ja4
ja4 copied to clipboard
FoxIO-LLC
JA4+ is a suite of network fingerprinting standards
Is JA4 algorithm supposed to work with DTLS traffic too? I am asking beacsue: 1) I didn't find any reference at all at DTLS in this repository 2) Wireshark doesn't...
Hi all, My nginx version is [nginx 1.24.0-2] (from debian testing) and this is my httpd config: I know that the JA4S depends on the client you use, I used...
Is there a reason behind the Zeek ssh.log not containing JA4SSH and having that data broken out into its own ja4ssh.log?
The TLS extension `padding` may appear due to the packet size. And the JA4 of this case is `[JA4: t13d1517h2_8daaf6152771_b1ff8ab2d16f]` Chrome : Version 120.0.6099.71 (Official Build) (64-bit) The source code...
In the technical_details document describing the JA4H specification, there are minor inconsistencies and a problematic delimiter. This document was previously found at technical_details/JA4H.md and subsequently removed in this commit: https://github.com/FoxIO-LLC/ja4/commit/b6f3ff4c779d05da92e7263b2e5ab7287a2245ac#diff-aeca2ef7c4beaff2ccd0f42a618a6c85d23ba0e625fa735fda15332bf4d629c6...
`ja4 --version` output should include: - git SHA1 - the version of `tshark` - whether the binary was built with `--release` flag or not Similar updates (with exception of `tshark`...
I can't seem to find a good place to query these codes besides a random IBM table which doesn't really allow for scripting the lookup. Essentially it'd be nice to...
Hi :wave: . While working on a personal project that implements JA4, I noticed some discrepancies when comparing JA4 (TCP) fingerprint output against some of the tls PCAP files in...
