-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Feature request] Report JA3 cleint and JA3/S server TLS fingerprints when running client simulations #2350
Comments
Delicates
changed the title
Report JA3 cleint and JA3/S server TLS fingerprints when running client simulations
[Feature request] Report JA3 cleint and JA3/S server TLS fingerprints when running client simulations
Mar 26, 2023
The thing with those fingerprints are:
In general I like the idea though. (It interested e ages ago, gave talks by that time what a ClientHello will tell an adversary bc I everybody seemed to assume TLS is a VPN). |
What could be done is sending the client handshakes and wiresharking those. Last time I tried it contained the JA3 strings. Don't know how accurate those are as supposed to real life |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Which version are you referring to
3.2rc2 (default 3.1dev branch)
Describe your feature request (if it's a technical feature)
In the Running client simulations via sockets section report JA3 client TLS fingerprint and JA3/S server TLS fingerprint for each simulation.
https://github.com/salesforce/ja3
Describe the solution you'd like
Could be an optional --ja3 flag that adds an extra line underneath each simulation printing JA3 and JA3/S TLS fingerprints.
Or alternatively could be appended at the end of each simulation output line.
In the Testing server defaults (Server Hello) section change "Fingerprints" to "Certificate Fingerprints" to avoid ambiguity.
The text was updated successfully, but these errors were encountered: