drwetter / testssl.sh

Testing TLS/SSL encryption anywhere on any port
https://testssl.sh
GNU General Public License v2.0
7.99k stars 1.03k forks source link

[Feature request] Report JA3 cleint and JA3/S server TLS fingerprints when running client simulations #2350

Open Delicates opened 1 year ago

Delicates commented 1 year ago

Which version are you referring to 3.2rc2 (default 3.1dev branch)

Describe your feature request (if it's a technical feature) In the Running client simulations via sockets section report JA3 client TLS fingerprint and JA3/S server TLS fingerprint for each simulation. https://github.com/salesforce/ja3

Describe the solution you'd like Could be an optional --ja3 flag that adds an extra line underneath each simulation printing JA3 and JA3/S TLS fingerprints. Or alternatively could be appended at the end of each simulation output line.

In the Testing server defaults (Server Hello) section change "Fingerprints" to "Certificate Fingerprints" to avoid ambiguity.

drwetter commented 1 year ago

The thing with those fingerprints are:

In general I like the idea though. (It interested e ages ago, gave talks by that time what a ClientHello will tell an adversary bc I everybody seemed to assume TLS is a VPN).

drwetter commented 1 year ago

What could be done is sending the client handshakes and wiresharking those. Last time I tried it contained the JA3 strings. Don't know how accurate those are as supposed to real life