A small JA3 TLS fingerprinting library written in Rust.
This crate enables a consumer to fingerprint the ClientHello portion of a TLS handshake. It can hash TLS handshakes over IPv4 and IPv6. It heavily depends on the tls-parser project from Rusticata.
It supports generating fingerprints from packet capture files as well as live-captures on a network interface, both using libpcap.
See the original JA3 project for more information.
Example of fingerprinting a packet capture file:
use ja3::Ja3;
let mut ja3 = Ja3::new("test.pcap")
.process_pcap()
.unwrap();
// Now we have a Vec of Ja3Hash objects
for hash in ja3 {
println!("{}", hash);
}
Example of fingerprinting a live capture:
use ja3::Ja3;
let mut ja3 = Ja3::new("eth0")
.process_live()
.unwrap();
while let Some(hash) = ja3.next() {
println!("Hash: {}", hash);
} Command Mean [ms] Min [ms] Max [ms] Relative ja3 huge-cap.pcap 153.2 ± 2.3 149.8 157.2 34.85 ± 2.82 ./target/release/examples/ja3 huge-cap.pcap 4.4 ± 0.3 3.6 5.5 1.00
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4