Main features

sensor-d4-tls-fingerprinting is intended to be used to feed a D4 project client (It can be used in standalone though).

Main features

extracts TLS certificates from pcap files or network interfaces
fingerprints TLS client/server interactions with ja3/ja3s
fingerprints TLS interactions with TLSH fuzzy hashing
write certificates in a folder
export in JSON to files, or stdout

Use

This project is currently in development and is subject to change, check the list of issues.

Compile from source

requirements

git
golang >= 1.5
libpcap

#apt install golang git libpcap-dev

Go get

$go get github.com/D4-project/sensor-d4-tls-fingerprinting
$cd $GOPATH/github.com/D4-project/sensor-d4-tls-fingerprinting
$

A "sensor-d4-tls-fingerprinting" compiled for your architecture should then be in $GOPATH/bin Alternatively, use make to compile arm/linux or amd64/linux

How to use

Read from pcap:

$ ./d4-tlsf-amd64l -r=file

Read from interface (promiscious mode):

$ ./d4-tlsf-amd64l -i=interface

Write x509 certificates to folder:

$ ./d4-tlsf-amd64l -w=folderName

Write output json inside folder

$ ./d4-tlsf-amd64l -j=folderName

Name		Name	Last commit message	Last commit date
Latest commit History 35 Commits
d4tls		d4tls
etls		etls
media		media
.gitignore		.gitignore
LICENSE		LICENSE
Makefile		Makefile
README.md		README.md
d4-tlsf.go		d4-tlsf.go
go.mod		go.mod
go.sum		go.sum

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Main features

Use

Compile from source

requirements

Go get

How to use

About

Releases 2

Packages

Languages

License

D4-project/sensor-d4-tls-fingerprinting

Folders and files

Latest commit

History

Repository files navigation

Main features

Use

Compile from source

requirements

Go get

How to use

About

Topics

Resources

License

Stars

Watchers

Forks

Releases 2

Packages 0

Languages

Packages