Compare commits
2 Commits
4bcd168abc
...
f599e0ca70
Author | SHA1 | Date |
---|---|---|
nervuri | f599e0ca70 | |
nervuri | adfc6de641 |
2
Makefile
2
Makefile
|
@ -10,7 +10,7 @@ dev:
|
|||
.PHONY: release
|
||||
release: check
|
||||
mkdir -p build
|
||||
CGO_ENABLED=0 go build -buildmode=pie -trimpath -ldflags="-s -w" -o build/client-hello-mirror
|
||||
CGO_ENABLED=0 go build -buildmode=pie -trimpath -ldflags="-s -w -buildid=" -o build/client-hello-mirror
|
||||
|
||||
.PHONY: check
|
||||
check:
|
||||
|
|
2
NJA3.md
2
NJA3.md
|
@ -21,7 +21,7 @@ NJA3 is an algorithm for deriving a fingerprint string from a TLS Client Hello m
|
|||
|
||||
Points 1 and 2 aim to make the fingerprint stable in the face of predictable variations in a client's TLS Client Hello message. Extension codes are sorted as an adaptation to [Chromium having randomized the ordering of extensions](https://www.fastly.com/blog/a-first-look-at-chromes-tls-clienthello-permutation-in-the-wild), and several extensions are excluded - namely extensions that clients are known to only send some of the time. Most extensions in the exclusion list are taken from Troy Kent's ["(JA) 3 Reasons to Rethink Your Encrypted Traffic Analysis Strategies"](https://www.youtube-nocookie.com/embed/C93ivdcVL3A).
|
||||
|
||||
Points 3-5 make the fingerprint more accurate. NJA3 contains values from within `supported_versions`, `signature_algorithms`, `psk_key_exchange_modes` and `compress_certificate` - extensions that were standardized after JA3 was conceived. The TLS version from the record header is now also included. Each GREASE value is changed to `0x0A0A` (if 16-bit) or `0x0B` (if 8-bit) and its position within each code group is preserved (which is also [what mercury does](https://github.com/cisco/mercury/blob/main/doc/npf.md#tls)). MD5 is replaced with a more collision-resistant hash, while preserving MD5's convenient 16 byte length (again, something which [mercury does as well](https://github.com/cisco/mercury/blob/main/doc/npf.md#hash-representation)).
|
||||
Points 3-5 make the fingerprint more accurate. NJA3 adds values from within `supported_versions`, `signature_algorithms`, `psk_key_exchange_modes` and `compress_certificate` - extensions that were standardized after JA3 was conceived. The TLS version from the record header is now also included. Each GREASE value is changed to `0x0A0A` (if 16-bit) or `0x0B` (if it's a PskKeyExchangeMode) and its position within each code group is preserved - with the exception of the extensions group, in which codes are sorted (this approach to GREASE is inspired by [mercury's](https://github.com/cisco/mercury/blob/main/doc/npf.md#tls)). MD5 is replaced with a more collision-resistant hash, while preserving MD5's convenient 16 byte length (again, something which [mercury does as well](https://github.com/cisco/mercury/blob/main/doc/npf.md#hash-representation)).
|
||||
|
||||
To sum it up, NJA3v1 is composed of the following code groups:
|
||||
|
||||
|
|
|
@ -50,11 +50,11 @@ This service reflects your browser's TLS Client Hello message in multiple forms.
|
|||
* NJA3v1: {{.NJA3v1}}
|
||||
* NJA3v1 SHA256/128: {{.NJA3v1Hash}}
|
||||
|
||||
Parameters in the Client Hello message differ between clients, likely enabling servers and on-path observers to detect what browser you are likely using (down to its version, or a range of versions) by deriving its fingerprint from said parameters. JA3 is a simple and popular type of TLS fingerprint. NJA3 is a similar style of fingerprint which aims to improve the robustness and accuracy of JA3.
|
||||
Parameters in the Client Hello message differ between clients, enabling servers and on-path observers to detect what browser you are likely using (down to its version, or a range of versions) by deriving its fingerprint from said parameters. JA3 is a simple and popular type of TLS fingerprint. NJA3 is a similar style of fingerprint which aims to improve the robustness and accuracy of JA3.
|
||||
|
||||
=> https://engineering.salesforce.com/tls-fingerprinting-with-ja3-and-ja3s-247362855967/ TLS Fingerprinting with JA3 and JA3S
|
||||
=> https://tildegit.org/nervuri/client-hello-mirror/src/branch/master/NJA3.md NJA3 documentation
|
||||
_____________________
|
||||
=> https://nervuri.net/ Author: nervuri
|
||||
=> gemini://rawtext.club/~nervuri/ Author: nervuri
|
||||
=> https://tildegit.org/nervuri/client-hello-mirror Source (contributions welcome)
|
||||
=> https://opensource.org/license/BSD-3-clause/ License: BSD-3-Clause
|
||||
|
|
Loading…
Reference in New Issue