D4
/
sensor-d4-tls-fingerprinting
mirror of https://github.com/D4-project/sensor-d4-tls-fingerprinting
2
0
Fork 0
Code Issues Releases Wiki Activity

updates README

pull/8/head
Jean-Louis Huynen 2019-02-20 10:33:38 +01:00
parent 35bbfbb52d
commit d997cb8911
2 changed files with 38 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
README.md
View File

@ -1,15 +1,44 @@
# sensor-d4-tls-fingerprinting <p align="center">
Extracts TLS certificates from pcap files or network interfaces (tcpreassembly is done thanks to gopacket), fingerprints TLS client/server interactions with ja3/ja3s and print output in JSON form. <img alt="sensor-d4-tls-fingerprinting" src="https://raw.githubusercontent.com/D4-project/sensor-d4-tls-fingerprinting/master/media/gopherd4.png" height="140" />
<p align="center">
<a href="https://github.com/D4-project/sensor-d4-tls-fingerprinting/releases/latest"><img alt="Release" src="https://img.shields.io/github/release/D4-project/sensor-d4-tls-fingerprinting/all.svg"></a>
<a href="https://github.com/D4-project/sensor-d4-tls-fingerprinting/blob/master/LICENSE"><img alt="Software License" src="https://img.shields.io/badge/License-MIT-yellow.svg"></a>
<a href="https://goreportcard.com/report/github.com/D4-Project/sensor-d4-tls-fingerprinting"><img alt="Go Report Card" src="https://goreportcard.com/badge/github.com/D4-Project/sensor-d4-tls-fingerprinting"></a>
</p>
</p>
**sensor-d4-tls-fingerprinting** is intended to be used to feed a D4 project client (It can be used in standalone though).
# Main features
* extracts TLS certificates from pcap files or network interfaces
* fingerprints TLS client/server interactions with ja3/ja3s
* fingerprints TLS interactions with TLSH fuzzy hashing
* write certificates in a folder
* export in JSON to files, or stdout
# Use # Use
This project is currently in its very early stage and should not be used in production. This project is currently in development and is subject to change, check the list of issues.
Check the list of issues.
## Install dependencies & go get ## Compile from source
### requirements
* git
* golang >= 1.5
* libpcap
``` shell ``` shell
$go get github.com/google/gopacket #apt install golang git libpcap-dev
$go get github.com/glaslos/tlsh
$go get github.com/D4-project/sensor-d4-tls-fingerprinting
``` ```
make allows to compile for amd64 and arm ATM. ### Go get
``` shell
$go get github.com/D4-project/sensor-d4-tls-fingerprinting
$cd $GOPATH/github.com/D4-project/sensor-d4-tls-fingerprinting
$
```
A "sensor-d4-tls-fingerprinting" compiled for your architecture should then be in $GOPATH/bin
Alternatively, use make to compile arm/linux or amd64/linux
## How to use ## How to use
Read from pcap: Read from pcap:

BIN
media/gopherd4.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 59 KiB