Open chrisforce1 opened 6 years ago
I'd like to save JA3 signatures when NFR encounters TLS sessions on TCP port 443.
JA3
Here's a simple way that we can load tcpdump output into ja3.py and get the signatures. The code is over at https://github.com/salesforce/ja3/ and a large list of signatures at https://github.com/salesforce/ja3/tree/master/lists. We can then use the signatures on the backend to flag infections within riswiz.
tcpdump
ja3.py
A bigger list of JA3 signatures (including some malware) is over here.
I'd like to save
JA3
signatures when NFR encounters TLS sessions on TCP port 443.Here's a simple way that we can load
tcpdump
output intoja3.py
and get the signatures. The code is over at https://github.com/salesforce/ja3/ and a large list of signatures at https://github.com/salesforce/ja3/tree/master/lists. We can then use the signatures on the backend to flag infections within riswiz.