Update read-tls-client-hello to add JA4 fingerprint to TLS events

httptoolkit · Feb 21, 2025 · 89229ec · 89229ec
1 parent c9c4438
commit 89229ec
Show file tree

Hide file tree

Showing 5 changed files with 7 additions and 2 deletions.
diff --git a/package.json b/package.json
@@ -194,7 +194,7 @@
     "parse-multipart-data": "^1.4.0",
     "performance-now": "^2.1.0",
     "portfinder": "^1.0.32",
-    "read-tls-client-hello": "^1.0.0",
+    "read-tls-client-hello": "^1.1.0",
     "semver": "^7.5.3",
     "socks-proxy-agent": "^7.0.0",
     "typed-error": "^3.0.2",

diff --git a/src/server/http-combo-server.ts b/src/server/http-combo-server.ts
@@ -11,6 +11,7 @@ import { makeDestroyable, DestroyableServer } from 'destroyable-server';
 import httpolyglot = require('@httptoolkit/httpolyglot');
 import {
     calculateJa3FromFingerprintData,
+    calculateJa4FromHelloData,
     NonTlsError,
     readTlsClientHello
 } from 'read-tls-client-hello';
@@ -399,7 +400,8 @@ function analyzeAndMaybePassThroughTls(
                 connectHostname,
                 connectPort,
                 clientAlpn: helloData.alpnProtocols,
-                ja3Fingerprint: calculateJa3FromFingerprintData(helloData.fingerprintData)
+                ja3Fingerprint: calculateJa3FromFingerprintData(helloData.fingerprintData),
+                ja4Fingerprint: calculateJa4FromHelloData(helloData)
             };
 
             if (shouldPassThrough(connectHostname, passThroughPatterns, interceptOnlyPatterns)) {

diff --git a/src/types.ts b/src/types.ts
@@ -84,6 +84,7 @@ export interface TlsSocketMetadata {
     connectPort?: string;
     clientAlpn?: string[];
     ja3Fingerprint?: string;
+    ja4Fingerprint?: string;
 }
 
 export interface TlsPassthroughEvent extends TlsConnectionEvent {

diff --git a/test/integration/subscriptions/tls-error-events.spec.ts b/test/integration/subscriptions/tls-error-events.spec.ts
@@ -108,6 +108,7 @@ describe("TLS error subscriptions", () => {
 
         expect(tlsError.tlsMetadata.sniHostname).to.equal('localhost');
         expect(tlsError.tlsMetadata.ja3Fingerprint!.length).to.equal(32);
+        expect(tlsError.tlsMetadata.ja4Fingerprint!.length).to.equal(36);
 
         await expectNoClientErrors();
     });

diff --git a/test/integration/subscriptions/tls-passthrough-events.spec.ts b/test/integration/subscriptions/tls-passthrough-events.spec.ts
@@ -53,6 +53,7 @@ describe("TLS passthrough subscriptions", () => {
             : ['h2', 'http/1.1']
         );
         expect(tlsMetadata.ja3Fingerprint.length).to.equal(32);
+        expect(tlsMetadata.ja4Fingerprint.length).to.equal(36);
     });
 
     it("should not fire for TLS sockets are received and handled", async () => {