-
*Title*: Extend TLS inspector to capture JA3 client fingerprint
*Description*:
JA3 is a much more effective way to detect malicious activity over SSL than IP or domain based IOCs. Since JA3 detect…
-
Hello,
It may be useful to add support to JA3S to MISP with the same format that JA3 which is already implemented :
attributes, first-seen, ip-dst, ip-src, ja3-fingerprint-md5, ja3s-fingerprint-…
-
Thanks for plugin, I compared it's output with these JA3 online tools:
- https://ja3er.com (json version: https://ja3er.com/json )
- https://tls.browserleaks.com (json version: https://tls.browserle…
-
Hello,
I used Custom Extensions on some entities (using https://stix2.readthedocs.io/en/latest/guide/extensions.html). If I understand the 2.1 spec correctly, I'll need to export my Extensions Defi…
-
Hi,
I observed there is a difference in JA3 fingerprint/hash generated by pcapplusplus and JA3 fingerprint generated by a python tool (ja3) available in ubuntu.
for my experiment, I dump the pcap fi…
-
Before when a JA3 is in the blacklist https://sslbl.abuse.ch/ja3-fingerprints/ displays from ntopng web UI (host->TLS) a **forbidden icon** (see picture)
Now the forbidden icon is not displayed …
-
### Subject
This issue baffles me a little bit, because I cannot understand why it fails. Basically I am unable to login to my google account when I'm using urllib>=1.26.0. But let me first describ…
-
Is there a reason that json output was removed from ndpiReader?
-
The field "Application Name" of JA3 Client fingerprint in TLS is always empty
I use curl, wget, firewfox, IE,...
-
|Wazuh version| Component | Action type |
wazuh-manager-4.2.0-1.x86_64 running on amazon linux 2. All in one install.
## Description
I am trying to ingest aws network firewall alert logs into waz…