Function to help craft fingerprint fields

cloudflare / mitmengine

A MITM (monster-in-the-middle) detection tool. Used to build MALCOLM:

https://malcolm.cloudflare.com

BSD 3-Clause "New" or "Revised" License

807 stars 68 forks source link

Function to help craft fingerprint fields #21

Open mholt opened 4 years ago

mholt commented 4 years ago

It would be nice if there was a way to populate this structure from a standard *http.Request and *tls.ClientHelloInfo.

In Caddy 1, we were able to get both values in an HTTP request: https://github.com/caddyserver/caddy/blob/891446d06340db2912c9a970bfe862bd54efbb70/caddyhttp/httpserver/mitm.go#L64

However, I am afraid I will fill in the RequestFingerprint struct improperly, it would be super helpful if the lib could do that given the request and ClientHello info.

lukevalenta commented 4 years ago

Thanks for the suggestion! I have a lot of changes planned for this project, so I'll add that to the list.

The timeline for the changes is still unclear, but if this project could be useful for Caddy that's certainly good motivation.

mholt commented 4 years ago

Cool, yup, that's the plan! I figure/hope this will be better maintained than my spikey implementation of the paper a few years ago. I think if I can bundle in the dataset into the binary, and with that helper function, it should be pretty great to distribute this through a Caddy plugin.