README
¶
dactyloscopy
GO package for performing TLS fingerprinting.
I'll actually get some documentation in here at some point soon :)
Right now this is sort of subject to change as I work out how I want this to look
Documentation
¶
Index ¶
Constants ¶
const ( // TLS Extension types ExtServerName uint16 = 0x0000 ExtEllipticCurves uint16 = 0x000a ExtECPointFormats uint16 = 0x000b ExtSignatureAlgorithms uint16 = 0x000d ExtALPN uint16 = 0x0010 ExtSupportedVersions uint16 = 0x002b ExtPadding uint16 = 0x0015 // TLS Protocol Versions VersionTLS10 uint16 = 0x0301 VersionTLS11 uint16 = 0x0302 VersionTLS12 uint16 = 0x0303 VersionTLS13 uint16 = 0x0304 )
const ( HandshakeType uint8 = 22 ClientHelloMsg uint8 = 1 RecordTLSVersion = 3 TLSVersion = 3 )
Constants for TLS message types and versions
Variables ¶
var GreaseValues = []uint16{
0x0A0A, 0x1A1A, 0x2A2A, 0x3A3A, 0x4A4A,
0x5A5A, 0x6A6A, 0x7A7A, 0x8A8A, 0x9A9A,
0xAAAA, 0xBABA, 0xCACA, 0xDADA, 0xEAEA,
0xFAFA,
}
Common GREASE values used by clients
Functions ¶
func GetIANAExtension ¶
func IsClientHello ¶
IsClientHello returns a (hopefully descriptive) error if the packet is not TLS, or nil if it is TLS. Not a full parse, but a quick a dirty check to see if it is worth even attempting to parse
Types ¶
type CiphersuiteInfo ¶
func GetIanaEntry ¶
func GetIanaEntry(suiteID [2]uint16) CiphersuiteInfo
type Fingerprint ¶
type Fingerprint struct {
MessageType uint8 `json:"message_type"`
RecordTLSVersion uint16 `json:"record_tls_version"`
TLSVersion uint16 `json:"tls_version"`
Ciphersuite []uint16 `json:"ciphersuite"`
Compression []uint8 `json:"compression"`
Extensions []uint16 `json:"extensions"`
ECurves []uint16 `json:"e_curves"`
SigAlg []uint16 `json:"sig_alg"`
EcPointFmt []uint8 `json:"ec_point_fmt"`
Grease bool `json:"grease"`
SessionID bool `json:"session_id"`
SupportedVersions []uint16 `json:"supported_versions"`
ALPNProtocols []string `json:"alpn_protocols"`
PSKKeyExchangeModes []uint8 `json:"psk_key_exchange_modes,omitempty"`
Cookie string `json:"cookie,omitempty"`
RenegotiationInfo string `json:"renegotiation_info,omitempty"`
SessionTicketLen int `json:"session_ticket_len,omitempty"`
//LB1 string `json:"lb1,omitempty"`
JA3 string `json:"ja3,omitempty"`
JA4 string `json:"ja4,omitempty"`
SNI string `json:"sni,omitempty"`
// contains filtered or unexported fields
}
Fingerprint represents a TLS client fingerprint which can be used to extract various fingerprint formats
func ProcessClientHello ¶
func ProcessClientHello(buf []byte) (*Fingerprint, error)
ProcessClientHello processes the client hello packet and returns a Fingerprint
func (*Fingerprint) MakeHashes ¶
func (f *Fingerprint) MakeHashes() error
MakeHashes generates both JA3 and LB1 hashes from the fingerprint data If this method isn't needed, it should be removed since generateHashes() is already handling the JA3 hash generation
func (*Fingerprint) ProcessClientHello ¶
func (f *Fingerprint) ProcessClientHello(buf []byte) error
ProcessClientHello processes the client hello packet and returns a Fingerprint
func (*Fingerprint) Validate ¶
func (f *Fingerprint) Validate() error
Validate checks if the fingerprint data is valid
type IanaExtension ¶
type IanaExtension uint16
const ( TLMSP IanaExtension = 36 TLMSP_proxying IanaExtension = 37 TLMSP_delegate IanaExtension = 38 PrivateUse IanaExtension = 65280 )
func (IanaExtension) String ¶
func (i IanaExtension) String() string
Source Files
Directories