Extract TLS certificates from pcap files or network interfaces, fingerprint TLS client/server interactions with ja3/ja3s
 
 
Go to file
Jean-Louis Huynen 7ca0c05606 initial PoC 2019-01-23 14:41:30 +01:00
.gitignore initial PoC 2019-01-23 14:41:30 +01:00
LICENSE Initial commit 2019-01-23 13:57:01 +01:00
README.md initial PoC 2019-01-23 14:41:30 +01:00
main.go initial PoC 2019-01-23 14:41:30 +01:00

README.md

sensor-d4-tls-fingerprinting

Extracts TLS certificates from pcap files or network interfaces, fingerprints TLS client/server interactions with ja3/ja3s.

Use

This project is currently in its very early stage and relies mainly on a customized version of gopacket that will be the subject of a pull request later on.

Install dependencies & go get

$go get github.com/gallypette/gopacket
$go get github.com/google/gopacket
$cd $GOPATH/src/github.com/google/gopacket
$git remote add fork github.com/gallypette/gopacket
$go get github.com/D4-project/sensor-d4-tls-fingerprinting

How to use

This early version takes a pcap file in input with the "-r" flag, and outputs the valid x509 certificates it found in current folder. It speaks networks too with "-i".