Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarifying the Scrapfly JA3 #14

Closed
jjsaunier opened this issue May 15, 2024 · 2 comments
Closed

Clarifying the Scrapfly JA3 #14

jjsaunier opened this issue May 15, 2024 · 2 comments

Comments

@jjsaunier
Copy link

jjsaunier commented May 15, 2024
edited
Loading

I came across your project and saw "JA3 and HTTP2 fingerprint; JA3 result is probably incorrect". I'm part of Scrapfly, so let me clarify:

https://scrapfly.io/web-scraping-tools/ja3-fingerprint
JA3 and HTTP2 fingerprint; JA3 result probably needs to be corrected (it doesn't match Wireshark's result).

We made the decision not to read the deprecated TLS version from the handshake on version >= TLS1.3 but read the "supported_versions." The original ja3 implementation is now old, and it makes no sense for us to get a fingerprint that does not reflect the version. In TLS1.3, you get 771 on the original ja3 (771 is the TLS1.2 version); our version gives the correct version, 772. https://datatracker.ietf.org/doc/html/rfc8446#section-1.3.

You can see both fields on https://scrapfly.io/web-scraping-tools/ja3-fingerprint page, "Handshake Version" vs. "Supported Versions"

So yes, our Ja3 is not comparable with others, as we are not interested in getting fingerprints that do not reflect the actual client, TLS1.2 and TLS1.3 having the same config can't collide.

Feel free to close ;)
@jjsaunier jjsaunier changed the title Clarifying the Scraply JA3 Clarifying the Scrapfly JA3 May 16, 2024
@wi1dcard
Copy link
Owner

Hi @jjsaunier, thanks for the clarification. That makes sense. The original JA3 implementation is quite outdated. I agree that it is necessary to make a few changes to the old JA3, such as using the supported_versions extension, and sorting the extensions.

I will fix the readme soon. :)

wi1dcard added a commit that referenced this issue May 21, 2024
@wi1dcard
Clearify Scrapfly JA3 results.
0e707c5 
Refer to #14.
@wi1dcard wi1dcard pinned this issue May 21, 2024
@p-l-
Copy link
Contributor

p-l- commented Aug 23, 2024

@jjsaunier regardless of who is "correct" / who makes "the right choice" in that situation, it is important to note that your choice creates different fingerprints that cannot be compared with existing JA3 implementations that comply with the "norm", and with JA3 fingerprint databases (and given that JA3 values are hashes, they are really impossible to compare). Hence, it's IMO misleading to call it "JA3"

If Scrapfly calls "JA3" something that is not "the original JA3" (even if that's something "better" than JA3, really, that is not my point), then it is true to say that Scrapfly's JA3 result is incorrect.

Also, the existence of a "supported version" TLS extension will be seen in the "extensions" part of JA3 (so a TLS 1.2 and TLS 1.3 will have different fingerprints even if they are exactly the same apart from the version).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jjsaunier @p-l- @wi1dcard