Merge branch 'greasebug'
commit
df5ce5c687
|
@ -10,6 +10,9 @@ import (
|
||||||
"github.com/glaslos/tlsh"
|
"github.com/glaslos/tlsh"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
// see https://tools.ietf.org/html/draft-ietf-tls-grease-02
|
||||||
|
// grease values for cipher suites, ALPN and identifiers,
|
||||||
|
// extensions, named groups, signatur algorithms, and versions.
|
||||||
var grease = map[uint16]bool{
|
var grease = map[uint16]bool{
|
||||||
0x0a0a: true, 0x1a1a: true, 0x2a2a: true, 0x3a3a: true,
|
0x0a0a: true, 0x1a1a: true, 0x2a2a: true, 0x3a3a: true,
|
||||||
0x4a4a: true, 0x5a5a: true, 0x6a6a: true, 0x7a7a: true,
|
0x4a4a: true, 0x5a5a: true, 0x6a6a: true, 0x7a7a: true,
|
||||||
|
@ -17,7 +20,7 @@ var grease = map[uint16]bool{
|
||||||
0xcaca: true, 0xdada: true, 0xeaea: true, 0xfafa: true,
|
0xcaca: true, 0xdada: true, 0xeaea: true, 0xfafa: true,
|
||||||
}
|
}
|
||||||
|
|
||||||
// D4Fingerprinting computes fingerprints doh
|
// D4Fingerprinting computes fingerprints
|
||||||
func (t *TLSSession) D4Fingerprinting(fd string) bool {
|
func (t *TLSSession) D4Fingerprinting(fd string) bool {
|
||||||
switch fd {
|
switch fd {
|
||||||
case "ja3":
|
case "ja3":
|
||||||
|
@ -117,23 +120,27 @@ func (t *TLSSession) ja3() bool {
|
||||||
// If there are Supported Curves
|
// If there are Supported Curves
|
||||||
if len(t.handShakeRecord.ETLSHandshakeClientHello.SupportedCurves) > 0 {
|
if len(t.handShakeRecord.ETLSHandshakeClientHello.SupportedCurves) > 0 {
|
||||||
for i, cs := range t.handShakeRecord.ETLSHandshakeClientHello.SupportedCurves {
|
for i, cs := range t.handShakeRecord.ETLSHandshakeClientHello.SupportedCurves {
|
||||||
|
if grease[uint16(cs)] == false {
|
||||||
buf = strconv.AppendInt(buf, int64(cs), 10)
|
buf = strconv.AppendInt(buf, int64(cs), 10)
|
||||||
if (i + 1) < len(t.handShakeRecord.ETLSHandshakeClientHello.SupportedCurves) {
|
if (i + 1) < len(t.handShakeRecord.ETLSHandshakeClientHello.SupportedCurves) {
|
||||||
buf = append(buf, byte(45))
|
buf = append(buf, byte(45))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
buf = append(buf, byte(44))
|
buf = append(buf, byte(44))
|
||||||
|
|
||||||
// If there are Supported Points
|
// If there are Supported Points
|
||||||
if len(t.handShakeRecord.ETLSHandshakeClientHello.SupportedPoints) > 0 {
|
if len(t.handShakeRecord.ETLSHandshakeClientHello.SupportedPoints) > 0 {
|
||||||
for i, cs := range t.handShakeRecord.ETLSHandshakeClientHello.SupportedPoints {
|
for i, cs := range t.handShakeRecord.ETLSHandshakeClientHello.SupportedPoints {
|
||||||
|
if grease[uint16(cs)] == false {
|
||||||
buf = strconv.AppendInt(buf, int64(cs), 10)
|
buf = strconv.AppendInt(buf, int64(cs), 10)
|
||||||
if (i + 1) < len(t.handShakeRecord.ETLSHandshakeClientHello.SupportedPoints) {
|
if (i + 1) < len(t.handShakeRecord.ETLSHandshakeClientHello.SupportedPoints) {
|
||||||
buf = append(buf, byte(45))
|
buf = append(buf, byte(45))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
t.Record.JA3 = string(buf)
|
t.Record.JA3 = string(buf)
|
||||||
tmp := md5.Sum(buf)
|
tmp := md5.Sum(buf)
|
||||||
t.Record.JA3Digest = hex.EncodeToString(tmp[:])
|
t.Record.JA3Digest = hex.EncodeToString(tmp[:])
|
||||||
|
|
Loading…
Reference in New Issue