Ja4 Supporting #42
Comments
|
Thanks! I admit that ja4 do some enhancements/improvements than ja3, but I'd like wait it to be mature |
|
a bit related/similar with #13 |
|
Currently I dont like ja4 because it sorted extension -- randomize extensions is a feature of new chrome -- we could distinguish/detect bot on top of it, so we shall not sort. |
|
Chrome randomizes extensions, Firefox will randomize in the future (I read somewhere)) ) - therefore without ordering, we have cases when on each page reloading we will get different ja3, and ja4 fixes it |
I agree. here's why: if you have a client that identifies as a current version of chrome but does not have a random extension list on subsequent requests, you know it's a bot. An unsorted list can always be sorted later. But, I also agree that the hash by itself is less useful. Just out of curiosity what happens when FIPS mode is enabled on the system or during compile time since md5 function is removed? It seems to me the hash function can be removed and any hash functionality could be done by whatever process consumes the fingerprint data. |
|
Cloudflare added the support of JA4 in its enterprise plan, it's my turn to follow it now. https://developers.cloudflare.com/bots/concepts/ja3-ja4-fingerprint/ |
There exist updates in TLS client fingerprinting technology
https://github.com/FoxIO-LLC/ja4/tree/main
The text was updated successfully, but these errors were encountered: