Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Speaker Deck
PRO
Sign in
Sign up for free
HTTPSハニポとFingerprint
junk_coken
March 09, 2019
Technology
1
1.4k
HTTPSハニポとFingerprint
2019年3月9日に行われた第6回ハニーポッター技術交流会で発表したLT資料です。
junk_coken
March 09, 2019
Tweet
Share
More Decks by junk_coken
See All by junk_coken
6/14総サイLT~ハニーポットを作ってる話~
junk_coken
0
1.4k
ハニーポットで集める攻撃手法-seccamp2016
junk_coken
2
770
ハニーポットで捕らえるWordPressへの攻撃
junk_coken
1
3.2k
Other Decks in Technology
See All in Technology
エンタープライズにおけるSRE立ち上げとNew Relic選定に至った背景とは / SRE Startup and New Relic in the Enterprise
tomoyakitaura
2
140
Motto Go Forward スライドトップと Goを支える文化とコミュニティ してご利用ください 〜なぜ我々はコミュニティにコントリ ビュートするのか〜
luccafort
0
190
Power BIのモバイルと都 +1 / Tokyo
ishiayaya
0
140
HTTP Session Architecture Pattern
chiroito
1
390
mROS 2のススメ
takasehideki
0
290
Power BI Report Ops
hanaseleb
0
160
Power BI Premiumでデータ準備!
hanaseleb
1
180
OSINT/GEOINT ワークショップ 20220514 古橋資料
furuhashilab
2
280
SRENEXT2022 組織にSREを実装していくまでの道のり
marnie0301
1
240
Building smarter apps with machine learning, from magic to reality
picardparis
4
3.1k
CADDi HCMC Technology Center
caddi_eng
0
250
モダンデータスタックとかの話(データエンジニアのお仕事とは)
foursue
0
330
Featured
See All Featured
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
314
19k
Designing for Performance
lara
596
63k
Documentation Writing (for coders)
carmenhchung
48
2.5k
The Invisible Side of Design
smashingmag
289
48k
Reflections from 52 weeks, 52 projects
jeffersonlam
337
17k
Principles of Awesome APIs and How to Build Them.
keavy
113
15k
Fashionably flexible responsive web design (full day workshop)
malarkey
396
62k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
15
910
Designing for humans not robots
tammielis
241
23k
Code Review Best Practice
trishagee
41
6.7k
Build your cross-platform service in a week with App Engine
jlugia
219
17k
What the flash - Photography Introduction
edds
61
9.9k
Transcript
HTTPSFingerprint @junk_coken
• 3(@junk_coken) • HTTP &*/% ' ($-
' )+",# !.
HTTPS HTTPS ()
HTTPS 1. • DDNSOK 2. let’s encrypt
3. Nginx
HTTPHTTPS 0 200 400 600 800 1000 1200 HTTP
HTTPS 2019129201922 1134 60 HTTPS 468
Fingerprint
Fingerprinting ( ) Machine Fingerprint
Fingerprinting
Fingerprinting Passive fingerprinting • ( )
Fingerprinting Active fingerprinting • (JavaScript )
HoneypotFingerprint • p0f • OS " • T-POT #
• FingerprintJS • % • Micro Honeypot ($ '& • TLS Fingerprint • JA3, HASSH →OSS SSHCowrie !(HASSH)
fingerprintjs2 - https://valve.github.io/fingerprintjs2/
HoneypotFingerprint • p0f • OS " • T-POT #
• FingerprintJS • % • Micro Honeypot ($ '& • TLS Fingerprint • JA3, HASSH →OSS SSHCowrie !(HASSH)
JA3 JA3(https://github.com/salesforce/ja3) • $ &%,'*,",!+ • Black Hat Arsenal 2016
TLS Fingerprinting1 • HTTPS>8-45 3 E2. $ # /@=? D; ),# >8%# 6C: (-A7”(+ B9>8 0<” )
JA3 1. Client Hello 2. Server Hello, Server Certificate, Server
Key Exchange, Server Hello Done 3. Client Key Exchange, Change Cipher Spec, Finished 4. Change Cipher Spec, Finished HTTPS JA3
JA3 Client Hello • SSL Version • Cipher
Suite • Extension • Elliptic Curves • Elliptic Curve Point Formats 10 MD5
16 ← 771 ← 49162 ← 49195 ← 49169 ←
49159 ← 49171 ← 49161 ← 49172 ← 49199 ← 5 ← 47 ← 53 ← 49170 ← 10 ← 0 ← 5 ← 10 ← 23 ← 24 ← 25 ← 11 ← 13 ← 65281 771,49199-49195-49169-49159-49171-49161-49172-49162-5-47-53-49170-10,0-5-10- 11-13-65281,23-24-25,0 ↓MD5 20c9baf81bfe96ff89722899e75d0190
Web (Nginx) tcpdump( )
(pcap) HTTPS ELK
Fingerprint ja3fingerprint.json (https://github.com/trisulnsm/trisul- scripts/tree/master/lua/frontend_scripts/reassembly/ja3/prints) • JA3 fingerprint
•
Fingerprint fingerprint
• HTTPS # & →% ! •
"( '$
ma couleur