 [p:13074][s:928263][r:7] wad_dump_fwd_http_req :2629 hreq=0x7f889c7048 Forward request to server:
GET / HTTP/1.1
Host: wss.dsrsd.pt:8444
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
sec-ch-ua: "Not/A)Brand";v="8", "Chromium";v="126", "Google Chrome";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9,pt-PT;q=0.8,pt;q=0.7,es;q=0.6

[V]2024-07-09 15:49:36.331851 [p:13074][s:928263][r:7] wad_ssl_app_port_out_ops_read :17710 sp=0x7f88a1f048/7 plain down stream len=16 closed=0
[V]2024-07-09 15:49:36.331863 [p:13074][s:928263][r:7] wad_ssl_app_port_out_ops_read :17710 sp=0x7f88a1f048/7 plain down stream len=25 closed=0
[V]2024-07-09 15:49:36.331873 [p:13074][s:928263][r:7] wad_ssl_app_port_out_ops_read :17710 sp=0x7f88a1f048/7 plain down stream len=24 closed=0
[V]2024-07-09 15:49:36.331882 [p:13074][s:928263][r:7] wad_ssl_app_port_out_ops_read :17710 sp=0x7f88a1f048/7 plain down stream len=18 closed=0
[V]2024-07-09 15:49:36.331989 [p:13074][s:928263][r:7] wad_ssl_app_port_out_ops_read :17710 sp=0x7f88a1f048/7 plain down stream len=25 closed=0
[V]2024-07-09 15:49:36.332000 [p:13074][s:928263][r:7] wad_ssl_app_port_out_ops_read :17710 sp=0x7f88a1f048/7 plain down stream len=77 closed=0
[V]2024-07-09 15:49:36.332009 [p:13074][s:928263][r:7] wad_ssl_app_port_out_ops_read :17710 sp=0x7f88a1f048/7 plain down stream len=22 closed=0
[V]2024-07-09 15:49:36.332018 [p:13074][s:928263][r:7] wad_ssl_app_port_out_ops_read :17710 sp=0x7f88a1f048/7 plain down stream len=31 closed=0
[V]2024-07-09 15:49:36.332027 [p:13074][s:928263][r:7] wad_ssl_app_port_out_ops_read :17710 sp=0x7f88a1f048/7 plain down stream len=30 closed=0
[V]2024-07-09 15:49:36.332036 [p:13074][s:928263][r:7] wad_ssl_app_port_out_ops_read :17710 sp=0x7f88a1f048/7 plain down stream len=125 closed=0
[V]2024-07-09 15:49:36.332045 [p:13074][s:928263][r:7] wad_ssl_app_port_out_ops_read :17710 sp=0x7f88a1f048/7 plain down stream len=145 closed=0
[V]2024-07-09 15:49:36.332054 [p:13074][s:928263][r:7] wad_ssl_app_port_out_ops_read :17710 sp=0x7f88a1f048/7 plain down stream len=22 closed=0
[V]2024-07-09 15:49:36.332063 [p:13074][s:928263][r:7] wad_ssl_app_port_out_ops_read :17710 sp=0x7f88a1f048/7 plain down stream len=26 closed=0
[V]2024-07-09 15:49:36.332072 [p:13074][s:928263][r:7] wad_ssl_app_port_out_ops_read :17710 sp=0x7f88a1f048/7 plain down stream len=20 closed=0
[V]2024-07-09 15:49:36.332081 [p:13074][s:928263][r:7] wad_ssl_app_port_out_ops_read :17710 sp=0x7f88a1f048/7 plain down stream len=26 closed=0
[V]2024-07-09 15:49:36.332090 [p:13074][s:928263][r:7] wad_ssl_app_port_out_ops_read :17710 sp=0x7f88a1f048/7 plain down stream len=42 closed=0
[V]2024-07-09 15:49:36.332099 [p:13074][s:928263][r:7] wad_ssl_app_port_out_ops_read :17710 sp=0x7f88a1f048/7 plain down stream len=63 closed=0
[V]2024-07-09 15:49:36.332108 [p:13074][s:928263][r:7] wad_ssl_app_port_out_ops_read :17710 sp=0x7f88a1f048/7 plain down stream len=2 closed=0
[V]2024-07-09 15:49:36.332118 [p:13074][s:928263][r:7] wad_ssl_app_port_out_ops_sync :17780 sp=0x7f88a1f048/7 plain down stream state=3
[I]2024-07-09 15:49:36.332128 [p:13074][s:928263][r:7] wad_ssl_app_port_txn_write :17666 wsp=0x7f88a1f048/7 sync plain down stream len=739
[I]2024-07-09 15:49:36.332140 [p:13074][s:928263][r:7] wad_ssl_app_port_txn_write :17679 wsp=0x7f88a1f048/7 total fwded len=739, status 0
[I]2024-07-09 15:49:36.332149 [p:13074][s:928263][r:7] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f048/7 cts 2 pts 3 hs 34/34 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/53 cti 0/0 ci 0/0/5 cto 1/739 wb 0/0

Traffic Encryption and Forward to Real Server (HTTP GET)

[V]2024-07-09 15:49:36.337303 [p:13074][s:928263][r:7] wad_ssl_port_caps_on_enc_start :15012 sp=0x7f88a1f048/7 enc start 0x7f898c4c18 type 23 ver 0303 len 739 (47 45 54 20 2f 20 48 54 54 50 2f 31 2e 31 0d 0a 48 6f 73 74 3a 20 77 73 73 2e 64 73 72 73 64 2e 70 74 3a 38 34 34 34 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 6b 65 65 70 2d 61 6c 69 76 65 0d 0a 50 72 61 67 6d 61 3a
20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 73 65 63 2d 63 68 2d 75 61 3a 20 22 4e 6f 74 2f 41 29 42 72 61 6e 64 22 3b 76 3d 22 38 22 2c 20 22 43 68 72 6f 6d 69 75 6d 22 3b 76 3d 22 31 32 36 22 2c 20 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 3b 76 3d 22 31 32 36 22 0d 0a 73 65 63 2d 63 68 2d 75 61 2d 6d 6f 62 6
9 6c 65 3a 20 3f 30 0d 0a 73 65 63 2d 63 68 2d 75 61 2d 70 6c 61 74 66 6f 72 6d 3a 20 22 57 69 6e 64 6f 77 73 22 0d 0a 55 70 67 72 61 64 65 2d 49 6e 73 65 63 75 72 65 2d 52 65 71 75 65 73 74 73 3a 20 31 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 6f 7a 69 6c 6c 61
[V]2024-07-09 15:49:36.340312 [p:13074][s:928263][r:7] wad_ssl_port_caps_on_enc_done :15039 sp=0x7f88a1f048/7 enc done 0x7f898c4c18 type 23 ver 0303 status 0 len 761 (17 03 03 02 f4 94 41 bc 33 e2 f0 a7 55 82 f9 c2 49 db 1b c4 17 39 3c b6 5f 9e db 56 47 43 b8 0c d9 68 53 8b d0 43 73 30 8e 31 17 a8 3a 97 4b ef 07 5c eb da c3 05 27 f7 0d f1 07 3f f0 6b 33 44 e9 65 a0 aa a8 d
e 3d f9 54 86 39 8a 51 bf 04 8f ae fe 3c f9 90 3b 15 74 e6 f0 fd 51 48 4d 57 45 09 45 5a ed 35 7f bf 7a 10 08 32 7d 8f ed 01 76 02 0f dc 93 cc f7 36 5a b2 be f1 c2 eb 68 28 df 65 af fe 22 4d 2c 3b d7 ca b8 d0 39 13 72 4f 21 83 c7 8a 5c 62 af 22 9d 7c 38 f5 4f f5 ac 13 2f 94 aa 91 23 e2 d3 37 7c dc b2 c7 c1 19 42 ea 3b e2 38 51 12 db 0a 5c 44 7a 6d cb f9 0b 45 62 32 7c 60 d4 4c
6f 1c 8e 4a a7 23 d1 b2 ab 4f d1 39 1b 85 17 dc 60 7e 7e 07 8c 27 29 6d 0e 9d eb d8 bf f5 2f 6d b8 a5 f8 b6 e6 a8 c0 29 3d d3 83 c7 9a bf 14 ca 4c 3d 7e cb 4d 2b 08 fb 8a 9b 2e 5e 9e ae 67 2d 7a bf b5 3f 68 4a 86 a2 d3 73 ed 95 fb a7 02 5a d0 7e b5 bf 8a c3 70 66
[V]2024-07-09 15:49:36.341673 [p:13074][s:928263][r:7] wad_ssl_sock_port_fts_in_write :15780 sp=0x7f88a1f048/7 start=0 len=761
[V]2024-07-09 15:49:36.341704 [p:13074][s:928263][r:7] wad_ssl_sock_port_out_ops_sync :17172 sp=0x7f88a1f048/7 state=3 fts-input=761 proxy-input=0
[V]2024-07-09 15:49:36.341715 [p:13074][s:928263][r:7] wad_ssl_sock_port_exec_dn_forward :16932 sp=0x7f88a1f048/7 ib-len=761
[V]2024-07-09 15:49:36.341728 [p:13074][s:928263][r:7] wad_tcp_port_out_read_sync :944 tcp_port(0x7f88cca190) sync 761
[I]2024-07-09 15:49:36.341740 [p:13074][s:928263][r:7] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f048/7 cts 2 pts 3 hs 34/34 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/53 cti 0/0 ci 0/0/5 cto 0/0 wb 0/0
[V]2024-07-09 15:49:36.341779 [p:13074][s:928263][r:7] wad_mem_c_free :176 freeing memory not in bucket
[I]2024-07-09 15:49:36.341843 [p:13074][s:928263] wad_tcp_port_flush :1556 sock 121 write (1,761,761) n_written=761 tcp_port 0x7f88cca190
[13074] write [(1,761) (17 03 03 02 f4 94 41 bc 33 e2 f0 a7 55 82 f9 c2 49 db 1b c4 17 39 3c b6 5f 9e db 56 47 43 b8 0c d9 68 53 8b d0 43 73 30 8e 31 17 a8 3a 97 4b ef 07 5c eb da c3 05 27 f7 0d f1 07 3f f0 6b 33 44 e9 65 a0 aa a8 de 3d f9 54 86 39 8a 51 bf 04 8f ae fe 3c f9 90 3b 15 74 e6 f0 fd 51 48 4d 57 45 09 45 5a ed 35 7f bf 7a 10 08 32 7d 8f ed 01 76 02 0f dc 93 cc f7 3
6 5a b2 be f1 c2 eb 68 28 df 65 af fe 22 4d 2c 3b d7 ca b8 d0 39 13 72 4f 21 83 c7 8a 5c 62 af 22 9d 7c 38 f5 4f f5 ac 13 2f 94 aa 91 23 e2 d3 37 7c dc b2 c7 c1 19 42 ea 3b e2 38 51 12 db 0a 5c 44 7a 6d cb f9 0b 45 62 32 7c 60 d4 4c 6f 1c 8e 4a a7 23 d1 b2 ab 4f d1 39 1b 85 17 dc 60 7e 7e 07 8c 27 29 6d 0e 9d eb d8 bf f5 2f 6d b8 a5 f8 b6 e6 a8 c0 29 3d d3 83 c7 )(......A.3...
U...I....9<._..VGC...hS..Cs0.1..:.K..\....'....?.k3D.e....=.T.9.Q.....<..;.t...QHMWE.EZ.5..z..2}...v......6Z.....h(.e.."M,;....9.rO!...\b.".|8.O.../...#..7|.....B.;.8Q...\Dzm...Eb2|`.Lo..J.#...O.9....`~~..')m....../m.......)=...)]
[(9a bf 14 ca 4c 3d 7e cb 4d 2b 08 fb 8a 9b 2e 5e 9e ae 67 2d 7a bf b5 3f 68 4a 86 a2 d3 73 ed 95 fb a7 02 5a d0 7e b5 bf 8a c3 70 66 c3 21 3b 85 34 05 d4 5e 7b 29 67 8a d8 22 e4 79 2a e9 fb 94 85 ba 9a 66 bd c2 62 57 a0 ed 5f b2 45 74 da a5 12 0c a9 c8 02 aa de 7d 8a 7b e3 4a c2 a9 e4 41 a5 c9 0f 02 c7 e3 cf a1 21 83 07 5e df 31 57 27 e4 a3 64 34 20 f0 f9 c4 d8 5e 7a 70
4f 77 5f 73 dc cd 43 8f a2 03 5c ac ad b6 32 7e 27 e8 44 ca 6b 94 76 10 ee db cf 15 ef af 72 c0 7e da 38 7d b0 cf 2e 42 9d a2 04 0c 92 ab 44 e5 f6 46 67 54 ef 05 58 0c 2e e3 ad 1e 68 5f 5f cb e4 3a 4a 0d 87 32 27 53 93 da 15 32 4e a8 ba 58 2e 3a c4 88 0b 47 08 9c 0d 38 b2 ee 5c 4e 11 0c 1e 79 b8 d7 33 eb 1e 8f 89 40 9e 89 33 74 1e 5d 8b f9 e8 3a )(....L=~.M+.....^..g-z..?hJ..
.s.....Z.~....pf.!;.4..^{)g..".y*......f..bW.._.Et.........}.{.J...A........!..^.1W'..d4 ....^zpOw_s..C...\...2~'.D.k.v.......r.~.8}...B......D..FgT..X.....h__..:J..2'S...2N..X.:...G...8..\N...y..3....@..3t.]...:)]
[(67 ca 69 3b 90 5b fe ab d5 07 c2 51 9b 8a 9b 9d ce ff 78 d9 86 ad 9b a8 36 cd b0 0c 00 36 b2 88 59 b2 e3 38 ba 9d a3 72 34 cc fc ce 27 6c df 1c 6d 37 8d 99 0a 34 a9 13 e1 56 73 3c 84 f3 a2 8d 06 79 11 25 4d 18 db dc a1 15 bf e9 99 b6 d0 60 d0 f5 b8 53 df 9f 52 40 de 60 7f 4a 9c 57 04 10 e4 98 bd 5c 48 d3 52 bc b2 b9 d1 81 62 88 a7 60 28 21 b5 e7 9c 5c 80 5b 1d e7 1d cb
61 16 e5 30 dc 2b ee 7b 6a 30 39 22 7b 7f 53 93 50 0e 0c 26 03 15 fa 8a 86 aa 87 c3 aa aa d1 3f 8d ce 74 71 16 38 29 b2 52 d5 b0 01 f2 fe e9 e9 77 11 6d 21 25 db f3 d9 46 a5 09 ac ce 5d d8 43 f9 bf bc 10 fb c4 5b 0d ef dd 09 0a 2a b3 ce 76 e2 22 a9 6b bc a6 cf 4b a1 b4 ce 07 4e 2c ef 36 1a 23 07 e9 65 44 38 b5 8a 35 55 86 d5 ae 2e c9 ab 95 30 1d )(g.i;.[.....Q......x.....6...
.6..Y..8...r4...'l..m7...4...Vs<.....y.%M..........`...S..R@.`.J.W.....\H.R.....b..`(!...\.[....a..0.+.{j09"{.S.P..&...........?..tq.8).R.......w.m!%...F....].C......[.....*..v.".k...K....N,.6.#..eD8..5U.......0.)]

Traffic decryption and parsing (HTTP OK received from Real Server):

[I]2024-07-09 15:49:36.346241 [p:13074][s:928263] wad_tcp_port_on_event :1887 start processing tcp event=0x1 events=0x1 fd=121 n_out_block=0 state=2 close/shut=0/0 n_out_block=0
[I]2024-07-09 15:49:36.346274 [p:13074][s:928263] wad_tcp_port_on_read :1763 sock 121 read (323,3757)
[13074] read [(323,633) (17 03 03 02 74 20 53 bf 23 b8 af 57 c1 d9 2f 63 26 82 b8 7d b2 8c 80 5b 79 17 78 7f 82 6e 59 7e 66 f8 9c 43 cf 9e 60 1a a7 55 39 4c 81 33 2e ef 00 98 40 23 31 7d e5 89 f0 4a 92 b4 4d 0f 73 1b 5a 2c 08 75 f6 68 73 6d 85 27 05 c5 c3 7f 5d 41 d6 d4 55 34 df b6 a6 7f af 5d ee f5 d6 74 60 d4 c5 58 e1 cd ad 78 49 77 f4 af da 3b bc ac a4 57 8d a4 43 48 b8 1c
5a b0 8f 27 81 0a d5 14 1b 55 87 85 30 ee e9 5e 06 b8 ae 95 3a 84 cb e7 e6 59 70 0a 28 36 e2 cc 37 c5 86 2c 9f 60 57 0a 74 7b 18 99 d2 10 5f 0e e5 63 92 e8 b0 5b a7 84 28 e0 97 de 4a 23 d5 81 68 81 4b 84 f3 9a 1d 66 1d 2e ab 32 26 60 f8 b0 a6 7f 76 e4 c0 f4 18 af 50 22 97 1a 39 1f e7 8d aa ab 46 67 1d a9 d5 ca c5 64 c4 99 c4 2c 11 26 ed 1d 27 84 a5 af 5b 5d 0a 71 )(....t S.#..
W../c&..}...[y.x..nY~f..C..`..U9L.3....@#1}...J..M.s.Z,.u.hsm.'....]A..U4.....]...t`..X...xIw...;...W..CH..Z..'.....U..0..^....:....Yp.(6..7..,.`W.t{...._..c...[..(...J#..h.K....f...2&`....v.....P"..9.....Fg.....d...,.&..'...[].q)]
[(49 cd a3 a1 20 9b af 74 c0 6e e8 86 51 45 93 54 b2 b3 73 4a c7 90 ce eb 77 92 62 8b 31 87 79 8b 52 e8 98 43 b9 0f dd 39 68 bd bc a1 6c 3c e8 9a 2c 86 d6 b3 7e b2 83 4c 4d 7e a1 5c 64 0a 09 e9 e6 c2 ef f5 52 57 d6 c9 24 8d 14 de 80 e0 c9 a2 55 d7 9b 16 a8 4d 09 e5 12 a7 37 68 42 b2 1e ed b8 15 cf 2f 44 99 9a c1 dd 35 96 9d fe da b0 bb 51 b5 1e 2d 52 8b 08 7f 4f 57 df f1
25 95 2e ca de 16 8b e2 e1 12 a6 a9 7c ab 14 d3 1c 60 91 69 aa cb 32 ef fa dd 2a 4f 78 0a 1b e3 eb 80 d9 98 dc c3 af 7f 4c 8e 5b a8 32 dd 5e e2 22 7f d1 6d 9f d4 a8 e0 29 2f 96 0e ce c6 4e 8f 6b 9d cf c7 1a c4 56 13 7a ba aa eb 50 a6 b4 49 ec 87 f0 60 39 27 05 ce 68 8e 72 82 c9 03 7f be f2 b2 6d 5b 14 98 3e 38 0b 6e d1 2f 2d d9 94 16 08 19 2b d8 )(I... ..t.n..QE.T..sJ....w.b.1
.y.R..C...9h...l<..,...~..LM~.\d.......RW..$.......U....M....7hB....../D....5......Q..-R...OW..%...........|....`.i..2...*Ox...........L.[.2.^."..m....)/....N.k.....V.z...P..I...`9'..h.r.......m[..>8.n./-.....+.)]
[(e2 05 1b 63 94 68 7a 20 bc 70 51 19 ee 59 c2 78 73 1d 7c 6d 08 d5 04 ae 03 47 b7 8e 79 17 e2 4f 84 16 f1 9e bc 94 db 71 a1 42 7e 1b 88 ce 21 15 7e 24 1f 60 c9 79 e0 d9 01 33 1c 7a cc 31 60 05 8c 07 f4 87 dc b7 a4 0a 9e 89 39 14 0f 7a a4 4e 55 56 2b a8 67 f8 67 c6 96 1b 34 70 f9 57 e9 3f 64 48 98 33 7e cc 32 77 29 c9 8d dd 50 30 b0 c9 c3 14 0d 2c e1 8a f2 9f 19 92 d6 c5
a9 03 11 28 7d de 0e 16 be f2 ea 4f 1e c2 95 cd 14 01 3f fe e3 da 2d 8c 71 3b e8 4a f2 )(...c.hz .pQ..Y.xs.|m.....G..y..O.......q.B~...!.~$.`.y...3.z.1`...........9..z.NUV+.g.g...4p.W.?dH.3~.2w)...P0.....,...........(}......O......?...-.q;.J.)]
[V]2024-07-09 15:49:36.346978 [p:13074][s:928263] wad_ssl_sock_port_in_ops_read_buff:16574 sp=0x7f88a1f048/7 len=633
[V]2024-07-09 15:49:36.346988 [p:13074][s:928263] wad_ssl_sock_port_in_ops_sync :16584 sp=0x7f88a1f048/7 sync state=3 start
[V]2024-07-09 15:49:36.346997 [p:13074][s:928263] wad_ssl_sock_port_exec_up_forward :16257 sp=0x7f88a1f048/7
[I]2024-07-09 15:49:36.347013 [p:13074][s:928263] wad_ssl_sock_port_exec_up_forward_txn:16238 sp=0x7f88a1f048/7 forwarded len=633/956
[I]2024-07-09 15:49:36.347043 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f048/7 cts 2 pts 3 hs 34/34 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/53 cti 0/0 ci 1/633/5 cto 0/0 wb 0/0
[I]2024-07-09 15:49:36.347061 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f048/7 cts 3 pts 3 hs 34/34 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/53 cti 0/0 ci 1/633/633 cto 0/0 wb 0/0
[I]2024-07-09 15:49:36.347078 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f048/7 cts 2 pts 3 hs 34/34 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/53 cti 1/633 ci 0/0/5 cto 0/0 wb 0/0
[V]2024-07-09 15:49:36.347506 [p:13074][s:928263] wad_ssl_port_caps_on_dec_start :15062 sp=0x7f88a1f048/7 dec start 0x7f898c4ac8 type 23 ver 0303 len 628 (20 53 bf 23 b8 af 57 c1 d9 2f 63 26 82 b8 7d b2 8c 80 5b 79 17 78 7f 82 6e 59 7e 66 f8 9c 43 cf 9e 60 1a a7 55 39 4c 81 33 2e ef 00 98 40 23 31 7d e5 89 f0 4a 92 b4 4d 0f 73 1b 5a 2c 08 75 f6 68 73 6d 85 27 05 c5 c3 7
f 5d 41 d6 d4 55 34 df b6 a6 7f af 5d ee f5 d6 74 60 d4 c5 58 e1 cd ad 78 49 77 f4 af da 3b bc ac a4 57 8d a4 43 48 b8 1c 5a b0 8f 27 81 0a d5 14 1b 55 87 85 30 ee e9 5e 06 b8 ae 95 3a 84 cb e7 e6 59 70 0a 28 36 e2 cc 37 c5 86 2c 9f 60 57 0a 74 7b 18 99 d2 10 5f 0e e5 63 92 e8 b0 5b a7 84 28 e0 97 de 4a 23 d5 81 68 81 4b 84 f3 9a 1d 66 1d 2e ab 32 26 60 f8 b0 a6 7f 76 e4 c0 f4
18 af 50 22 97 1a 39 1f e7 8d aa ab 46 67 1d a9 d5 ca c5 64 c4 99 c4 2c 11 26 ed 1d 27 84 a5 af 5b 5d 0a 71 49 cd a3 a1 20 9b af 74 c0 6e e8 86 51 45 93 54 b2 b3 73 4a c7 90 ce eb 77 92 62 8b 31 87 79 8b 52 e8 98 43 b9 0f dd 39 68 bd bc a1 6c 3c e8 9a 2c 86 d6 b3
[V]2024-07-09 15:49:36.347964 [p:13074][s:928263] wad_ssl_port_caps_on_dec_done :15087 sp=0x7f88a1f048/7 dec done 0x7f898c4ac8 type 23 ver 0303 status 0 len 611 (48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 0d 0a 44 61 74 65 3a 20 54 75 65 2c 20 30 39 20 4a 75 6c 20 32 30 32 34 20 31 34 3a 34 39 3a 33 35 20 47 4d 54 0d 0a 43
6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 30 38 20 4a 75 6c 20 32 30 32 34 20 30 38 3a 34 39 3a 31 34 20 47 4d 54 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 6b 65 65 70 2d 61 6c 69 76 65 0d 0a 45 54 61 67
3a 20 57 2f 22 36 36 38 62 61 38 30 61 2d 66 62 22 0d 0a 53 74 72 69 63 74 2d 54 72 61 6e 73 70 6f 72 74 2d 53 65 63 75 72 69 74 79 3a 20 6d 61 78 2d 61 67 65 3d 36 33 30 37 32 30 30 30 3b 20 69 6e 63 6c 75 64 65 53 75 62 44 6f 6d 61 69 6e 73 3b 20 70 72 65 6c 6f 6
[I]2024-07-09 15:49:36.348001 [p:13074][s:928263] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f048/7 cts 2 pts 3 hs 34/34 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 1/611/53 cti 0/0 ci 0/0/5 cto 0/0 wb 0/0
[I]2024-07-09 15:49:36.348017 [p:13074][s:928263] wad_ssl_app_port_fts_in_write :17364 sp=0x7f88a1f048/7 decrypted up stream len=611
[V]2024-07-09 15:49:36.348027 [p:13074][s:928263] wad_http_mstrm_read :1631 hs=0x7f88ddc8e8 mstrm=0x7f88c5a978 is_clt=0 len=611
[V]2024-07-09 15:49:36.348044 [p:13074][s:928263] wad_http_status_line_reader_parse :768 status line code=200 ver_len=8 len=17 invalid=0
[V]2024-07-09 15:49:36.348065 [p:13074][s:928263] wad_http_hdr_reader_parse :1157 header line len=15 name_len=6 val_len=5 is_piggy=0 invalid=0
[V]2024-07-09 15:49:36.348081 [p:13074][s:928263] wad_http_msg_read_hdr :785 header name=Server: id=68 invalid=0.
[V]2024-07-09 15:49:36.348092 [p:13074][s:928263] wad_http_hdr_reader_parse :1157 header line len=37 name_len=4 val_len=29 is_piggy=0 invalid=0
[V]2024-07-09 15:49:36.348104 [p:13074][s:928263] wad_http_msg_read_hdr :785 header name=Date: id=31 invalid=0.
[V]2024-07-09 15:49:36.348113 [p:13074][s:928263] wad_http_hdr_reader_parse :1157 header line len=25 name_len=12 val_len=9 is_piggy=0 invalid=0
[V]2024-07-09 15:49:36.348137 [p:13074][s:928263] wad_http_msg_read_hdr :785 header name=Content-Type: id=28 invalid=0.
[V]2024-07-09 15:49:36.348151 [p:13074][s:928263] wad_http_hdr_reader_parse :1157 header line len=46 name_len=13 val_len=29 is_piggy=0 invalid=0
[V]2024-07-09 15:49:36.348163 [p:13074][s:928263] wad_http_msg_read_hdr :785 header name=Last-Modified: id=45 invalid=0.
[V]2024-07-09 15:49:36.348172 [p:13074][s:928263] wad_http_hdr_reader_parse :1157 header line len=28 name_len=17 val_len=7 is_piggy=0 invalid=0
[V]2024-07-09 15:49:36.348183 [p:13074][s:928263] wad_http_msg_read_hdr :785 header name=Transfer-Encoding: id=74 invalid=0.
[V]2024-07-09 15:49:36.348195 [p:13074][s:928263] wad_http_hdr_reader_parse :1157 header line len=24 name_len=10 val_len=10 is_piggy=0 invalid=0
[V]2024-07-09 15:49:36.348206 [p:13074][s:928263] wad_http_msg_read_hdr :785 header name=Connection: id=18 invalid=0.
[V]2024-07-09 15:49:36.348215 [p:13074][s:928263] wad_http_hdr_reader_parse :1157 header line len=23 name_len=4 val_len=15 is_piggy=0 invalid=0
[V]2024-07-09 15:49:36.348225 [p:13074][s:928263] wad_http_msg_read_hdr :785 header name=ETag: id=32 invalid=0.
[V]2024-07-09 15:49:36.348234 [p:13074][s:928263] wad_http_hdr_reader_parse :1157 header line len=73 name_len=25 val_len=44 is_piggy=0 invalid=0
[V]2024-07-09 15:49:36.348244 [p:13074][s:928263] wad_http_msg_read_hdr :785 header name=Strict-Transport-Security: id=71 invalid=0.
[V]2024-07-09 15:49:36.348253 [p:13074][s:928263] wad_http_hdr_reader_parse :1157 header line len=29 name_len=15 val_len=10 is_piggy=0 invalid=0
[V]2024-07-09 15:49:36.348265 [p:13074][s:928263] wad_http_msg_read_hdr :785 header name=X-Frame-Options: id=92 invalid=0.
[V]2024-07-09 15:49:36.348273 [p:13074][s:928263] wad_http_hdr_reader_parse :1157 header line len=33 name_len=22 val_len=7 is_piggy=0 invalid=0
[V]2024-07-09 15:49:36.348284 [p:13074][s:928263] wad_http_msg_read_hdr :785 header name=X-Content-Type-Options: id=88 invalid=0.
[V]2024-07-09 15:49:36.348293 [p:13074][s:928263] wad_http_hdr_reader_parse :1157 header line len=33 name_len=16 val_len=13 is_piggy=0 invalid=0
[V]2024-07-09 15:49:36.348303 [p:13074][s:928263] wad_http_msg_read_hdr :785 header name=X-XSS-Protection: id=101 invalid=0.
[V]2024-07-09 15:49:36.348312 [p:13074][s:928263] wad_http_hdr_reader_parse :1157 header line len=24 name_len=16 val_len=4 is_piggy=0 invalid=0
[V]2024-07-09 15:49:36.348323 [p:13074][s:928263] wad_http_msg_read_hdr :785 header name=Content-Encoding: id=21 invalid=0.
[V]2024-07-09 15:49:36.348336 [p:13074][s:928263] wad_http_hdr_reader_parse :1162 empty line.
[I]2024-07-09 15:49:36.348345 [p:13074][s:928263] wad_dump_http_resp :2644 hreq=0x7f889c7048 Received response from server:

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 09 Jul 2024 14:49:35 GMT
Content-Type: text/html
Last-Modified: Mon, 08 Jul 2024 08:49:14 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"668ba80a-fb"
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip

Traffic Analysis:

[I]2024-07-09 15:49:36.348368 [p:13074][s:928263] wad_http_fwd_non_cacheable_resp :2666 resp(0x7f8a125b68) starts processing.
[V]2024-07-09 15:49:36.348377 [p:13074][s:928263] wad_http_msg_start_setup_proc :2208 msg(0x7f8a125b68) proc-setup started from: build_fwd_resp.
[V]2024-07-09 15:49:36.348386 [p:13074][s:928263] wad_http_def_proc_msg_plan :2170 msg(0x7f8a125b68) setting up processor(build_fwd_resp)
[I]2024-07-09 15:49:36.348522 [p:13074][s:928263] wad_http_resp_setup_fwd_resp :2643 msg(0x7f8a125b68) build fwd resp!
[V]2024-07-09 15:49:36.348532 [p:13074][s:928263] wad_http_resp_build_fwd_msg :2567 msg(0x7f8a125b68)
[V]2024-07-09 15:49:36.348547 [p:13074][s:928263] wad_http_def_proc_msg_plan :2170 msg(0x7f8a125b68) setting up processor(resp_vcache_live)
[V]2024-07-09 15:49:36.348556 [p:13074][s:928263] wad_http_def_proc_msg_plan :2170 msg(0x7f8a125b68) setting up processor(resp_icap)
[V]2024-07-09 15:49:36.348564 [p:13074][s:928263] wad_http_def_proc_msg_plan :2170 msg(0x7f8a125b68) setting up processor(resp_waf)
[V]2024-07-09 15:49:36.348573 [p:13074][s:928263] wad_http_def_proc_msg_plan :2170 msg(0x7f8a125b68) setting up processor(resp_quota)
[V]2024-07-09 15:49:36.348581 [p:13074][s:928263] wad_http_def_proc_msg_plan :2170 msg(0x7f8a125b68) setting up processor(resp_roh)
[V]2024-07-09 15:49:36.348589 [p:13074][s:928263] wad_http_def_proc_msg_plan :2170 msg(0x7f8a125b68) setting up processor(resp_moh)
[V]2024-07-09 15:49:36.348597 [p:13074][s:928263] wad_http_def_proc_msg_plan :2170 msg(0x7f8a125b68) setting up processor(resp_doh)
[V]2024-07-09 15:49:36.348605 [p:13074][s:928263] wad_http_def_proc_msg_plan :2170 msg(0x7f8a125b68) setting up processor(scan)
[I]2024-07-09 15:49:36.348614 [p:13074][s:928263] wad_resp_setup_scan_proc :1864 content type for req=0x7f889c7048 is allowed
[I]2024-07-09 15:49:36.348629 [p:13074][s:928263] wad_sres_entry_find :195 svr_addr=144.64.251.248, port=8444, path=/
[I]2024-07-09 15:49:36.348648 [p:13074][s:928263] wad_http_scan_init :485 hs=0x7f8a301668 state=initialized:
ss[v] scan 0x7f89331a20 open
ss[v] *te_chunked(2050) l0 name '' ss_strm open
ss[v] *te_chunked(2050) l0 name '' chunked set state 1
ss[v] *ce_gzip(2001) l0 name '' ss_strm open
ss[v] *ce_gzip(2001) l0 name '' zlib set state dissect(1)
ss[v] *uninit(-1) l0 name '' ss_strm open
[I]2024-07-09 15:49:36.348761 [p:13074][s:928263] wad_http_avscan_alloc :4259 avscan=0x7f88c07040 state=init: strm_type=0 no_sscan=sscan check_http/data/ftp=1/0/0 now=0
[V]2024-07-09 15:49:36.348777 [p:13074][s:928263] wad_http_scan_init :528 scan setup done
[V]2024-07-09 15:49:36.348787 [p:13074][s:928263] wad_http_resp_scan_start_proc :995 resp(0x7f8a125b68)
[V]2024-07-09 15:49:36.348796 [p:13074][s:928263] wad_http_scan_start :606 hs=0x7f8a301668 state=initialized: begin
[V]2024-07-09 15:49:36.348804 [p:13074][s:928263] wad_http_scan_upd_msg :793 hs=0x7f8a301668 state=appending: hdr_len=409 body_len=0 comfort_enable=0 comfort_amount=1
[I]2024-07-09 15:49:36.348816 [p:13074][s:928263][r:7] wad_http_ipsscan__upd_msg :619 ipsscan=0x7f899a9b30 state=init: direction reverse
2024-07-09 15:49:36.348832 [p:13074][s:928263][r:7] ipsapp ses 2 queue message 0x7f8a2d49a8 len 17 dir 1
2024-07-09 15:49:36.348844 [p:13074][s:928263][r:7] ipsapp ses 2 message 0x7f8a2d49a8 expand by 15 bytes
2024-07-09 15:49:36.348853 [p:13074][s:928263][r:7] ipsapp ses 2 message 0x7f8a2d49a8 expand by 37 bytes
2024-07-09 15:49:36.348862 [p:13074][s:928263][r:7] ipsapp ses 2 message 0x7f8a2d49a8 expand by 25 bytes
2024-07-09 15:49:36.348870 [p:13074][s:928263][r:7] ipsapp ses 2 message 0x7f8a2d49a8 expand by 46 bytes
2024-07-09 15:49:36.348879 [p:13074][s:928263][r:7] ipsapp ses 2 message 0x7f8a2d49a8 expand by 28 bytes
2024-07-09 15:49:36.348887 [p:13074][s:928263][r:7] ipsapp ses 2 message 0x7f8a2d49a8 expand by 24 bytes
2024-07-09 15:49:36.348896 [p:13074][s:928263][r:7] ipsapp ses 2 message 0x7f8a2d49a8 expand by 23 bytes
2024-07-09 15:49:36.348904 [p:13074][s:928263][r:7] ipsapp ses 2 message 0x7f8a2d49a8 expand by 73 bytes
2024-07-09 15:49:36.348913 [p:13074][s:928263][r:7] ipsapp ses 2 message 0x7f8a2d49a8 expand by 29 bytes
2024-07-09 15:49:36.348936 [p:13074][s:928263][r:7] ipsapp ses 2 message 0x7f8a2d49a8 expand by 33 bytes
2024-07-09 15:49:36.348945 [p:13074][s:928263][r:7] ipsapp ses 2 message 0x7f8a2d49a8 expand by 33 bytes
2024-07-09 15:49:36.348954 [p:13074][s:928263][r:7] ipsapp ses 2 message 0x7f8a2d49a8 expand by 24 bytes
2024-07-09 15:49:36.348963 [p:13074][s:928263][r:7] ipsapp ses 2 message 0x7f8a2d49a8 expand by 2 bytes
[V]2024-07-09 15:49:36.348973 [p:13074][s:928263][r:7] wad_http_strm_read_body :949 http stream 0x7f88c5a978 body_type=1 body_len=18446744073709551615
[V]2024-07-09 15:49:36.348984 [p:13074][s:928263][r:7] wad_http_chunk_size_line_parse :1382 Get chunk size=191 line.
[V]2024-07-09 15:49:36.348993 [p:13074][s:928263][r:7] wad_http_mstrm_seg_start :1138 http body segment type=2, len=18446744073709551615, fwd_len=0, buff_len=0, start=191
[V]2024-07-09 15:49:36.349006 [p:13074][s:928263][r:7] wad_http_mstrm_proc_buf :1186 len =4, buff_len=202
[V]2024-07-09 15:49:36.349016 [p:13074][s:928263][r:7] wad_http_strm_in :425 http stream 0x7f88c5a978 len=4 ret=1
[V]2024-07-09 15:49:36.349025 [p:13074][s:928263][r:7] wad_http_mstrm_seg_start :1138 http body segment type=0, len=191, fwd_len=0, buff_len=4, start=0
[V]2024-07-09 15:49:36.349036 [p:13074][s:928263][r:7] wad_http_mstrm_proc_buf :1186 len =191, buff_len=198
[V]2024-07-09 15:49:36.349044 [p:13074][s:928263][r:7] wad_http_strm_in :425 http stream 0x7f88c5a978 len=191 ret=1
[V]2024-07-09 15:49:36.349053 [p:13074][s:928263][r:7] wad_http_chunk_size_line_parse :1382 Get chunk size=0 line.
[V]2024-07-09 15:49:36.349062 [p:13074][s:928263][r:7] wad_http_mstrm_seg_start :1138 http body segment type=2, len=18446744073709551615, fwd_len=0, buff_len=195, start=0
[V]2024-07-09 15:49:36.349072 [p:13074][s:928263][r:7] wad_http_mstrm_proc_buf :1186 len =5, buff_len=7
[V]2024-07-09 15:49:36.349080 [p:13074][s:928263][r:7] wad_http_strm_in :425 http stream 0x7f88c5a978 len=5 ret=1
[V]2024-07-09 15:49:36.349090 [p:13074][s:928263][r:7] wad_http_mstrm_proc_buf :1186 len =2, buff_len=2
[V]2024-07-09 15:49:36.349099 [p:13074][s:928263][r:7] wad_http_strm_in :425 http stream 0x7f88c5a978 len=2 ret=1
[V]2024-07-09 15:49:36.349108 [p:13074][s:928263][r:7] wad_http_strm_read_chunk_trailer :541 len=2, has_data=0
[I]2024-07-09 15:49:36.349117 [p:13074][s:928263][r:7] wad_http_strm_read_body_done :470 http stream 0x7f88c5a978 graceful=1.
[V]2024-07-09 15:49:36.349126 [p:13074][s:928263][r:7] wad_http_scan_upd_msg :793 hs=0x7f8a301668 state=appending: hdr_len=409 body_len=0 comfort_enable=0 comfort_amount=1
ss[v] scan 0x7f89331a20 sync, write_end 1 resync 0
ss[v] scan 0x7f89331a20 write 202
ss[v] *te_chunked(2050) l0 name '' sync, end 1 decomp_err 0
ss[v] *te_chunked(2050) l0 name '' chunked 0x7f8a0a8448 sync
ss[v] *te_chunked(2050) l0 name '' chunked dec output 191 status 0
ss[v] *ce_gzip(2001) l0 name '' sync, end 1 decomp_err 0
ss[v] *ce_gzip(2001) l0 name '' zlib 0x7f88db9a68 sync
ss[v] *ce_gzip(2001) l0 name '' dissect
ss[v] *ce_gzip(2001) l0 name '' zlib set state init_gzip(2)
ss[w] *ce_gzip(2001) l0 name '' init gzip
ss[v] *ce_gzip(2001) l0 name '' zlib set state decompress(6)
ss[v] *ce_gzip(2001) l0 name '' decompression
ss[v] *uninit(-1) l0 name '' sync, end 1 decomp_err 0
ss[v] *uninit(-1) l0 name '' filetype detector sync
ss[v] file '' type: html(8)
ss[v] html(8) l0 name '' file detection done, type 8, password_protected 0, scanunit_only 0
[I]2024-07-09 15:49:36.349366 [p:13074][s:928263][r:7] wad_http_sscan_proc_open :5409 avscan=0x7f88c07040 state=init: file-filter not applied file-filter not enabled .
[I]2024-07-09 15:49:36.349379 [p:13074][s:928263][r:7] wad_http_sscan_proc_open :5506 avscan=0x7f88c07040 state=init: open proc expected size=18446744073709551615
ss[v] html(8) l0 name '' filetype detector close
[I]2024-07-09 15:49:36.349411 [p:13074][s:928263][r:7] wad_sscan_av_init_scan_req :4368 allocated lscan req=0x7f88b3c218 len=251
ss[v] enable databases 1f (core avai mmdb fsa extended)
ss[v] scan resume with filetype 8, basetype 20
ss[v] scan file '' bytes 251
ss[v] scan result 0 error 0
[I]2024-07-09 15:49:36.354193 [p:13074][s:928263][r:7] wad_sscan_av_lscan_proc :4568 avscan=0x7f88c07040 state=init: action=pass
[I]2024-07-09 15:49:36.354217 [p:13074][s:928263][r:7] wad_sscan_av_sync :5013 avscan=0x7f88c07040 state=init: scan done, abort strm

[I]2024-07-09 15:49:36.354242 [p:13074][s:928263][r:7] wad_http_scan_engine__on_scan_done:1260 hs=0x7f8a301668 engine=sscan state=init: scan complete: action=pass resp_type=pass
[I]2024-07-09 15:49:36.354260 [p:13074][s:928263][r:7] wad_http_scan_handle_finished :1136 hs=0x7f8a301668 state=appending: waiting for other engines: engine(name=sscan state=done utm=no) engine(name=ipsscan state=init utm=no)
ss[v] scan 0x7f89331a20 closed
[I]2024-07-09 15:49:36.354288 [p:13074][s:928263][r:7] wad_http_sscan_impl_close :5051 avscan(0x7f88c07040) sscan is closed!
[I]2024-07-09 15:49:36.354300 [p:13074][s:928263][r:7] wad_http_ipsscan__upd_msg :619 ipsscan=0x7f899a9b30 state=proc_body: direction reverse
2024-07-09 15:49:36.354317 [p:13074][s:928263][r:7] ipsapp ses 2 message 0x7f8a2d49a8 expand by 202 bytes
[V]2024-07-09 15:49:36.354333 [p:13074][s:928263][r:7] wad_http_sstrm_read_sync :1607 hs=0x7f88ddc8e8 pause=(0/0x0) ret=1 execute=wad_http_srv_unexpected
[I]2024-07-09 15:49:36.354349 [p:13074][s:928263][r:7] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f048/7 cts 2 pts 3 hs 34/34 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/53 cti 0/0 ci 0/0/5 cto 0/0 wb 0/0
[V]2024-07-09 15:49:36.354368 [p:13074][s:928263][r:7] wad_tcp_port_window_adjust :463 tcp_port 0x7f88cca190 window-type 0 set 1 SNDBUF 327680 RCVBUF 327680
2024-07-09 15:49:36.354388 [p:13074] ipsapp ses 2 send msg 2 len 611 dir 1 count 1
[V]2024-07-09 15:49:36.354400 [p:13074] wad_mem_c_malloc :138 size 65568 exceeds max_elm_size (18396); not using bucket
2024-07-09 15:49:36.354426 [p:13074] ipsapp ses 2 send writing msg 0 of 1, for length 611
2024-07-09 15:49:36.356727 [p:13074] ipsapp us 120 write (1,851)
[V]2024-07-09 15:49:36.356767 [p:13074] wad_mem_c_free :176 freeing memory not in bucket
[V]2024-07-09 15:49:36.356863 [p:13074] wad_mem_c_malloc :138 size 65568 exceeds max_elm_size (18396); not using bucket
2024-07-09 15:49:36.356888 [p:13074] ipsapp us 120 read (0,65536)
2024-07-09 15:49:36.356909 [p:13074] ipsapp ses 2 msg 2 eval response dir 1 act 0 app 0 proto 0 tlv_len 0
[I]2024-07-09 15:49:36.356921 [p:13074][s:928263][r:7] wad_http_ipsscan__ips_app__action :778 ipsscan=0x7f899a9b30 state=proc_body: action=permit len=611 tlv_len=0
[V]2024-07-09 15:49:36.356933 [p:13074][s:928263][r:7] wad_http_scan_engine__on_unblock :1394 hs=0x7f8a301668 engine=ipsscan state=init: unblocking: current=unblocked
[I]2024-07-09 15:49:36.356946 [p:13074][s:928263][r:7] wad_http_ipsscan_handle_result :347 ipsscan=0x7f899a9b30 state=proc_body: action=pass resp_type=pass
[I]2024-07-09 15:49:36.356956 [p:13074][s:928263][r:7] wad_http_scan_engine__on_scan_done:1260 hs=0x7f8a301668 engine=ipsscan state=init: scan complete: action=pass resp_type=pass
[I]2024-07-09 15:49:36.356971 [p:13074][s:928263][r:7] wad_http_scan_handle_finished :1151 hs=0x7f8a301668 state=scanning: result(action=pass resp_type=pass): engine(name=sscan state=done utm=no) engine(name=ipsscan state=done utm=no)
[I]2024-07-09 15:49:36.356983 [p:13074][s:928263][r:7] wad_http_finish_scan_proc :908 HTTP req=0x7f889c7048 action=pass
[I]2024-07-09 15:49:36.356992 [p:13074][s:928263][r:7] wad_http_scan_ack_result :865 hs=0x7f8a301668 state=scanning: action=pass resp_type=pass
[I]2024-07-09 15:49:36.357027 [p:13074][s:928263][r:7] wad_http_scan_finished_proc :886 HTTP req=0x7f889c7048 hdr_len=409 body_len=202 msg_done=1
[V]2024-07-09 15:49:36.357038 [p:13074][s:928263][r:7] wad_http_def_proc_msg_plan :2170 msg(0x7f891f0dc8) setting up processor(resp_ce)
[V]2024-07-09 15:49:36.357048 [p:13074][s:928263][r:7] wad_http_def_proc_msg_plan :2170 msg(0x7f891f0dc8) setting up processor(resp_vs)
[V]2024-07-09 15:49:36.357057 [p:13074][s:928263][r:7] wad_http_def_proc_msg_plan :2170 msg(0x7f891f0dc8) setting up processor(resp_forward)
[I]2024-07-09 15:49:36.357068 [p:13074][s:928263][r:7] wad_dump_fwd_http_resp :2636 hreq=0x7f889c7048 Forward response from Server:

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 09 Jul 2024 14:49:35 GMT
Content-Type: text/html
Last-Modified: Mon, 08 Jul 2024 08:49:14 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"668ba80a-fb"
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip

[V]2024-07-09 15:49:36.357094 [p:13074][s:928263][r:7] wad_ssl_app_port_out_ops_read :17710 sp=0x7f88a1f3f0/6 plain down stream len=17 closed=0
[V]2024-07-09 15:49:36.357106 [p:13074][s:928263][r:7] wad_ssl_app_port_out_ops_read :17710 sp=0x7f88a1f3f0/6 plain down stream len=15 closed=0
[V]2024-07-09 15:49:36.357115 [p:13074][s:928263][r:7] wad_ssl_app_port_out_ops_read :17710 sp=0x7f88a1f3f0/6 plain down stream len=37 closed=0
[V]2024-07-09 15:49:36.357124 [p:13074][s:928263][r:7] wad_ssl_app_port_out_ops_read :17710 sp=0x7f88a1f3f0/6 plain down stream len=25 closed=0
[V]2024-07-09 15:49:36.357133 [p:13074][s:928263][r:7] wad_ssl_app_port_out_ops_read :17710 sp=0x7f88a1f3f0/6 plain down stream len=46 closed=0
[V]2024-07-09 15:49:36.357142 [p:13074][s:928263][r:7] wad_ssl_app_port_out_ops_read :17710 sp=0x7f88a1f3f0/6 plain down stream len=28 closed=0
[V]2024-07-09 15:49:36.357151 [p:13074][s:928263][r:7] wad_ssl_app_port_out_ops_read :17710 sp=0x7f88a1f3f0/6 plain down stream len=24 closed=0
[V]2024-07-09 15:49:36.357160 [p:13074][s:928263][r:7] wad_ssl_app_port_out_ops_read :17710 sp=0x7f88a1f3f0/6 plain down stream len=23 closed=0
[V]2024-07-09 15:49:36.357169 [p:13074][s:928263][r:7] wad_ssl_app_port_out_ops_read :17710 sp=0x7f88a1f3f0/6 plain down stream len=73 closed=0
[V]2024-07-09 15:49:36.357178 [p:13074][s:928263][r:7] wad_ssl_app_port_out_ops_read :17710 sp=0x7f88a1f3f0/6 plain down stream len=29 closed=0
[V]2024-07-09 15:49:36.357187 [p:13074][s:928263][r:7] wad_ssl_app_port_out_ops_read :17710 sp=0x7f88a1f3f0/6 plain down stream len=33 closed=0
[V]2024-07-09 15:49:36.357196 [p:13074][s:928263][r:7] wad_ssl_app_port_out_ops_read :17710 sp=0x7f88a1f3f0/6 plain down stream len=33 closed=0
[V]2024-07-09 15:49:36.357205 [p:13074][s:928263][r:7] wad_ssl_app_port_out_ops_read :17710 sp=0x7f88a1f3f0/6 plain down stream len=24 closed=0
[V]2024-07-09 15:49:36.357214 [p:13074][s:928263][r:7] wad_ssl_app_port_out_ops_read :17710 sp=0x7f88a1f3f0/6 plain down stream len=2 closed=0
[V]2024-07-09 15:49:36.357224 [p:13074][s:928263][r:7] wad_ssl_app_port_out_ops_sync :17780 sp=0x7f88a1f3f0/6 plain down stream state=3
[I]2024-07-09 15:49:36.357234 [p:13074][s:928263][r:7] wad_ssl_app_port_txn_write :17666 wsp=0x7f88a1f3f0/6 sync plain down stream len=409
[I]2024-07-09 15:49:36.357249 [p:13074][s:928263][r:7] wad_ssl_app_port_txn_write :17679 wsp=0x7f88a1f3f0/6 total fwded len=409, status 0
[I]2024-07-09 15:49:36.357259 [p:13074][s:928263][r:7] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f3f0/6 cts 2 pts 3 hs 34/28 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/32 cti 0/0 ci 0/0/5 cto 1/409 wb 0/0

Traffic Encryption and Forward to Client (HTTP OK).

[V]2024-07-09 15:49:36.357858 [p:13074][s:928263][r:7] wad_ssl_port_caps_on_enc_start :15012 sp=0x7f88a1f3f0/6 enc start 0x7f898c4240 type 23 ver 0303 len 409 (48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 0d 0a 44 61 74 65 3a 20 54 75 65 2c 20 30 39 20 4a 75 6c 20 32 30 32 34 20 31 34 3a 34 39 3a 33 35 20 47 4d 54 0d 0a 43 6f 6e
74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 30 38 20 4a 75 6c 20 32 30 32 34 20 30 38 3a 34 39 3a 31 34 20 47 4d 54 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 6b 65 65 70 2d 61 6c 69 76 65 0d 0a 45 54 61 67 3a 20 5
7 2f 22 36 36 38 62 61 38 30 61 2d 66 62 22 0d 0a 53 74 72 69 63 74 2d 54 72 61 6e 73 70 6f 72 74 2d 53 65 63 75 72 69 74 79 3a 20 6d 61 78 2d 61 67 65 3d 36 33 30 37 32 30 30 30 3b 20 69 6e 63 6c 75 64 65 53 75 62 44 6f 6d 61 69 6e 73 3b 20 70 72 65 6c 6f 61 64 0d
[V]2024-07-09 15:49:36.358205 [p:13074][s:928263][r:7] wad_ssl_port_caps_on_enc_done :15039 sp=0x7f88a1f3f0/6 enc done 0x7f898c4240 type 23 ver 0303 status 0 len 431 (17 03 03 01 aa 4e 5c 31 f0 fb 06 82 a7 74 ea a6 34 6b 80 de 18 40 5e 03 07 cc 13 21 05 f6 a4 bb 33 af 91 77 93 1a 70 e3 ad 9f c4 8e 2a c1 fe 64 71 76 f1 6e f3 61 ed 21 dc 8b ab 59 6c eb 5b e3 2f d6 b2 9f 09 4
c a1 a7 54 e8 12 d4 ee 9c 2b 06 d0 dd b3 e0 52 d0 bd 95 4a b8 46 ab 45 53 6c 37 e0 32 ee b5 31 8d f8 6c 3b b7 b2 b0 38 11 a7 1d aa 6f e7 95 c7 f9 84 e2 74 a3 e8 a3 09 89 1c 78 01 9a 12 8a ef 5f 22 8f 4a 18 e7 ea 3c 14 4e 97 0b 92 b1 65 e9 40 bc 03 74 07 0c 7e 10 28 f3 32 60 f5 df 08 e2 70 0a 5d c0 c7 25 58 2d 61 44 07 90 76 0a 26 ac 85 34 6b f7 25 cf 33 03 3d be 3b 29 c0 5b 92
d0 90 de 37 42 bb 17 ce f2 c0 51 05 8e 63 b9 b3 84 b8 e8 e6 e2 60 06 e3 63 57 72 16 ce a5 e2 3d 24 e3 4d 7b 79 52 68 40 03 e5 53 d8 5f 7a d2 40 8d 51 64 49 1f 4a c7 d2 cc 7c 71 9e ff b5 e2 3b e3 76 13 da 15 10 0d 7b 51 7e fa 58 67 75 4c 80 e0 05 d3 5d 55 1e db 25
[V]2024-07-09 15:49:36.358231 [p:13074][s:928263][r:7] wad_ssl_sock_port_fts_in_write :15780 sp=0x7f88a1f3f0/6 start=0 len=431
[V]2024-07-09 15:49:36.358242 [p:13074][s:928263][r:7] wad_ssl_sock_port_out_ops_sync :17172 sp=0x7f88a1f3f0/6 state=3 fts-input=431 proxy-input=0
[V]2024-07-09 15:49:36.358252 [p:13074][s:928263][r:7] wad_ssl_sock_port_exec_dn_forward :16932 sp=0x7f88a1f3f0/6 ib-len=431
[V]2024-07-09 15:49:36.358263 [p:13074][s:928263][r:7] wad_tcp_port_out_read_sync :944 tcp_port(0x7f88cca048) sync 431
[I]2024-07-09 15:49:36.358272 [p:13074][s:928263][r:7] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f3f0/6 cts 2 pts 3 hs 34/28 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/32 cti 0/0 ci 0/0/5 cto 0/0 wb 0/0
[V]2024-07-09 15:49:36.358291 [p:13074][s:928263][r:7] wad_ssl_app_port_out_ops_read_br :17731 sp=0x7f88a1f3f0/6 plain down stream len=202
[V]2024-07-09 15:49:36.358302 [p:13074][s:928263][r:7] wad_ssl_app_port_out_ops_sync :17780 sp=0x7f88a1f3f0/6 plain down stream state=3
[I]2024-07-09 15:49:36.358312 [p:13074][s:928263][r:7] wad_ssl_app_port_txn_write :17666 wsp=0x7f88a1f3f0/6 sync plain down stream len=202
[I]2024-07-09 15:49:36.358323 [p:13074][s:928263][r:7] wad_ssl_app_port_txn_write :17679 wsp=0x7f88a1f3f0/6 total fwded len=202, status 0
[I]2024-07-09 15:49:36.358332 [p:13074][s:928263][r:7] wad_ssl_port_caps_on_task :12099 wsp=0x7f88a1f3f0/6 cts 2 pts 3 hs 34/28 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/32 cti 0/0 ci 0/0/5 cto 1/202 wb 0/0

Enter process context:

diagnose test application wad 2200

set diagnosis process: type=worker index=0 pid=13074

After entering the context, list the port information to find Client -> Proxy and Proxy -> Server specifics.

Display TCP Port Information:

diagnose test application wad 22
TCP stats: active=2 accepts=1775 connects=30 accept_err=0
connect_err=0 bind_fails=0 make_failure=0 connected=30
too_many_write_blocks=0 read_end_write_blocked=0
timer start/timeout=1778/12
TCP port=0x7f88cca048 ses_ctx=0x7f88db5568 sock=116/116 is_conn=0 state=2 <- Client/Proxy.
process=0 snfbuf=327680 rcvbuf=327680
closed(grace/out/in/sock)=0(0/0/0/0)
85.245.105.249:60006-->144.64.251.248:8444
TCP port=0x7f88cca190 ses_ctx=0x7f88db5568 sock=121/121 is_conn=0 state=2 <- Proxy/Server.
process=0 snfbuf=327680 rcvbuf=327680
closed(grace/out/in/sock)=0(0/0/0/0)
85.245.105.249:60006-->144.64.251.248:8444
TCP port: without_ses_ctx:0 with_ses_ctx:2

Use this information to analyze the WAD debug.

Troubleshooting Tip: WAD Debugging - VIP Example (Deep Inspection)

You are leaving our website