Documentation ¶
Overview ¶
Package ja3 provides JA3 Client Fingerprinting for the Go language by looking at the TLS Client Hello packets.
Basic Usage ja3 takes in TCP payload data as a []byte and computes the corresponding JA3 string and digest.
j, err := ja3.ComputeJA3FromSegment(tcpPayload) if err != nil { // If the packet is no Client Hello an error is thrown as soon as the parsing fails panic(err) } // Get the JA3 digest, string and SNI of the parsed Client Hello ja3Hash := j.GetJA3Hash() ja3String := j.GetJA3String() sni := j.GetSNI() fmt.Printf("JA3Hash: %v, JA3String: %v, SNI: %v\n", ja3Hash, ja3String, sni) // Get the JA3 string as a byte array for more efficient handling ja3String := j.GetJA3ByteString() anyWriterClass.Write(ja3String)
Index ¶
Constants ¶
const ( LengthErr string = "length check %v failed" ContentTypeErr string = "content type not matching" VersionErr string = "version check %v failed" HandshakeTypeErr string = "handshake type not matching" SNITypeErr string = "SNI type not supported" )
Error types
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type JA3 ¶
type JA3 struct {
// contains filtered or unexported fields
}
JA3 stores the parsed fields from the Client Hello. To access the values use the respective getter methods.
func ComputeJA3FromHandshake ¶ added in v1.0.1
ComputeJA3FromHandshake parses the handshake and returns the populated JA3 object or the encountered parsing error. Note: usually you'll want to use ComputeJA3FromSegment unless you're working directly with the raw data that makes up a TLS Handshake buffer.
func ComputeJA3FromSegment ¶
ComputeJA3FromSegment parses the segment and returns the populated JA3 object or the encountered parsing error.
func (*JA3) GetJA3ByteString ¶
GetJA3ByteString returns the JA3 string as a byte slice for more efficient handling. This function uses caching, so repeated calls to this function on the same JA3 object will not trigger any new calculations.
func (*JA3) GetJA3Hash ¶
GetJA3Hash returns the MD5 Digest of the JA3 string in hexadecimal representation. This function uses caching, so repeated calls to this function on the same JA3 object will not trigger any new calculations.
func (*JA3) GetJA3String ¶
GetJA3String returns the JA3 string as a string. This function uses caching, so repeated calls to this function on the same JA3 object will not trigger any new calculations.
type ParseError ¶
type ParseError struct {
// contains filtered or unexported fields
}
ParseError can be encountered while parsing a segment
func (*ParseError) Error ¶
func (e *ParseError) Error() string