Comments (2)
yes, it's interesting and not interesting at the same time; it's under patent and miss important data point of modern TLS
- Extension settings are finger printable - like ja3 it's ignored except for SNI (see next point) and ALPN
- GREASE must be part of the fingerprint, position and occurrence (basically replaced via a fixed placeholder as value) - GREASE and non GREASE TLS produce the same hash which is innacurate
- In TLS1.2, 1.3 introduced the concept of session (ticket, PSK) - completely ignored like JA3 - it's not really a cristism, because it's not that easy to fingerprint that and can be choice on purpose, but still. (This required the support of fuzzy hash to be implemented correctly, but see below with pseudo-fuzzy)
- SNI is part of the fingerprint (That means each site will produced a dedicated hash, no matter if the TLS FP is the same) the target domain is totally unrelated to the TLS and now the fingerprint does not really reflect it and mismatch
- I don't understand the split of the hash into pieces, pseudo fuzzy hash I guess do to something like
LIKE %_xxx_xxx
, just do fuzzy hash like ssdeep - The methodology and the logic to build the FP is complex for nothing IMO
- There is no dataset comparison between ja3 and ja4 TLS to measure the matching accuracy of client identification (due to SNI it's already out) and false positive, so without any measure to compare with, it's not better and can be worst
So I don't think it's serve the same purpose of ja3 despite it's called ja4, the patent and licensing already killed it I think
from curl-impersonate.
I thought the hash in JA4 was aimed to make it easier to search logs for set parts in a fingerprint instead of a whole md5 hash allowing you to narrow down a client easier and I suppose sell you access to a database.
A good example was this
For example; GreyNoise is an internet listener that identifies internet scanners and is implementing JA4+ into their product. They have an actor who scans the internet with a constantly changing single TLS cipher. This generates a massive amount of completely different JA3 fingerprints but with JA4, only the b part of the JA4 fingerprint changes, parts a and c remain the same. As such, GreyNoise can track the actor by looking at the JA4_ac fingerprint (joining a+c, dropping b).
Tho this does not apply in this situation due to trying to not be unique. The only other thing I have run into is order of headers and correct format.
The databases I have come across don't contain User-Agent and either have just a md5 hash would be nice to have to have the string that makes up the hash with it. Anyways thanks for letting me know this will work just fine.
from curl-impersonate.
Related Issues (20)
- Homebrew unofficial receipt available HOT 1
- Ubuntu 22:04 libcurl-impersonate-chrome.so cannot be preloaded HOT 3
- Websocket on Windows HOT 6
- Pre shared key extension
- make chrome-build fails HOT 1
- Fiddler Intergration / Cloudfare bypass
- WS/WSS Protocol in Docker Image HOT 3
- compile error on boringssl - [-Werror,-Wunused-but-set-variable] HOT 3
- Content-Encoding may be gzip but the response body is uncompressed
- Safari http2 fingerprints are not correct
- make chrome-build failed HOT 7
- Bypassing Cloudflare HOT 6
- Impersonation no longer good enough?
- recompile php with curl-impersonate HOT 2
- curl: (56) HTTP/2 stream 1 was reset
- Namespace wrapping for firefox and chrome in one?
- Use Different browsers, ... , But get same fingerprints
- Precompiled binary doesn't work, but docker version works well for chatGPT.
- Make PHP use libcurl-impersonate HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from curl-impersonate.