search

wwhtrbbtt / TrackMe

https://tls.peet.ws
GNU General Public License v3.0
208 stars 32 forks source link

GREASE status in MongoDB #7

Closed ne4u closed 1 year ago

ne4u commented 1 year ago

I think it would be helpful to add a boolean for GREASE support in the MongoDB since it's not in the JA3 hash. GREASE is helpful in identifying bots or malicious requests spoofing user_agents.

EX: Reported user_agent is a current version of Safari on any OS. But, there is no grease support in the TLS negotiation. Therefore the conclusion is the user_agent is being faked.

wwhtrbbtt commented 1 year ago

Hey, thanks for your Issue. I want to rework the logging system completely, to enable better statistics. The Idea is good, although I never encountered a client spoofing a ja3 but not sending GREASE values

ne4u commented 1 year ago

The thought is to be able to identify spoofed user_agents. Most spoofed user_agents aren't going anything good :-)

wwhtrbbtt commented 1 year ago

I am working on my own fingerprint and will have it in there

wwhtrbbtt commented 1 year ago

The new fingerprint "PeetPrint" now contains grease values (actual values replaced with "GREASE")