sensor-d4-tls-fingerprinting/README.md

34 lines
895 B
Markdown
Raw Normal View History

2019-01-23 13:57:01 +01:00
# sensor-d4-tls-fingerprinting
Extracts TLS certificates from pcap files or network interfaces (tcpreassembly is done thanks to gopacket), fingerprints TLS client/server interactions with ja3/ja3s and print output in JSON form.
2019-01-23 14:41:30 +01:00
# Use
2019-02-01 11:28:20 +01:00
This project is currently in its very early stage and should not be used in production.
Check the list of issues.
2019-01-23 14:41:30 +01:00
## Install dependencies & go get
``` shell
$go get github.com/google/gopacket
2019-02-02 00:08:34 +01:00
$go get github.com/glaslos/tlsh
2019-01-23 14:41:30 +01:00
$go get github.com/D4-project/sensor-d4-tls-fingerprinting
```
make allows to compile for amd64 and arm ATM.
2019-01-23 14:41:30 +01:00
## How to use
Read from pcap:
``` shell
$ ./d4-tlsf-amd64l -r=file
```
Read from interface (promiscious mode):
``` shell
$ ./d4-tlsf-amd64l -i=interface
```
Write x509 certificates to folder:
``` shell
$ ./d4-tlsf-amd64l -w=folderName
```
Write output json inside folder
``` shell
$ ./d4-tlsf-amd64l -j=folderName
```