These tools are to enable the matching (either on the wire or via pcap), creation, and export of TLS Fingerprints to other formats. For futher information on TLS Fingerprinting:
- My TLS Fingerprinting paper,
- My Derbycon Talk, and slides on the topic.
- My SecTorCA Talk, and slides on the topic.
- TLS Fingerprinting Discussion on Brakeing Down Security Podcast
- Quick demo of tor detection with FingerPrinTLS
In summary the tools are:
FingerprinTLS: TLS session detection on the wire or PCAP and subsequent fingerprint detetion / creation.
Fingerprintout: Export to other formats such as Suricata/Snort rules, ANSI C Structs, "clean" output and xkeyscore (ok, it's regex). NOTE: Because of a lack of flexibility in the suricata/snort rules language, this is currently less accurate than using FingerprinTLS to detect fingerprints and so may require tuning.
fingerprints.json: The fingerprint "database" itself.
Please feel free to raise issues and make pull requests to submit code changes, fingerprint submissions, etc.