Upgrade to Pro — share decks privately, control downloads, hide ads and more …

HTTPSハニポとFingerprint

Sponsored · Your Podcast. Everywhere. Effortlessly. Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
Avatar for junk_coken junk_coken
March 09, 2019
Technology
2.2k
1

 HTTPSハニポとFingerprint

2019年3月9日に行われた第6回ハニーポッター技術交流会で発表したLT資料です。

Avatar for junk_coken

junk_coken

March 09, 2019

More Decks by junk_coken

See All by junk_coken
6/14総サイLT~ハニーポットを作ってる話~
Avatar for junk_coken junk_coken
0
1.9k
ハニーポットで集める攻撃手法-seccamp2016
Avatar for junk_coken junk_coken
2
1k
ハニーポットで捕らえるWordPressへの攻撃
Avatar for junk_coken junk_coken
1
4k

Other Decks in Technology

See All in Technology
Hacobu Tech Deck
Avatar for Hacobu hacobu
PRO
0
140
AI バイブコーティングでキーボード不要?!
Avatar for Sam Akada samakada
0
660
需要創出(Chatwork)×供給(BPaaS) フライホイールとMoat 実行能力の最適配置とAI戦略
Avatar for kubell kubell_hr
0
1.5k
UIライブラリに依存しすぎないReact Native設計を目指して
Avatar for Takahiro Kato grandbig
0
160
Cortex Codeのコスト見積ヒントご紹介
Avatar for Yosuke Katsuki yokatsuki
0
130
Rapid Start: Faster Internet Connections, with Ruby's Help
Avatar for kazuho kazuho
2
950
20260423_執筆の工夫と裏側 技術書の企画から刊行まで / From the planning to the publication of technical book
Avatar for nash_efp nash_efp
3
670
MySQL 9.7がやってきた ~これまでのあらすじと基本情報~ @ 日本MySQLユーザ会会2026年04月 / mysql97-yattekita
Avatar for sakaik sakaik
0
130
はじめての MagicPod生成AI機能 機能紹介から活用方法まで
Avatar for MagicPod magicpod
0
120
Claude Code を安全に使おう勉強会 / Claude Code Security Basics
Avatar for MasahiroKawahara masahirokawahara
12
39k
『生成AI時代のクレデンシャルとパーミッション設計 — Claude Code を起点に』の執筆企画
Avatar for Takuro SASAKI takuros
2
1.6k
Pure Intonation on Browser: Building a Sequencer with Ruby
Avatar for nagachika nagachika
0
350

Featured

See All Featured
The Invisible Side of Design
Avatar for Vitaly Friedman smashingmag
303
52k
Neural Spatial Audio Processing for Sound Field Analysis and Control
Avatar for NII S. Koyama's Lab skoyamalab
0
270
The Cult of Friendly URLs
Avatar for Andy Hume andyhume
79
6.9k
Color Theory Basics | Prateek | Gurzu
Avatar for Gurzu gurzu
0
300
Pawsitive SEO: Lessons from My Dog (and Many Mistakes) on Thriving as a Consultant in the Age of AI
Avatar for David Carrasco davidcarrasco
0
120
10 Git Anti Patterns You Should be Aware of
Avatar for Lemi Orhan Ergin lemiorhan
PRO
659
62k
Collaborative Software Design: How to facilitate domain modelling decisions
Avatar for Kenny Baas-Schwegler baasie
1
200
How to build a perfect <img>
Avatar for Jono Alderson jonoalderson
1
5.4k
Raft: Consensus for Rubyists
Avatar for Patrick Van Stee vanstee
141
7.4k
Embracing the Ebb and Flow
Avatar for Simon Collison colly
88
5k
How to train your dragon (web standard)
Avatar for Monica Dinculescu notwaldorf
97
6.6k
The Art of Delivering Value - GDevCon NA Keynote
Avatar for David Neal reverentgeek
16
1.9k

Transcript

  1. HTTPSFingerprint @junk_coken

  2.  • 3(@junk_coken) • HTTP &*/% '   ($-

    '   )+",# !. 

  3. HTTPS  HTTPS   ()

  4. HTTPS 1.   • DDNSOK 2. let’s encrypt 

     3. Nginx

  5. HTTPHTTPS  0 200 400 600 800 1000 1200 HTTP

    HTTPS 2019129201922   1134 60 HTTPS 468

  6. Fingerprint

  7. Fingerprinting   (  )   Machine Fingerprint

     Fingerprinting

  8. Fingerprinting Passive fingerprinting •   ( )

  9. Fingerprinting Active fingerprinting •   (JavaScript )

  10. HoneypotFingerprint • p0f • OS " • T-POT  #

     • FingerprintJS • % • Micro Honeypot ($  '& • TLS Fingerprint • JA3, HASSH →OSS SSHCowrie !(HASSH)

  11. fingerprintjs2  - https://valve.github.io/fingerprintjs2/

  12. HoneypotFingerprint • p0f • OS " • T-POT  #

     • FingerprintJS • % • Micro Honeypot ($  '& • TLS Fingerprint • JA3, HASSH →OSS SSHCowrie !(HASSH)

  13. JA3 JA3(https://github.com/salesforce/ja3) • $ &%,'*,",!+ • Black Hat Arsenal 2016

    TLS Fingerprinting1 • HTTPS>8-45 3 E2. $ # /@=? D; ),# >8%# 6C: (-A7”(+ B9>8 0<” )

  14. JA3 1. Client Hello 2. Server Hello, Server Certificate, Server

    Key Exchange, Server Hello Done 3. Client Key Exchange, Change Cipher Spec, Finished 4. Change Cipher Spec, Finished   HTTPS  JA3

  15. JA3 Client Hello   • SSL Version • Cipher

    Suite • Extension • Elliptic Curves • Elliptic Curve Point Formats 10 MD5 

  16. 16 ← 771 ← 49162 ← 49195 ← 49169 ←

    49159 ← 49171 ← 49161 ← 49172 ← 49199 ← 5 ← 47 ← 53 ← 49170 ← 10 ← 0 ← 5 ← 10 ← 23 ← 24 ← 25 ← 11 ← 13 ← 65281 771,49199-49195-49169-49159-49171-49161-49172-49162-5-47-53-49170-10,0-5-10- 11-13-65281,23-24-25,0 ↓MD5 20c9baf81bfe96ff89722899e75d0190

  17.   Web (Nginx) tcpdump(  )   

    (pcap) HTTPS    ELK  

  18. Fingerprint ja3fingerprint.json (https://github.com/trisulnsm/trisul- scripts/tree/master/lua/frontend_scripts/reassembly/ja3/prints) • JA3  fingerprint  

    •   

  19. Fingerprint fingerprint   

  20.  • HTTPS # &  →%  ! •

     "( '$

  21. ma couleur