Skip to content
Impersonating JA3 signatures
Go
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore
LICENSE
README.md Update README.md Nov 22, 2019
go.mod Update go.mod Nov 22, 2019
go.sum
ja3client.go Extract transport Nov 22, 2019
ja3client_test.go Fix error handling for extensions Nov 26, 2019
preset.go Update Chrome Nov 22, 2019
transport.go

README.md

JA3Transport

GoDoc Go Report Card

For a more in-depth look at the library, check out our blogpost.

Abstract

JA3 is a method for fingerprinting TLS clients using options in the TLS ClientHello packet like SSL version and available client extensions. At its core, this method of detecting malicious traffic is marginally better than the User-Agent header in HTTP since the client is in control of the ClientHello packet. Currently, there is no tooling available to easily craft ClientHello packets, so the JA3 hash is a great detection mechanism. A team of two members from CU Cyber have created a Go library that makes it easy to mock JA3 signatures.

You can’t perform that action at this time.