Didier Stevens

Sunday 30 July 2017

Quickpost: Trying Out JA3

Filed under: Networking,Quickpost — Didier Stevens @ 21:19

I tried out JA3 (a Python program to fingerprint TLS clients) with a 1GB pcap file from my server. It was fast (less than 1 minute), but I had to add some error handling to skip packets it would crash on.

I did not identify a lot of client HELLO packets with the JSON fingerprint database: around 5%.

 


Quickpost info


4 Comments »

  1. […] Quickpost: Trying Out JA3 […]

    Pingback by Overview of Content Published In July | Didier Stevens — Tuesday 1 August 2017 @ 21:53

  2. Would you mind telling me what you did to get the file to process… what was erroring?

    Comment by Cornholio — Tuesday 24 April 2018 @ 22:56

  3. […] year ago I tried out JA3. Time for a new […]

    Pingback by Quickpost: Revisting JA3 | Didier Stevens — Saturday 18 August 2018 @ 0:00

  4. It’s fixed in the latest release

    Comment by Didier Stevens — Sunday 19 August 2018 @ 10:57


RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at WordPress.com.