D4
/
sensor-d4-tls-fingerprinting
mirror of https://github.com/D4-project/sensor-d4-tls-fingerprinting
2
0
Fork 0
Code Issues Releases Wiki Activity
Extract TLS certificates from pcap files or network interfaces, fingerprint TLS client/server interactions with ja3/ja3s
7 Commits
2 Branches
2 Tags
141 KiB
Go 99.8%
Makefile 0.2%
 
 
Go to file
Jean-Louis Huynen e59ea05e57 wip - nitpicking 2019-01-31 10:14:12 +01:00
.gitignore initial PoC 2019-01-23 14:41:30 +01:00
LICENSE Initial commit 2019-01-23 13:57:01 +01:00
Makefile Adds Makefile, simpler concurrency 2019-01-29 16:06:23 +01:00
README.md wip - nitpicking 2019-01-31 10:14:12 +01:00
d4-tlsf.go wip - nitpicking 2019-01-31 10:14:12 +01:00

README.md

sensor-d4-tls-fingerprinting

Extracts TLS certificates from pcap files or network interfaces (tcpreassembly is done thanks to gopacket), fingerprints TLS client/server interactions with ja3/ja3s and print output in JSON form.

Use

This project is currently in its very early stage and relies on a customized version of gopacket. Check the list of issues.

Install dependencies & go get

$go get github.com/gallypette/gopacket
$go get github.com/google/gopacket
$cd $GOPATH/src/github.com/google/gopacket
$git remote add fork github.com/gallypette/gopacket
$go get github.com/D4-project/sensor-d4-tls-fingerprinting

make allows to compile for amd64 and arm ATM.

How to use

Read from pcap:

$ ./d4-tlsf-amd64l -r=file

Read from interface (promiscious mode):

$ ./d4-tlsf-amd64l -i=interface

Write x509 certificates to folder:

$ ./d4-tlsf-amd64l -w=folderName

Write output json inside folder

$ ./d4-tlsf-amd64l -j=folderName