Merge branch 'greasebug'

master
Jean-Louis Huynen 2019-06-12 15:09:35 +02:00
commit df5ce5c687
1 changed files with 14 additions and 7 deletions

View File

@ -10,6 +10,9 @@ import (
"github.com/glaslos/tlsh" "github.com/glaslos/tlsh"
) )
// see https://tools.ietf.org/html/draft-ietf-tls-grease-02
// grease values for cipher suites, ALPN and identifiers,
// extensions, named groups, signatur algorithms, and versions.
var grease = map[uint16]bool{ var grease = map[uint16]bool{
0x0a0a: true, 0x1a1a: true, 0x2a2a: true, 0x3a3a: true, 0x0a0a: true, 0x1a1a: true, 0x2a2a: true, 0x3a3a: true,
0x4a4a: true, 0x5a5a: true, 0x6a6a: true, 0x7a7a: true, 0x4a4a: true, 0x5a5a: true, 0x6a6a: true, 0x7a7a: true,
@ -17,7 +20,7 @@ var grease = map[uint16]bool{
0xcaca: true, 0xdada: true, 0xeaea: true, 0xfafa: true, 0xcaca: true, 0xdada: true, 0xeaea: true, 0xfafa: true,
} }
// D4Fingerprinting computes fingerprints doh // D4Fingerprinting computes fingerprints
func (t *TLSSession) D4Fingerprinting(fd string) bool { func (t *TLSSession) D4Fingerprinting(fd string) bool {
switch fd { switch fd {
case "ja3": case "ja3":
@ -117,23 +120,27 @@ func (t *TLSSession) ja3() bool {
// If there are Supported Curves // If there are Supported Curves
if len(t.handShakeRecord.ETLSHandshakeClientHello.SupportedCurves) > 0 { if len(t.handShakeRecord.ETLSHandshakeClientHello.SupportedCurves) > 0 {
for i, cs := range t.handShakeRecord.ETLSHandshakeClientHello.SupportedCurves { for i, cs := range t.handShakeRecord.ETLSHandshakeClientHello.SupportedCurves {
if grease[uint16(cs)] == false {
buf = strconv.AppendInt(buf, int64(cs), 10) buf = strconv.AppendInt(buf, int64(cs), 10)
if (i + 1) < len(t.handShakeRecord.ETLSHandshakeClientHello.SupportedCurves) { if (i + 1) < len(t.handShakeRecord.ETLSHandshakeClientHello.SupportedCurves) {
buf = append(buf, byte(45)) buf = append(buf, byte(45))
} }
} }
} }
}
buf = append(buf, byte(44)) buf = append(buf, byte(44))
// If there are Supported Points // If there are Supported Points
if len(t.handShakeRecord.ETLSHandshakeClientHello.SupportedPoints) > 0 { if len(t.handShakeRecord.ETLSHandshakeClientHello.SupportedPoints) > 0 {
for i, cs := range t.handShakeRecord.ETLSHandshakeClientHello.SupportedPoints { for i, cs := range t.handShakeRecord.ETLSHandshakeClientHello.SupportedPoints {
if grease[uint16(cs)] == false {
buf = strconv.AppendInt(buf, int64(cs), 10) buf = strconv.AppendInt(buf, int64(cs), 10)
if (i + 1) < len(t.handShakeRecord.ETLSHandshakeClientHello.SupportedPoints) { if (i + 1) < len(t.handShakeRecord.ETLSHandshakeClientHello.SupportedPoints) {
buf = append(buf, byte(45)) buf = append(buf, byte(45))
} }
} }
} }
}
t.Record.JA3 = string(buf) t.Record.JA3 = string(buf)
tmp := md5.Sum(buf) tmp := md5.Sum(buf)
t.Record.JA3Digest = hex.EncodeToString(tmp[:]) t.Record.JA3Digest = hex.EncodeToString(tmp[:])