Upgrade to Pro — share decks privately, control downloads, hide ads and more …

HTTPSハニポとFingerprint

Avatar for junk_coken junk_coken
March 09, 2019
Technology
1
2.1k

 HTTPSハニポとFingerprint

2019年3月9日に行われた第6回ハニーポッター技術交流会で発表したLT資料です。

Avatar for junk_coken

junk_coken

March 09, 2019
Tweet

More Decks by junk_coken

See All by junk_coken
6/14総サイLT~ハニーポットを作ってる話~
Avatar for junk_coken junk_coken
0
1.9k
ハニーポットで集める攻撃手法-seccamp2016
Avatar for junk_coken junk_coken
2
1k
ハニーポットで捕らえるWordPressへの攻撃
Avatar for junk_coken junk_coken
1
3.9k

Other Decks in Technology

See All in Technology
2026/01/16_実体験から学ぶ 2025年の失敗と対策_Progate Bar
Avatar for Teba_eleven teba_eleven
1
210
「違う現場で格闘する二人」——社内コミュニティがつないだトヨタ流アジャイルの実践とその先
Avatar for Shin shinichitakeuchi
0
510
プロンプトエンジニアリングを超えて:自由と統制のあいだでつくる Platform × Context Engineering
Avatar for yuriemori yuriemori
0
500
AWS Network Firewall Proxyで脱Squid運用⁈
Avatar for hr0hr57 nnydtmg
1
120
かわいい身体と声を持つ そういうものに私はなりたい
Avatar for よしむら@データマネジメント担当 yoshimura_datam
0
180
【Oracle Cloud ウェビナー】ランサムウェアが突く「侵入の隙」とバックアップの「死角」 ~ 過去の教訓に学ぶ — 侵入前提の防御とデータ保護 ~
Avatar for oracle4engineer oracle4engineer
PRO
1
160
これまでのネットワーク運用を変えるかもしれないアプデをおさらい
Avatar for da-hatakeyama hatahata021
4
230
GitHub Copilot CLI 現状確認会議
Avatar for Toru Makabe torumakabe
8
2.7k
OCI技術資料 : OS管理ハブ 概要
Avatar for Oracle Cloud Infrastructure ソリューション・エンジニア ocise
2
4.1k
Master Dataグループ紹介資料
Avatar for Sansan, Inc. sansan33
PRO
1
4.2k
Introduction to Sansan, inc / Sansan Global Development Center, Inc.
Avatar for Sansan, Inc. sansan33
PRO
0
2.9k
クラウドセキュリティの進化 — AWSの20年を振り返る
Avatar for kei4eva4 kei4eva4
0
140

Featured

See All Featured
Efficient Content Optimization with Google Search Console & Apps Script
Avatar for Katarina Dahlin katarinadahlin
PRO
0
290
Groundhog Day: Seeking Process in Gaming for Health
Avatar for Sebastian Deterding codingconduct
0
75
The Limits of Empathy - UXLibs8
Avatar for Cassini Nazir cassininazir
1
200
The innovator’s Mindset - 
Leading Through an Era of Exponential Change - McGill University 2025
Avatar for Jean-Marc De Jonghe jdejongh
PRO
1
82
Have SEOs Ruined the Internet? - User Awareness of SEO in 2025
Avatar for Akash Hashmi akashhashmi
0
250
A Tale of Four Properties
Avatar for Chris Coyier chriscoyier
162
24k
Fantastic passwords and where to find them - at NoRuKo
Avatar for Phil Nash philnash
52
3.6k
Primal Persuasion: How to Engage the Brain for Learning That Lasts
Avatar for Mike Taylor tmiket
0
210
Darren the Foodie - Storyboard
Avatar for Kevinho.art khoart
PRO
2
2.2k
The World Runs on Bad Software
Avatar for Brandon Keepers bkeepers
PRO
72
12k
Fireside Chat
Avatar for paigeccino paigeccino
41
3.8k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
Avatar for Marc Duiker marcduiker
35
2.3k

Transcript

  1. HTTPSFingerprint @junk_coken

  2.  • 3(@junk_coken) • HTTP &*/% '   ($-

    '   )+",# !. 

  3. HTTPS  HTTPS   ()

  4. HTTPS 1.   • DDNSOK 2. let’s encrypt 

     3. Nginx

  5. HTTPHTTPS  0 200 400 600 800 1000 1200 HTTP

    HTTPS 2019129201922   1134 60 HTTPS 468

  6. Fingerprint

  7. Fingerprinting   (  )   Machine Fingerprint

     Fingerprinting

  8. Fingerprinting Passive fingerprinting •   ( )

  9. Fingerprinting Active fingerprinting •   (JavaScript )

  10. HoneypotFingerprint • p0f • OS " • T-POT  #

     • FingerprintJS • % • Micro Honeypot ($  '& • TLS Fingerprint • JA3, HASSH →OSS SSHCowrie !(HASSH)

  11. fingerprintjs2  - https://valve.github.io/fingerprintjs2/

  12. HoneypotFingerprint • p0f • OS " • T-POT  #

     • FingerprintJS • % • Micro Honeypot ($  '& • TLS Fingerprint • JA3, HASSH →OSS SSHCowrie !(HASSH)

  13. JA3 JA3(https://github.com/salesforce/ja3) • $ &%,'*,",!+ • Black Hat Arsenal 2016

    TLS Fingerprinting1 • HTTPS>8-45 3 E2. $ # /@=? D; ),# >8%# 6C: (-A7”(+ B9>8 0<” )

  14. JA3 1. Client Hello 2. Server Hello, Server Certificate, Server

    Key Exchange, Server Hello Done 3. Client Key Exchange, Change Cipher Spec, Finished 4. Change Cipher Spec, Finished   HTTPS  JA3

  15. JA3 Client Hello   • SSL Version • Cipher

    Suite • Extension • Elliptic Curves • Elliptic Curve Point Formats 10 MD5 

  16. 16 ← 771 ← 49162 ← 49195 ← 49169 ←

    49159 ← 49171 ← 49161 ← 49172 ← 49199 ← 5 ← 47 ← 53 ← 49170 ← 10 ← 0 ← 5 ← 10 ← 23 ← 24 ← 25 ← 11 ← 13 ← 65281 771,49199-49195-49169-49159-49171-49161-49172-49162-5-47-53-49170-10,0-5-10- 11-13-65281,23-24-25,0 ↓MD5 20c9baf81bfe96ff89722899e75d0190

  17.   Web (Nginx) tcpdump(  )   

    (pcap) HTTPS    ELK  

  18. Fingerprint ja3fingerprint.json (https://github.com/trisulnsm/trisul- scripts/tree/master/lua/frontend_scripts/reassembly/ja3/prints) • JA3  fingerprint  

    •   

  19. Fingerprint fingerprint   

  20.  • HTTPS # &  →%  ! •

     "( '$

  21. ma couleur