Skip to content

@gallypette gallypette released this Jan 8, 2020

Main changes

  • chg: [sessions] switch from sha256 to sha1 for consistency with TLS
  • fix: [ja3] grease values were not checked on elliptic curves extensions #13
  • chg [modules] opt-in to Go Modules (that also explains the version numbering change)

SHA 256

90c2147f5fe700509302b4c1ff01b79d828ee883d09a37762a0a9a8c3327c054  sensor-d4-tls-fingerprinting
Assets 2

@gallypette gallypette released this Apr 25, 2019

This is the inital release of sensor-d4-tls-fingerprinting.

Current Features

  • Extract x509 certificates from pcap files or network interfaces
  • Export TLS sessions description in JSON form - to stdout or to disk
  • Export Certificates to disk
  • Fingerprints TLS client/server interactions with ja3/ja3s
  • Fingerprints TLS interactions with TLSH fuzzy hashing on the tuple {ja3, ja3s, [certficate.issuer, certificate.subject]}

SHA 256

2c52f40ce7b606b4edeef7d9c6b2b5f622464effcfd3408852019b567e0620df  d4-tlsf-amd64l
Assets 3