Upgrade to Pro — share decks privately, control downloads, hide ads and more …

HTTPSハニポとFingerprint

Avatar for junk_coken junk_coken
March 09, 2019
Technology
1
2k

 HTTPSハニポとFingerprint

2019年3月9日に行われた第6回ハニーポッター技術交流会で発表したLT資料です。

Avatar for junk_coken

junk_coken

March 09, 2019
Tweet

More Decks by junk_coken

See All by junk_coken
6/14総サイLT~ハニーポットを作ってる話~
Avatar for junk_coken junk_coken
0
1.9k
ハニーポットで集める攻撃手法-seccamp2016
Avatar for junk_coken junk_coken
2
990
ハニーポットで捕らえるWordPressへの攻撃
Avatar for junk_coken junk_coken
1
3.9k

Other Decks in Technology

See All in Technology
オブザーバビリティ文化を組織に浸透させるには / install observability culture
Avatar for mackerelio mackerelio
0
160
コミュニティと計画的偶発性理論 - 出会いが人生を変える / Life-Changing Encounters
Avatar for soudai sone soudai
PRO
3
140
✨敗北解法コレクション✨〜Expertだった頃に足りなかった知識と技術〜
Avatar for nanachi nanachi
1
770
Amazon GuardDuty での脅威検出:脅威検出の実例から学ぶ
Avatar for KintoTech_Dev kintotechdev
0
130
いま、あらためて考えてみるアカウント管理 with IaC / Account management with IaC
Avatar for kohbis kohbis
1
290
2025新卒研修・Webアプリケーションセキュリティ #弁護士ドットコム
Avatar for 弁護士ドットコム bengo4com
1
2k
Eval-Centric AI: Agent 開発におけるベストプラクティスの探求
Avatar for Asei Sugiyama asei
0
140
メルカリIBIS:AIが拓く次世代インシデント対応
Avatar for ktykogm 0gm
2
430
プロダクトエンジニアリングで開発の楽しさを拡張する話
Avatar for sagawa / barometrica barometrica
0
210
[kickflow]20250319_少人数チームでのAutify活用
Avatar for shin otouhujej
0
150
AIは変更差分からユニットテスト_結合テスト_システムテストでテストすべきことが出せるのか?
Avatar for Matsu mineo_matsuya
3
1.6k
AI時代の大規模データ活用とセキュリティ戦略
Avatar for Kengo Suzuki ken5scal
0
180

Featured

See All Featured
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
Avatar for soudai sone soudai
PRO
183
54k
Designing for Performance
Avatar for Lara Hogan lara
610
69k
The Pragmatic Product Professional
Avatar for Laura Van Doore lauravandoore
36
6.8k
Building Adaptive Systems
Avatar for Chris Keathley keathley
43
2.7k
[RailsConf 2023 Opening Keynote] The Magic of Rails
Avatar for Eileen M. Uchitelle eileencodes
30
9.6k
Thoughts on Productivity
Avatar for Jon Yablonski jonyablonski
69
4.8k
Intergalactic Javascript Robots from Outer Space
Avatar for Vicent Martí tanoku
272
27k
GraphQLの誤解/rethinking-graphql
Avatar for sonatard sonatard
71
11k
Automating Front-end Workflow
Avatar for Addy Osmani addyosmani
1370
200k
The Invisible Side of Design
Avatar for Vitaly Friedman smashingmag
301
51k
The MySQL Ecosystem @ GitHub 2015
Avatar for Sam Lambert samlambert
251
13k
10 Git Anti Patterns You Should be Aware of
Avatar for Lemi Orhan Ergin lemiorhan
PRO
656
60k

Transcript

  1. HTTPSFingerprint @junk_coken

  2.  • 3(@junk_coken) • HTTP &*/% '   ($-

    '   )+",# !. 

  3. HTTPS  HTTPS   ()

  4. HTTPS 1.   • DDNSOK 2. let’s encrypt 

     3. Nginx

  5. HTTPHTTPS  0 200 400 600 800 1000 1200 HTTP

    HTTPS 2019129201922   1134 60 HTTPS 468

  6. Fingerprint

  7. Fingerprinting   (  )   Machine Fingerprint

     Fingerprinting

  8. Fingerprinting Passive fingerprinting •   ( )

  9. Fingerprinting Active fingerprinting •   (JavaScript )

  10. HoneypotFingerprint • p0f • OS " • T-POT  #

     • FingerprintJS • % • Micro Honeypot ($  '& • TLS Fingerprint • JA3, HASSH →OSS SSHCowrie !(HASSH)

  11. fingerprintjs2  - https://valve.github.io/fingerprintjs2/

  12. HoneypotFingerprint • p0f • OS " • T-POT  #

     • FingerprintJS • % • Micro Honeypot ($  '& • TLS Fingerprint • JA3, HASSH →OSS SSHCowrie !(HASSH)

  13. JA3 JA3(https://github.com/salesforce/ja3) • $ &%,'*,",!+ • Black Hat Arsenal 2016

    TLS Fingerprinting1 • HTTPS>8-45 3 E2. $ # /@=? D; ),# >8%# 6C: (-A7”(+ B9>8 0<” )

  14. JA3 1. Client Hello 2. Server Hello, Server Certificate, Server

    Key Exchange, Server Hello Done 3. Client Key Exchange, Change Cipher Spec, Finished 4. Change Cipher Spec, Finished   HTTPS  JA3

  15. JA3 Client Hello   • SSL Version • Cipher

    Suite • Extension • Elliptic Curves • Elliptic Curve Point Formats 10 MD5 

  16. 16 ← 771 ← 49162 ← 49195 ← 49169 ←

    49159 ← 49171 ← 49161 ← 49172 ← 49199 ← 5 ← 47 ← 53 ← 49170 ← 10 ← 0 ← 5 ← 10 ← 23 ← 24 ← 25 ← 11 ← 13 ← 65281 771,49199-49195-49169-49159-49171-49161-49172-49162-5-47-53-49170-10,0-5-10- 11-13-65281,23-24-25,0 ↓MD5 20c9baf81bfe96ff89722899e75d0190

  17.   Web (Nginx) tcpdump(  )   

    (pcap) HTTPS    ELK  

  18. Fingerprint ja3fingerprint.json (https://github.com/trisulnsm/trisul- scripts/tree/master/lua/frontend_scripts/reassembly/ja3/prints) • JA3  fingerprint  

    •   

  19. Fingerprint fingerprint   

  20.  • HTTPS # &  →%  ! •

     "( '$

  21. ma couleur