Upgrade to Pro — share decks privately, control downloads, hide ads and more …

HTTPSハニポとFingerprint

Avatar for junk_coken junk_coken
March 09, 2019
Technology
1
2.1k

 HTTPSハニポとFingerprint

2019年3月9日に行われた第6回ハニーポッター技術交流会で発表したLT資料です。

Avatar for junk_coken

junk_coken

March 09, 2019
Tweet

More Decks by junk_coken

See All by junk_coken
6/14総サイLT~ハニーポットを作ってる話~
Avatar for junk_coken junk_coken
0
1.9k
ハニーポットで集める攻撃手法-seccamp2016
Avatar for junk_coken junk_coken
2
1k
ハニーポットで捕らえるWordPressへの攻撃
Avatar for junk_coken junk_coken
1
3.9k

Other Decks in Technology

See All in Technology
[JDDStudy #10] 社内Agent勉強会の取り組み紹介
Avatar for Kyojin.Syo yp_genzitsu
1
130
自己的售票系統自己做!
Avatar for 高見龍 eddie
0
430
CDKの魔法を少し解いてみる ― synth・build・diffで覗くIaCの裏側 ―
Avatar for Nagai Takafumi takahumi27
1
140
お試しで oxlint を導入してみる #vuefes_aftertalk
Avatar for 弁護士ドットコム bengo4com
2
1.4k
エンジニア採用と 技術広報の取り組みと注力点/techpr1112
Avatar for Ichiro Nishiuma nishiuma
0
130
Master Dataグループ紹介資料
Avatar for Sansan, Inc. sansan33
PRO
1
3.9k
Post-AIコーディング時代のエンジニア生存戦略
Avatar for shinoyu shinoyu
0
250
日々のSlackアラート確認運用をCustom Chat Modesで楽にした話 / 日々のSlackアラート確認運用をCustom Chat Modesで楽にした話
Avatar for Imamoto Hikaru imamotohikaru
0
460
コード1ミリもわからないけど
Claude CodeでFigjamプラグインを作った話
Avatar for 都村 美帆 abokadotyann
1
160
マウントとるやつ、リリースするやつ
Avatar for おーつき otsuki
1
120
こんな時代だからこそ! 想定しておきたい アクセスキー漏洩後のムーブ
Avatar for Takuya Yonezawa takuyay0ne
4
550
これからアウトプットする人たちへ - アウトプットを支える技術 / that support output
Avatar for soudai sone soudai
PRO
18
5.3k

Featured

See All Featured
Improving Core Web Vitals using Speculation Rules API
Avatar for Sergey Chernyshev sergeychernyshev
21
1.2k
A designer walks into a library…
Avatar for Paul Jervis Heath pauljervisheath
210
24k
[RailsConf 2023 Opening Keynote] The Magic of Rails
Avatar for Eileen M. Uchitelle eileencodes
31
9.7k
Designing Experiences People Love
Avatar for Jonathan Moore moore
142
24k
We Have a Design System, Now What?
Avatar for Morgane Peng morganepeng
54
7.9k
Writing Fast Ruby
Avatar for Erik Berlin sferik
630
62k
Why You Should Never Use an ORM
Avatar for John Nunemaker jnunemaker
PRO
60
9.6k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
Avatar for Tammy Everts tammyeverts
55
3.1k
Unsuck your backbone
Avatar for Amy Palamountain ammeep
671
58k
StorybookのUI Testing Handbookを読んだ
Avatar for Shingo Yamazaki zakiyama
31
6.3k
The World Runs on Bad Software
Avatar for Brandon Keepers bkeepers
PRO
72
12k
Thoughts on Productivity
Avatar for Jon Yablonski jonyablonski
73
4.9k

Transcript

  1. HTTPSFingerprint @junk_coken

  2.  • 3(@junk_coken) • HTTP &*/% '   ($-

    '   )+",# !. 

  3. HTTPS  HTTPS   ()

  4. HTTPS 1.   • DDNSOK 2. let’s encrypt 

     3. Nginx

  5. HTTPHTTPS  0 200 400 600 800 1000 1200 HTTP

    HTTPS 2019129201922   1134 60 HTTPS 468

  6. Fingerprint

  7. Fingerprinting   (  )   Machine Fingerprint

     Fingerprinting

  8. Fingerprinting Passive fingerprinting •   ( )

  9. Fingerprinting Active fingerprinting •   (JavaScript )

  10. HoneypotFingerprint • p0f • OS " • T-POT  #

     • FingerprintJS • % • Micro Honeypot ($  '& • TLS Fingerprint • JA3, HASSH →OSS SSHCowrie !(HASSH)

  11. fingerprintjs2  - https://valve.github.io/fingerprintjs2/

  12. HoneypotFingerprint • p0f • OS " • T-POT  #

     • FingerprintJS • % • Micro Honeypot ($  '& • TLS Fingerprint • JA3, HASSH →OSS SSHCowrie !(HASSH)

  13. JA3 JA3(https://github.com/salesforce/ja3) • $ &%,'*,",!+ • Black Hat Arsenal 2016

    TLS Fingerprinting1 • HTTPS>8-45 3 E2. $ # /@=? D; ),# >8%# 6C: (-A7”(+ B9>8 0<” )

  14. JA3 1. Client Hello 2. Server Hello, Server Certificate, Server

    Key Exchange, Server Hello Done 3. Client Key Exchange, Change Cipher Spec, Finished 4. Change Cipher Spec, Finished   HTTPS  JA3

  15. JA3 Client Hello   • SSL Version • Cipher

    Suite • Extension • Elliptic Curves • Elliptic Curve Point Formats 10 MD5 

  16. 16 ← 771 ← 49162 ← 49195 ← 49169 ←

    49159 ← 49171 ← 49161 ← 49172 ← 49199 ← 5 ← 47 ← 53 ← 49170 ← 10 ← 0 ← 5 ← 10 ← 23 ← 24 ← 25 ← 11 ← 13 ← 65281 771,49199-49195-49169-49159-49171-49161-49172-49162-5-47-53-49170-10,0-5-10- 11-13-65281,23-24-25,0 ↓MD5 20c9baf81bfe96ff89722899e75d0190

  17.   Web (Nginx) tcpdump(  )   

    (pcap) HTTPS    ELK  

  18. Fingerprint ja3fingerprint.json (https://github.com/trisulnsm/trisul- scripts/tree/master/lua/frontend_scripts/reassembly/ja3/prints) • JA3  fingerprint  

    •   

  19. Fingerprint fingerprint   

  20.  • HTTPS # &  →%  ! •

     "( '$

  21. ma couleur