[Feature request] Report JA3 cleint and JA3/S server TLS fingerprints when running client simulations

[Delicates]

Which version are you referring to 3.2rc2 (default 3.1dev branch)

Describe your feature request (if it's a technical feature) In the Running client simulations via sockets section report JA3 client TLS fingerprint and JA3/S server TLS fingerprint for each simulation. https://github.com/salesforce/ja3

Describe the solution you'd like Could be an optional --ja3 flag that adds an extra line underneath each simulation printing JA3 and JA3/S TLS fingerprints. Or alternatively could be appended at the end of each simulation output line.

In the Testing server defaults (Server Hello) section change "Fingerprints" to "Certificate Fingerprints" to avoid ambiguity.

[drwetter]

The thing with those fingerprints are:

• last time I looked it up they were ancient and somewhat the same as the ones from LeeBrotherston's TLS fingerprintting project
• Somewhere I found a bigger and up-to-date database, but I forgot where that was
• We should be careful inspect we can use that db (which is preferred over calculating) as Salesforce (cough) might have a copyright on it.

In general I like the idea though. (It interested e ages ago, gave talks by that time what a ClientHello will tell an adversary bc I everybody seemed to assume TLS is a VPN).

[drwetter]

What could be done is sending the client handshakes and wiresharking those. Last time I tried it contained the JA3 strings. Don't know how accurate those are as supposed to real life