Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
HTTPSハニポとFingerprint
Search
junk_coken
March 09, 2019
Technology
1
1.9k
HTTPSハニポとFingerprint
2019年3月9日に行われた第6回ハニーポッター技術交流会で発表したLT資料です。
junk_coken
March 09, 2019
Tweet
Share
More Decks by junk_coken
See All by junk_coken
6/14総サイLT~ハニーポットを作ってる話~
junk_coken
0
1.8k
ハニーポットで集める攻撃手法-seccamp2016
junk_coken
2
930
ハニーポットで捕らえるWordPressへの攻撃
junk_coken
1
3.7k
Other Decks in Technology
See All in Technology
【令和最新版】AWS Direct Connectと愉快なGWたちのおさらい
minorun365
PRO
5
750
Lambda10周年!Lambdaは何をもたらしたか
smt7174
2
110
OCI Network Firewall 概要
oracle4engineer
PRO
0
4.1k
Oracle Cloud Infrastructureデータベース・クラウド:各バージョンのサポート期間
oracle4engineer
PRO
28
12k
隣接領域をBeyondするFinatextのエンジニア組織設計 / beyond-engineering-areas
stajima
1
270
rootlessコンテナのすゝめ - 研究室サーバーでもできる安全なコンテナ管理
kitsuya0828
3
380
OCI 運用監視サービス 概要
oracle4engineer
PRO
0
4.8k
Why App Signing Matters for Your Android Apps - Android Bangkok Conference 2024
akexorcist
0
120
障害対応指揮の意思決定と情報共有における価値観 / Waroom Meetup #2
arthur1
5
470
安心してください、日本語使えますよ―Ubuntu日本語Remix提供休止に寄せて― 2024-11-17
nobutomurata
1
990
【若手エンジニア応援LT会】ソフトウェアを学んできた私がインフラエンジニアを目指した理由
kazushi_ohata
0
150
リンクアンドモチベーション ソフトウェアエンジニア向け紹介資料 / Introduction to Link and Motivation for Software Engineers
lmi
4
300k
Featured
See All Featured
Faster Mobile Websites
deanohume
305
30k
Gamification - CAS2011
davidbonilla
80
5k
A Philosophy of Restraint
colly
203
16k
No one is an island. Learnings from fostering a developers community.
thoeni
19
3k
Six Lessons from altMBA
skipperchong
27
3.5k
Music & Morning Musume
bryan
46
6.2k
For a Future-Friendly Web
brad_frost
175
9.4k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
47
2.1k
What's in a price? How to price your products and services
michaelherold
243
12k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
25
1.8k
Code Review Best Practice
trishagee
64
17k
GraphQLとの向き合い方2022年版
quramy
43
13k
Transcript
HTTPSFingerprint @junk_coken
• 3(@junk_coken) • HTTP &*/% ' ($-
' )+",# !.
HTTPS HTTPS ()
HTTPS 1. • DDNSOK 2. let’s encrypt
3. Nginx
HTTPHTTPS 0 200 400 600 800 1000 1200 HTTP
HTTPS 2019129201922 1134 60 HTTPS 468
Fingerprint
Fingerprinting ( ) Machine Fingerprint
Fingerprinting
Fingerprinting Passive fingerprinting • ( )
Fingerprinting Active fingerprinting • (JavaScript )
HoneypotFingerprint • p0f • OS " • T-POT #
• FingerprintJS • % • Micro Honeypot ($ '& • TLS Fingerprint • JA3, HASSH →OSS SSHCowrie !(HASSH)
fingerprintjs2 - https://valve.github.io/fingerprintjs2/
HoneypotFingerprint • p0f • OS " • T-POT #
• FingerprintJS • % • Micro Honeypot ($ '& • TLS Fingerprint • JA3, HASSH →OSS SSHCowrie !(HASSH)
JA3 JA3(https://github.com/salesforce/ja3) • $ &%,'*,",!+ • Black Hat Arsenal 2016
TLS Fingerprinting1 • HTTPS>8-45 3 E2. $ # /@=? D; ),# >8%# 6C: (-A7”(+ B9>8 0<” )
JA3 1. Client Hello 2. Server Hello, Server Certificate, Server
Key Exchange, Server Hello Done 3. Client Key Exchange, Change Cipher Spec, Finished 4. Change Cipher Spec, Finished HTTPS JA3
JA3 Client Hello • SSL Version • Cipher
Suite • Extension • Elliptic Curves • Elliptic Curve Point Formats 10 MD5
16 ← 771 ← 49162 ← 49195 ← 49169 ←
49159 ← 49171 ← 49161 ← 49172 ← 49199 ← 5 ← 47 ← 53 ← 49170 ← 10 ← 0 ← 5 ← 10 ← 23 ← 24 ← 25 ← 11 ← 13 ← 65281 771,49199-49195-49169-49159-49171-49161-49172-49162-5-47-53-49170-10,0-5-10- 11-13-65281,23-24-25,0 ↓MD5 20c9baf81bfe96ff89722899e75d0190
Web (Nginx) tcpdump( )
(pcap) HTTPS ELK
Fingerprint ja3fingerprint.json (https://github.com/trisulnsm/trisul- scripts/tree/master/lua/frontend_scripts/reassembly/ja3/prints) • JA3 fingerprint
•
Fingerprint fingerprint
• HTTPS # & →% ! •
"( '$
ma couleur