Skip to main content

2024.10.20 Release Note

· 5 min read

October release comes with 1 major feature and various bug fixes:

  • Spider now captures TLS secrets live and deciphers TLS encrypted communications: HTTPS, MQTTS, secured DB connections...

Upgrade risk

info
  • No compatibility issue 👍
warning
  • Breaking change - This version requires that you add a gocipher block in your values.yaml

Key changes

How to upgrade

  1. Use Helm chart 4.1.0 from repository
  2. Adjust global.version field value to 2024.10.20 in your values.yaml
  3. Add a gocipher block at the root of your values.yaml
gocipher:
createLocalGocipher: true #switch to 'false' after installation when using ArgoCD
privateKey: '-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQ ... MjqWemsmi6d/ZxUpFM\n-----END RSA PRIVATE KEY-----'
publicKey: '-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFA ... +c7k4snx\noQIDAQAB\n-----END PUBLIC KEY-----'
  1. Deploy
tip

See Reference documentation for details.

Versions

Spider

New versions of Spider components:

ComponentVersionDocker tag
Helm chart4.1.0-
Analysis UI11.02024.10.20
Controllers1.52024.10.20
Gossipers7.12024.10.20
Gociphers1.02024.10.20
Back office-2024.10.20
Login UI-2024.10.20
Monitoring UI-2024.10.20

Dependencies

These components are set up in the correct versions by the Helm chart:

DependencyVersionDocker tag
Elastic stack7.17.47.17.4
Redis77-alpine
Traefik2.112.11

Compatibility

Spider has been successfully tested under these versions of dependencies:

3rd party softwareVersion
Helm3.14
Kube1.24 - 1.28

List of changes

Helm chart

✨ New features
  • New services to manage Gocipher and TLS keys
  • New indices to store Gociphers and Ciphers statuses
⚙️ Improvements
  • Manage several Controllers on same cluster
🐞 Bug fixes

Analysis UI

✨ New features
  • Manage TLS capture configuration on Whisperers + few improvements related to TLS
  • Decode TLS sessions in TCP content tab
  • Manage partial keys (to decode handshake only when handshake fails)
  • Download PcapNg to open on Wireshark
  • Upload PcapNg (Spider's ones)
  • Manage Gociphers
    • New icon in menu
    • Creation, search, update, deletion
    • Status tab
    • Targets list tab
    • Share tab
    • Installation tab
  • TLS tab in Whisperers details to list Targets linked to this Whisperer
  • Gociphers tab in user profile
⚙️ Improvements
  • Installation tabs of Whisperers and Controllers have been improved
  • Whisperer agent has been deprecated (choice of agent removed in Attachment tab)
  • Timeline Quality line includes TCP parsing info
🐞 Bug fixes
  • Filter selected feature was not creating a timespan selection big enough
  • Display of selected time range was too big by 1 hour

Controllers

✨ New features
  • API for Gociphers to get list of Pods to target
⚙️ Improvements
🐞 Bug fixes

Gossipers (Whisperers)

✨ New features
  • Parse TLS layer in packet to extract client random
⚙️ Improvements
🐞 Bug fixes

Gociphers

✨ New features
  • First release
  • Capture TLS keys using eBPF
  • TLS 1.3 support from OpenSSL 1.1.1 to 3.0.x
  • Supports targets as containers, pid or executable path
  • Complete with status, multi targets, scalability, low resource usage etc.
  • Optimised to avoid duplicates and too many exchanges between uprobes and user space
⚙️ Improvements
🐞 Bug fixes

Back office

✨ New features
  • Remove WebWriteWarning as parsing quality is great
  • Whisps, PackWrite, WebWrite, TcpUpdate, TcpWrite, TcpRead: manage TLS parsing
  • Ciphers-Status poller, Ciphers-Raw-Status-Poller to synchronise statuses to ElasticSearch
  • Ciphers-Status-Agg service to aggregate Gociphers statuses
  • Ciphers-Status service to store Gociphers status
  • Ciphers service to manage Gociphers
⚙️ Improvements
🐞 Bug fixes
  • Index automatic migration was not purging Cache properly during migration

Login UI

✨ New features
⚙️ Improvements
🐞 Bug fixes

Monitoring UI

✨ New features
  • New Gociphers screen
  • Gociphers and related services on map with integrated status
⚙️ Improvements
  • Updated Parsing screen with TLS parsing info
🐞 Bug fixes
  • ES storage and load graphics were taking DSP into account. Filter them out.

Online documentation

Updated parts:

  • Helmchart reference
  • Installing Gociphers
  • Features list
  • PcapNG export in TCP tabs
  • TLS captured data
  • Microservices default configurations
  • TLS tab in Whisperer details
  • Gociphers tab in User profiles
  • Deprecate Whisperers agent
  • Remove second parsing step
  • Monitoring screens: Gociphers, Parsing, Summary
  • OpenAPI of new services and updated service

API impacts

note

This section informs about any impact on Spider API, so you may adjust your scripts.

Only new APIs or new fields.

Data impacts

note

The table below tells if there are data mapping changes in Elasticsearch indices, associated or not with migrations (Yes ✅ / No ❌).
Migration are automated at upgrade time, but they may leave unattended indices that you have to remove manually.

IndexDescriptionMigration
CiphersNew indexN/A
Ciphers statusNew indexN/A
HttpComsNew field indexed: stats.withTLSN/A