Skip to content
/ honeyTLS Public

Nothing but a simple dirty bash script to set up Bro, JA3 script for Bro and Nginx, that can be used as a simple honeypot to capture JA3 hashes (SSL/TLS client fingerprints)

License

MIT license
2 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

heikipikker/honeyTLS

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

greynoise-enricher.py

greynoise-enricher.py

 
 

honeytls-sampledata.csv

honeytls-sampledata.csv

 
 

honeytls.sh

honeytls.sh

 
 

splunk2csv.py

splunk2csv.py

 
 

splunkforwarder.txt

splunkforwarder.txt

 
 

Repository files navigation

honeyTLS

Nothing but a simple dirty bash script to set up Bro, JA3 script for Bro and Nginx, that can be used as a simple honeypot to capture JA3 hashes (SSL/TLS client fingerprints).

Alternatively, you can use @Andrew___Morris's one-liner to skim JA3 SSL fingerprints directly off the wire using tcpdump and some bash redirection:

tcpdump -w - -s 0 -i en0 -n -U | python -u ja3.py -a -j /dev/stdin

Reference:

  • JA3 - A method for profiling SSL/TLS Clients

TODO:

About

Nothing but a simple dirty bash script to set up Bro, JA3 script for Bro and Nginx, that can be used as a simple honeypot to capture JA3 hashes (SSL/TLS client fingerprints)

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

4 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages