more text tweaks
This commit is contained in:
parent
763458fbf1
commit
690bb167a4
2
DOC.md
2
DOC.md
|
@ -40,7 +40,7 @@ The outline of the `v1` output is:
|
|||
"ocsp_stapling_support": false,
|
||||
"sct_support": false,
|
||||
"ja3": "...",
|
||||
"ja3_md5": "..."
|
||||
"ja3_md5": "...",
|
||||
"nja3v1": "...",
|
||||
"nja3v1_sha256_128": "..."
|
||||
}
|
||||
|
|
|
@ -8,7 +8,7 @@ SPDX-License-Identifier: BSD-3-Clause
|
|||
|
||||
This test:
|
||||
|
||||
* reflects the complete [Client Hello](https://tls13.xargs.org/#client-hello) message in multiple forms, preserving the order in which TLS parameters and extensions are sent;
|
||||
* reflects the complete [Client Hello](https://tls13.xargs.org/#client-hello) message in multiple formats, preserving the order in which TLS parameters and extensions are sent;
|
||||
* can be used to check for TLS privacy pitfalls ([session resumption](https://svs.informatik.uni-hamburg.de/publications/2018/2018-12-06-Sy-ACSAC-Tracking_Users_across_the_Web_via_TLS_Session_Resumption.pdf), [TLS fingerprinting](https://tlsfingerprint.io/), [system time exposure](https://datatracker.ietf.org/doc/html/draft-mathewson-no-gmtunixtime));
|
||||
* supports both HTTP and [Gemini](https://geminiprotocol.net/) on the same port;
|
||||
* is [free as in freedom](https://www.gnu.org/philosophy/free-sw.en.html) and trivial to self-host.
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# TLS Client Hello Mirror
|
||||
|
||||
This service reflects your browser's TLS Client Hello message in multiple forms. It can be used directly or in CI tests to check for TLS privacy pitfalls (session resumption, fingerprinting, system time exposure) and security shortcommings (deprecated TLS versions, weak cipher suites, missing features, etc).
|
||||
This service presents your browser's TLS Client Hello message in multiple formats. It can be used directly or in CI tests to check for TLS privacy pitfalls (session resumption, fingerprinting, system time exposure) and security shortcomings (deprecated TLS versions, weak cipher suites, missing features, etc).
|
||||
|
||||
=> https://tildegit.org/nervuri/client-hello-mirror#tls-client-hello-mirror Details here
|
||||
|
||||
|
@ -50,7 +50,9 @@ This service reflects your browser's TLS Client Hello message in multiple forms.
|
|||
* NJA3v1: {{.NJA3v1}}
|
||||
* NJA3v1 SHA256/128: {{.NJA3v1Hash}}
|
||||
|
||||
Parameters in the Client Hello message differ between clients, enabling servers and on-path observers to detect what browser you are likely using (down to its version, or a range of versions) by deriving its fingerprint from said parameters. JA3 is a simple and popular type of TLS fingerprint. NJA3 is a similar style of fingerprint which aims to improve the robustness and accuracy of JA3.
|
||||
Parameters in the Client Hello message differ between clients, enabling servers and on-path observers to detect what browser you are likely using (down to its version, or a range of versions) by deriving its fingerprint from said parameters. Worse, if you change any TLS-related settings, your TLS fingerprint becomes specific to a much smaller group of users, possibly even to you alone.
|
||||
|
||||
JA3 is a simple and popular type of TLS fingerprint. NJA3 is a similar style of fingerprint which aims to improve the robustness and accuracy of JA3.
|
||||
|
||||
=> https://engineering.salesforce.com/tls-fingerprinting-with-ja3-and-ja3s-247362855967/ TLS Fingerprinting with JA3 and JA3S
|
||||
=> https://tildegit.org/nervuri/client-hello-mirror/src/branch/master/NJA3.md NJA3 documentation
|
||||
|
|
|
@ -20,7 +20,7 @@ SPDX-License-Identifier: BSD-3-Clause
|
|||
<main>
|
||||
<h1>TLS Client Hello Mirror</h1>
|
||||
|
||||
<p>This service reflects your browser's TLS <a href="https://tls13.xargs.org/#client-hello" target="_blank">Client Hello</a> message in multiple forms. It can be used directly or in CI tests to check for TLS privacy pitfalls (<a href="https://svs.informatik.uni-hamburg.de/publications/2018/2018-12-06-Sy-ACSAC-Tracking_Users_across_the_Web_via_TLS_Session_Resumption.pdf" target="_blank">session resumption</a>, <a href="https://tlsfingerprint.io/" target="_blank">fingerprinting</a>, <a href="https://datatracker.ietf.org/doc/html/draft-mathewson-no-gmtunixtime" target="_blank">system time exposure</a>) and security shortcommings (deprecated TLS versions, weak cipher suites, missing features, etc). <a href="https://tildegit.org/nervuri/client-hello-mirror#tls-client-hello-mirror" target="_blank">Details here</a>.</p>
|
||||
<p>This service presents your browser's TLS <a href="https://tls13.xargs.org/#client-hello" target="_blank">Client Hello</a> message in multiple formats. It can be used directly or in CI tests to check for TLS privacy pitfalls (<a href="https://svs.informatik.uni-hamburg.de/publications/2018/2018-12-06-Sy-ACSAC-Tracking_Users_across_the_Web_via_TLS_Session_Resumption.pdf" target="_blank">session resumption</a>, <a href="https://tlsfingerprint.io/" target="_blank">fingerprinting</a>, <a href="https://datatracker.ietf.org/doc/html/draft-mathewson-no-gmtunixtime" target="_blank">system time exposure</a>) and security shortcomings (deprecated TLS versions, weak cipher suites, missing features, etc). <a href="https://tildegit.org/nervuri/client-hello-mirror#tls-client-hello-mirror" target="_blank">Details here</a>.</p>
|
||||
|
||||
<h3>API endpoints</h3>
|
||||
<ul>
|
||||
|
@ -105,7 +105,8 @@ SPDX-License-Identifier: BSD-3-Clause
|
|||
<li><b>NJA3v1:</b> <code>{{.NJA3v1}}</code></li>
|
||||
<li><b>NJA3v1 SHA256/128:</b> <code class="hash">{{.NJA3v1Hash}}</code></li>
|
||||
</ul>
|
||||
<p>Parameters in the Client Hello message differ between clients, enabling servers and on-path observers to detect what browser you are likely using (down to its version, or a range of versions) by deriving its fingerprint from said parameters. JA3 is a simple and popular type of TLS fingerprint. NJA3 is a similar style of fingerprint which aims to improve the robustness and accuracy of JA3.</p>
|
||||
<p>Parameters in the Client Hello message differ between clients, enabling servers and on-path observers to detect what browser you are likely using (down to its version, or a range of versions) by deriving its fingerprint from said parameters. Worse, if you change any TLS-related settings, your TLS fingerprint becomes specific to a much smaller group of users, possibly even to you alone.</p>
|
||||
<p>JA3 is a simple and popular type of TLS fingerprint. NJA3 is a similar style of fingerprint which aims to improve the robustness and accuracy of JA3.</p>
|
||||
<ul>
|
||||
<li><a href="https://engineering.salesforce.com/tls-fingerprinting-with-ja3-and-ja3s-247362855967/" target="_blank">TLS Fingerprinting with JA3 and JA3S</a></li>
|
||||
<li><a href="https://tildegit.org/nervuri/client-hello-mirror/src/branch/master/NJA3.md" target="_blank">NJA3 documentation</a></li>
|
||||
|
|
Loading…
Reference in New Issue