Log Registration Decoy SNI at registration [gitlab]

[jmwample]

On detector log the hostame in the HTTP request indicating the host associated with the individual registration received. This will supplement the ip address as more than one hostname may be used per reg decoy and they may fail in different ways.

note that tcp_pkt in check_registration does not have direct access. we will need to do some elligator magic or get the sni out of the tls packet somehow.

original submission: 12/10/2019

[jmwample]

To capture the hostname associated with each flow we can parse it from the SNI of the TLS clienthello, store it in the FlowTracker object, and print it when a new registrations is found by the check_dark_decoy_tag function.

original comment: 12/18/2019