You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Jean-Louis Huynen
006e37eafb
|
6 months ago | |
|---|---|---|
| d4tls | 1 year ago | |
| etls | 1 year ago | |
| media | 1 year ago | |
| .gitignore | 1 year ago | |
| LICENSE | 1 year ago | |
| Makefile | 1 year ago | |
| README.md | 1 year ago | |
| d4-tlsf.go | 1 year ago | |
| go.mod | 6 months ago | |
| go.sum | 6 months ago | |
README.md
sensor-d4-tls-fingerprinting is intended to be used to feed a D4 project client (It can be used in standalone though).
Main features
- extracts TLS certificates from pcap files or network interfaces
- fingerprints TLS client/server interactions with ja3/ja3s
- fingerprints TLS interactions with TLSH fuzzy hashing
- write certificates in a folder
- export in JSON to files, or stdout
Use
This project is currently in development and is subject to change, check the list of issues.
Compile from source
requirements
- git
- golang >= 1.5
- libpcap
#apt install golang git libpcap-dev
Go get
$go get github.com/D4-project/sensor-d4-tls-fingerprinting
$cd $GOPATH/github.com/D4-project/sensor-d4-tls-fingerprinting
$
A “sensor-d4-tls-fingerprinting” compiled for your architecture should then be in $GOPATH/bin Alternatively, use make to compile arm/linux or amd64/linux
How to use
Read from pcap:
$ ./d4-tlsf-amd64l -r=file
Read from interface (promiscious mode):
$ ./d4-tlsf-amd64l -i=interface
Write x509 certificates to folder:
$ ./d4-tlsf-amd64l -w=folderName
Write output json inside folder
$ ./d4-tlsf-amd64l -j=folderName