Closed ne4u closed 2 years ago
pagpeter
commented
2 years ago Hey, thanks for your Issue. I want to rework the logging system completely, to enable better statistics. The Idea is good, although I never encountered a client spoofing a ja3 but not sending GREASE values
ne4u
commented
2 years ago The thought is to be able to identify spoofed user_agents. Most spoofed user_agents aren't going anything good :-)
pagpeter
commented
2 years ago I am working on my own fingerprint and will have it in there
pagpeter
commented
2 years ago The new fingerprint "PeetPrint" now contains grease values (actual values replaced with "GREASE")
I think it would be helpful to add a boolean for GREASE support in the MongoDB since it's not in the JA3 hash. GREASE is helpful in identifying bots or malicious requests spoofing user_agents.
EX: Reported user_agent is a current version of Safari on any OS. But, there is no grease support in the TLS negotiation. Therefore the conclusion is the user_agent is being faked.