JA3(s) can not parse windows/x64/meterpreter/reverse_https Payload

salesforce / ja3

JA3 is a standard for creating SSL client fingerprints in an easy to produce and shareable way.

BSD 3-Clause "New" or "Revised" License

2.61k stars 289 forks source link

JA3(s) can not parse windows/x64/meterpreter/reverse_https Payload #65

Closed Epicccal closed 3 years ago

Epicccal commented 3 years ago

Hello , When I use JA3(S) to parse MetaSploit-Framework(6.0.37-dev) - windows/x64/meterpreter/reverse_https Payload, it does not work.

msf_https

2021-05-06_09-53

I don't understand the reason for this, could you give me some suggestions? Thank you very much～

msf_https.pcap.zip

Epicccal commented 3 years ago

Sorry, I think I found the problem. I need to specify the -a parameter because the default port for meterpreter communication is 4444。

2021-05-06_10-35

2021-05-06_10-35_1

Jackson-Pollock commented 2 years ago

@Epicccal Just one question, How did you performed this attack? The msfvenom binary with ..reverse_https payload and listener on other end, that's it right?