Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
HTTPSハニポとFingerprint
Search
junk_coken
March 09, 2019
Technology
1
1.8k
HTTPSハニポとFingerprint
2019年3月9日に行われた第6回ハニーポッター技術交流会で発表したLT資料です。
junk_coken
March 09, 2019
Tweet
Share
More Decks by junk_coken
See All by junk_coken
6/14総サイLT~ハニーポットを作ってる話~
junk_coken
0
1.7k
ハニーポットで集める攻撃手法-seccamp2016
junk_coken
2
860
ハニーポットで捕らえるWordPressへの攻撃
junk_coken
1
3.6k
Other Decks in Technology
See All in Technology
『QAという人』が必要ではなく、『QAという技術』が必要
sadonosake
2
460
Azureコストは水道代/The_47th_Tokyo_Jazug
aeonpeople
3
350
今さら聞けない!? AWSの生成AIサービス Amazon Bedrock入門!
minorun365
PRO
11
1.9k
オブジェクト指向宗教史
tanakahisateru
13
11k
技術イベントはなんとかひねり出す 日経の技術広報の取り組み/techpr3
nishiuma
0
220
ハイパフォーマンスな組織をつくるための開発生産性の考え方 / developer-productivity-high-performer-link-and-motivation
lmi
3
230
技術広報として2023年度に頑張ったこと / What we did well in FY2023 as a DevRel
pauli
5
450
単回帰分析について数式を追いながら実装してみた
kentaitakura
0
490
Kubeflow Pipelines v2 で変わる機械学習パイプライン開発
asei
4
330
生成AIサービスPanorama AIご説明資料
sdt
0
300
AMLD 2024 - Build Your Own GPT
donlelef
1
260
Tohoku.Tech #1 「Cursorを使ったRaspberry Piの開発」by ねこまた
jun2882
0
250
Featured
See All Featured
What's new in Ruby 2.0
geeforr
335
31k
Stop Working from a Prison Cell
hatefulcrawdad
265
19k
The Illustrated Children's Guide to Kubernetes
chrisshort
28
46k
Facilitating Awesome Meetings
lara
39
5.5k
WebSockets: Embracing the real-time Web
robhawkes
59
6.9k
Designing the Hi-DPI Web
ddemaree
275
33k
4 Signs Your Business is Dying
shpigford
174
21k
Art, The Web, and Tiny UX
lynnandtonic
288
19k
The Cult of Friendly URLs
andyhume
72
5.6k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
1
1.2k
The Straight Up "How To Draw Better" Workshop
denniskardys
227
130k
No one is an island. Learnings from fostering a developers community.
thoeni
14
2k
Transcript
HTTPSFingerprint @junk_coken
• 3(@junk_coken) • HTTP &*/% ' ($-
' )+",# !.
HTTPS HTTPS ()
HTTPS 1. • DDNSOK 2. let’s encrypt
3. Nginx
HTTPHTTPS 0 200 400 600 800 1000 1200 HTTP
HTTPS 2019129201922 1134 60 HTTPS 468
Fingerprint
Fingerprinting ( ) Machine Fingerprint
Fingerprinting
Fingerprinting Passive fingerprinting • ( )
Fingerprinting Active fingerprinting • (JavaScript )
HoneypotFingerprint • p0f • OS " • T-POT #
• FingerprintJS • % • Micro Honeypot ($ '& • TLS Fingerprint • JA3, HASSH →OSS SSHCowrie !(HASSH)
fingerprintjs2 - https://valve.github.io/fingerprintjs2/
HoneypotFingerprint • p0f • OS " • T-POT #
• FingerprintJS • % • Micro Honeypot ($ '& • TLS Fingerprint • JA3, HASSH →OSS SSHCowrie !(HASSH)
JA3 JA3(https://github.com/salesforce/ja3) • $ &%,'*,",!+ • Black Hat Arsenal 2016
TLS Fingerprinting1 • HTTPS>8-45 3 E2. $ # /@=? D; ),# >8%# 6C: (-A7”(+ B9>8 0<” )
JA3 1. Client Hello 2. Server Hello, Server Certificate, Server
Key Exchange, Server Hello Done 3. Client Key Exchange, Change Cipher Spec, Finished 4. Change Cipher Spec, Finished HTTPS JA3
JA3 Client Hello • SSL Version • Cipher
Suite • Extension • Elliptic Curves • Elliptic Curve Point Formats 10 MD5
16 ← 771 ← 49162 ← 49195 ← 49169 ←
49159 ← 49171 ← 49161 ← 49172 ← 49199 ← 5 ← 47 ← 53 ← 49170 ← 10 ← 0 ← 5 ← 10 ← 23 ← 24 ← 25 ← 11 ← 13 ← 65281 771,49199-49195-49169-49159-49171-49161-49172-49162-5-47-53-49170-10,0-5-10- 11-13-65281,23-24-25,0 ↓MD5 20c9baf81bfe96ff89722899e75d0190
Web (Nginx) tcpdump( )
(pcap) HTTPS ELK
Fingerprint ja3fingerprint.json (https://github.com/trisulnsm/trisul- scripts/tree/master/lua/frontend_scripts/reassembly/ja3/prints) • JA3 fingerprint
•
Fingerprint fingerprint
• HTTPS # & →% ! •
"( '$
ma couleur