New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JA3 support #56

Open

chrisforce1 opened this issue Mar 25, 2018 · 1 comment

Assignees

Contributor

chrisforce1 commented Mar 25, 2018

I'd like to save JA3 signatures when NFR encounters TLS sessions on TCP port 443.

Here's a simple way that we can load tcpdump output into ja3.py and get the signatures. The code is over at https://github.com/salesforce/ja3/ and a large list of signatures at https://github.com/salesforce/ja3/tree/master/lists. We can then use the signatures on the backend to flag infections within riswiz.

The text was updated successfully, but these errors were encountered:

chrisforce1 assigned tg, krhubert and ioj

Contributor Author

chrisforce1 commented Mar 26, 2018

A bigger list of JA3 signatures (including some malware) is over here.

krhubert removed their assignment

ioj removed their assignment

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment