$30 off During Our Annual Pro Sale. View Details »

HTTPSハニポとFingerprint

junk_coken
March 09, 2019
Technology
1
1.5k

 HTTPSハニポとFingerprint

2019年3月9日に行われた第6回ハニーポッター技術交流会で発表したLT資料です。

junk_coken

March 09, 2019
Tweet

More Decks by junk_coken

See All by junk_coken
6/14総サイLT~ハニーポットを作ってる話~
junk_coken
0
1.5k
ハニーポットで集める攻撃手法-seccamp2016
junk_coken
2
800
ハニーポットで捕らえるWordPressへの攻撃
junk_coken
1
3.3k

Other Decks in Technology

See All in Technology
NW-JAWS 勉強会#9: re:Inventで発表されたNW関連速報
yukihirokikuchi
0
190
E2E自動テスト導入の つらみ・解決・ふりかえり
honamin09
3
100
20221206 プライバシーエンジニアの仕事 @PRIVACY TECH NIGHT #01 LayerX 中村龍矢
nrryuya
0
200
OCI Streaming ご紹介
oracle4engineer
PRO
0
560
Power Automate の新関数について
miyakemito
0
240
Verrazzano 概要 / Verrazzano overview
oracle4engineer
PRO
0
420
Autonomous Database Cloud 技術詳細 / adb-s_technical_detail_jp
oracle4engineer
PRO
10
22k
AIの言う通りにやったら Webアプリが作れるのか試してみた (ChatGPT)
t_pori418
0
330
PWA開発を基礎からおさらい / PWA Night CONFERENCE 2022
chinen
2
560
明日使えるかもしれないGitテクニック / Gunma.web#47
yug1224
0
100
EMになって半年でやったこと
yuu26
0
330
Enjoy the Web
herablog
3
880

Featured

See All Featured
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
13
1.1k
Bootstrapping a Software Product
garrettdimon
299
110k
Unsuck your backbone
ammeep
658
55k
Designing on Purpose - Digital PM Summit 2013
jponch
107
5.8k
What's new in Ruby 2.0
geeforr
336
30k
Testing 201, or: Great Expectations
jmmastey
24
5.6k
The World Runs on Bad Software
bkeepers
PRO
59
5.6k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
20
6.8k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
182
15k
Documentation Writing (for coders)
carmenintech
49
2.8k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
236
1.1M
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
499
130k

Transcript

  1. HTTPSFingerprint @junk_coken

  2.  • 3(@junk_coken) • HTTP &*/% '   ($-

    '   )+",# !. 

  3. HTTPS  HTTPS   ()

  4. HTTPS 1.   • DDNSOK 2. let’s encrypt 

     3. Nginx

  5. HTTPHTTPS  0 200 400 600 800 1000 1200 HTTP

    HTTPS 2019129201922   1134 60 HTTPS 468

  6. Fingerprint

  7. Fingerprinting   (  )   Machine Fingerprint

     Fingerprinting

  8. Fingerprinting Passive fingerprinting •   ( )

  9. Fingerprinting Active fingerprinting •   (JavaScript )

  10. HoneypotFingerprint • p0f • OS " • T-POT  #

     • FingerprintJS • % • Micro Honeypot ($  '& • TLS Fingerprint • JA3, HASSH →OSS SSHCowrie !(HASSH)

  11. fingerprintjs2  - https://valve.github.io/fingerprintjs2/

  12. HoneypotFingerprint • p0f • OS " • T-POT  #

     • FingerprintJS • % • Micro Honeypot ($  '& • TLS Fingerprint • JA3, HASSH →OSS SSHCowrie !(HASSH)

  13. JA3 JA3(https://github.com/salesforce/ja3) • $ &%,'*,",!+ • Black Hat Arsenal 2016

    TLS Fingerprinting1 • HTTPS>8-45 3 E2. $ # /@=? D; ),# >8%# 6C: (-A7”(+ B9>8 0<” )

  14. JA3 1. Client Hello 2. Server Hello, Server Certificate, Server

    Key Exchange, Server Hello Done 3. Client Key Exchange, Change Cipher Spec, Finished 4. Change Cipher Spec, Finished   HTTPS  JA3

  15. JA3 Client Hello   • SSL Version • Cipher

    Suite • Extension • Elliptic Curves • Elliptic Curve Point Formats 10 MD5 

  16. 16 ← 771 ← 49162 ← 49195 ← 49169 ←

    49159 ← 49171 ← 49161 ← 49172 ← 49199 ← 5 ← 47 ← 53 ← 49170 ← 10 ← 0 ← 5 ← 10 ← 23 ← 24 ← 25 ← 11 ← 13 ← 65281 771,49199-49195-49169-49159-49171-49161-49172-49162-5-47-53-49170-10,0-5-10- 11-13-65281,23-24-25,0 ↓MD5 20c9baf81bfe96ff89722899e75d0190

  17.   Web (Nginx) tcpdump(  )   

    (pcap) HTTPS    ELK  

  18. Fingerprint ja3fingerprint.json (https://github.com/trisulnsm/trisul- scripts/tree/master/lua/frontend_scripts/reassembly/ja3/prints) • JA3  fingerprint  

    •   

  19. Fingerprint fingerprint   

  20.  • HTTPS # &  →%  ! •

     "( '$

  21. ma couleur