**sensor-d4-tls-fingerprinting** is intended to be used to feed a D4 project client (It can be used in standalone though).
# Main features
* extracts TLS certificates from pcap files or network interfaces
* fingerprints TLS client/server interactions with ja3/ja3s
* fingerprints TLS interactions with TLSH fuzzy hashing
* write certificates in a folder
* export in JSON to files, or stdout
# Use
This project is currently in development and is subject to change, check the list of issues.
## Compile from source
### requirements
* git
* golang >= 1.5
* libpcap
``` shell
#apt install golang git libpcap-dev
```
### Go get
``` shell
$go get github.com/D4-project/sensor-d4-tls-fingerprinting
$cd $GOPATH/github.com/D4-project/sensor-d4-tls-fingerprinting
$
```
A "sensor-d4-tls-fingerprinting" compiled for your architecture should then be in $GOPATH/bin
Alternatively, use make to compile arm/linux or amd64/linux
## How to use
Read from pcap:
``` shell
$ ./d4-tlsf-amd64l -r=file
```
Read from interface (promiscious mode):
``` shell
$ ./d4-tlsf-amd64l -i=interface
```
Write x509 certificates to folder:
``` shell
$ ./d4-tlsf-amd64l -w=folderName
```
Write output json inside folder
``` shell
$ ./d4-tlsf-amd64l -j=folderName
```