nervuri
/
client-hello-mirror
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: nervuri:4bcd168abcf1d8a066ff5cb66164f899085f72a2
Branches Tags
nervuri:master
nervuri:v1.1.2
nervuri:v1.1.1
nervuri:v1.1.0
nervuri:v1.0.0
...
compare: nervuri:f599e0ca70c6cd45cd5b88930e55bc5c1b060576
Branches Tags
nervuri:master
nervuri:v1.1.2
nervuri:v1.1.1
nervuri:v1.1.0
nervuri:v1.0.0

2 Commits
4bcd168abc ... f599e0ca70

Author SHA1 Message Date
nervuri f599e0ca70 minor text tweaks 2023-09-25 11:39:27 +00:00
nervuri adfc6de641 Makefile: don't include build ID in release build 
Build ID may negatively affect reproducibility.
 2023-09-25 11:36:11 +00:00
3 changed files with 4 additions and 4 deletions
Show Stats Expand all files Collapse all files

2
Makefile
View File

@ -10,7 +10,7 @@ dev:
.PHONY: release
release: check
mkdir -p build
CGO_ENABLED=0 go build -buildmode=pie -trimpath -ldflags="-s -w" -o build/client-hello-mirror
CGO_ENABLED=0 go build -buildmode=pie -trimpath -ldflags="-s -w -buildid=" -o build/client-hello-mirror
.PHONY: check
check:

2
NJA3.md
View File

@ -21,7 +21,7 @@ NJA3 is an algorithm for deriving a fingerprint string from a TLS Client Hello m
Points 1 and 2 aim to make the fingerprint stable in the face of predictable variations in a client's TLS Client Hello message. Extension codes are sorted as an adaptation to [Chromium having randomized the ordering of extensions](https://www.fastly.com/blog/a-first-look-at-chromes-tls-clienthello-permutation-in-the-wild), and several extensions are excluded - namely extensions that clients are known to only send some of the time. Most extensions in the exclusion list are taken from Troy Kent's ["(JA) 3 Reasons to Rethink Your Encrypted Traffic Analysis Strategies"](https://www.youtube-nocookie.com/embed/C93ivdcVL3A).
Points 3-5 make the fingerprint more accurate. NJA3 contains values from within `supported_versions`, `signature_algorithms`, `psk_key_exchange_modes` and `compress_certificate` - extensions that were standardized after JA3 was conceived. The TLS version from the record header is now also included. Each GREASE value is changed to `0x0A0A` (if 16-bit) or `0x0B` (if 8-bit) and its position within each code group is preserved (which is also [what mercury does](https://github.com/cisco/mercury/blob/main/doc/npf.md#tls)). MD5 is replaced with a more collision-resistant hash, while preserving MD5's convenient 16 byte length (again, something which [mercury does as well](https://github.com/cisco/mercury/blob/main/doc/npf.md#hash-representation)).
Points 3-5 make the fingerprint more accurate. NJA3 adds values from within `supported_versions`, `signature_algorithms`, `psk_key_exchange_modes` and `compress_certificate` - extensions that were standardized after JA3 was conceived. The TLS version from the record header is now also included. Each GREASE value is changed to `0x0A0A` (if 16-bit) or `0x0B` (if it's a PskKeyExchangeMode) and its position within each code group is preserved - with the exception of the extensions group, in which codes are sorted (this approach to GREASE is inspired by [mercury's](https://github.com/cisco/mercury/blob/main/doc/npf.md#tls)). MD5 is replaced with a more collision-resistant hash, while preserving MD5's convenient 16 byte length (again, something which [mercury does as well](https://github.com/cisco/mercury/blob/main/doc/npf.md#hash-representation)).
To sum it up, NJA3v1 is composed of the following code groups:

4
frontend/index.gmi
View File

@ -50,11 +50,11 @@ This service reflects your browser's TLS Client Hello message in multiple forms.
* NJA3v1: {{.NJA3v1}}
* NJA3v1 SHA256/128: {{.NJA3v1Hash}}
Parameters in the Client Hello message differ between clients, likely enabling servers and on-path observers to detect what browser you are likely using (down to its version, or a range of versions) by deriving its fingerprint from said parameters. JA3 is a simple and popular type of TLS fingerprint. NJA3 is a similar style of fingerprint which aims to improve the robustness and accuracy of JA3.
Parameters in the Client Hello message differ between clients, enabling servers and on-path observers to detect what browser you are likely using (down to its version, or a range of versions) by deriving its fingerprint from said parameters. JA3 is a simple and popular type of TLS fingerprint. NJA3 is a similar style of fingerprint which aims to improve the robustness and accuracy of JA3.
=> https://engineering.salesforce.com/tls-fingerprinting-with-ja3-and-ja3s-247362855967/ TLS Fingerprinting with JA3 and JA3S
=> https://tildegit.org/nervuri/client-hello-mirror/src/branch/master/NJA3.md NJA3 documentation
_____________________
=> https://nervuri.net/ Author: nervuri
=> gemini://rawtext.club/~nervuri/ Author: nervuri
=> https://tildegit.org/nervuri/client-hello-mirror Source (contributions welcome)
=> https://opensource.org/license/BSD-3-clause/ License: BSD-3-Clause