006e37eafb | ||
---|---|---|
d4tls | ||
etls | ||
media | ||
.gitignore | ||
LICENSE | ||
Makefile | ||
README.md | ||
d4-tlsf.go | ||
go.mod | ||
go.sum |
README.md
sensor-d4-tls-fingerprinting is intended to be used to feed a D4 project client (It can be used in standalone though).
Main features
- extracts TLS certificates from pcap files or network interfaces
- fingerprints TLS client/server interactions with ja3/ja3s
- fingerprints TLS interactions with TLSH fuzzy hashing
- write certificates in a folder
- export in JSON to files, or stdout
Use
This project is currently in development and is subject to change, check the list of issues.
Compile from source
requirements
- git
- golang >= 1.5
- libpcap
#apt install golang git libpcap-dev
Go get
$go get github.com/D4-project/sensor-d4-tls-fingerprinting
$cd $GOPATH/github.com/D4-project/sensor-d4-tls-fingerprinting
$
A "sensor-d4-tls-fingerprinting" compiled for your architecture should then be in $GOPATH/bin Alternatively, use make to compile arm/linux or amd64/linux
How to use
Read from pcap:
$ ./d4-tlsf-amd64l -r=file
Read from interface (promiscious mode):
$ ./d4-tlsf-amd64l -i=interface
Write x509 certificates to folder:
$ ./d4-tlsf-amd64l -w=folderName
Write output json inside folder
$ ./d4-tlsf-amd64l -j=folderName