Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
HTTPSハニポとFingerprint
Search
junk_coken
March 09, 2019
Technology
1
2.1k
HTTPSハニポとFingerprint
2019年3月9日に行われた第6回ハニーポッター技術交流会で発表したLT資料です。
junk_coken
March 09, 2019
Tweet
Share
More Decks by junk_coken
See All by junk_coken
6/14総サイLT~ハニーポットを作ってる話~
junk_coken
0
1.9k
ハニーポットで集める攻撃手法-seccamp2016
junk_coken
2
1k
ハニーポットで捕らえるWordPressへの攻撃
junk_coken
1
3.9k
Other Decks in Technology
See All in Technology
Why Governance Matters: The Key to Reducing Risk Without Slowing Down
sarahjwells
0
120
JAZUG 15周年記念 × JAT「AI Agent開発者必見:"今"のOracle技術で拡張するAzure × OCIの共存アーキテクチャ」
shisyu_gaku
0
140
PLaMo2シリーズのvLLM実装 / PFN LLM セミナー
pfn
PRO
2
1.1k
英語は話せません!それでも海外チームと信頼関係を作るため、対話を重ねた2ヶ月間のまなび
niioka_97
0
130
「Verify with Wallet API」を アプリに導入するために
hinakko
1
260
AWS Top Engineer、浮いてませんか? / As an AWS Top Engineer, Are You Out of Place?
yuj1osm
2
180
能登半島地震で見えた災害対応の課題と組織変革の重要性
ditccsugii
0
190
From Prompt to Product @ How to Web 2025, Bucharest, Romania
janwerner
0
120
神回のメカニズムと再現方法/Mechanisms and Playbook for Kamikai scrumat2025
moriyuya
4
680
OpenAI gpt-oss ファインチューニング入門
kmotohas
2
1.1k
AI ReadyなData PlatformとしてのAutonomous Databaseアップデート
oracle4engineer
PRO
0
230
成長自己責任時代のあるきかた/How to navigate the era of personal responsibility for growth
kwappa
4
300
Featured
See All Featured
Done Done
chrislema
185
16k
Writing Fast Ruby
sferik
629
62k
Site-Speed That Sticks
csswizardry
11
890
GraphQLとの向き合い方2022年版
quramy
49
14k
Why Our Code Smells
bkeepers
PRO
339
57k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
31
9.7k
Facilitating Awesome Meetings
lara
56
6.6k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
34
6.1k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
9
860
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
23
1.5k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
333
22k
Build The Right Thing And Hit Your Dates
maggiecrowley
37
2.9k
Transcript
HTTPSFingerprint @junk_coken
• 3(@junk_coken) • HTTP &*/% ' ($-
' )+",# !.
HTTPS HTTPS ()
HTTPS 1. • DDNSOK 2. let’s encrypt
3. Nginx
HTTPHTTPS 0 200 400 600 800 1000 1200 HTTP
HTTPS 2019129201922 1134 60 HTTPS 468
Fingerprint
Fingerprinting ( ) Machine Fingerprint
Fingerprinting
Fingerprinting Passive fingerprinting • ( )
Fingerprinting Active fingerprinting • (JavaScript )
HoneypotFingerprint • p0f • OS " • T-POT #
• FingerprintJS • % • Micro Honeypot ($ '& • TLS Fingerprint • JA3, HASSH →OSS SSHCowrie !(HASSH)
fingerprintjs2 - https://valve.github.io/fingerprintjs2/
HoneypotFingerprint • p0f • OS " • T-POT #
• FingerprintJS • % • Micro Honeypot ($ '& • TLS Fingerprint • JA3, HASSH →OSS SSHCowrie !(HASSH)
JA3 JA3(https://github.com/salesforce/ja3) • $ &%,'*,",!+ • Black Hat Arsenal 2016
TLS Fingerprinting1 • HTTPS>8-45 3 E2. $ # /@=? D; ),# >8%# 6C: (-A7”(+ B9>8 0<” )
JA3 1. Client Hello 2. Server Hello, Server Certificate, Server
Key Exchange, Server Hello Done 3. Client Key Exchange, Change Cipher Spec, Finished 4. Change Cipher Spec, Finished HTTPS JA3
JA3 Client Hello • SSL Version • Cipher
Suite • Extension • Elliptic Curves • Elliptic Curve Point Formats 10 MD5
16 ← 771 ← 49162 ← 49195 ← 49169 ←
49159 ← 49171 ← 49161 ← 49172 ← 49199 ← 5 ← 47 ← 53 ← 49170 ← 10 ← 0 ← 5 ← 10 ← 23 ← 24 ← 25 ← 11 ← 13 ← 65281 771,49199-49195-49169-49159-49171-49161-49172-49162-5-47-53-49170-10,0-5-10- 11-13-65281,23-24-25,0 ↓MD5 20c9baf81bfe96ff89722899e75d0190
Web (Nginx) tcpdump( )
(pcap) HTTPS ELK
Fingerprint ja3fingerprint.json (https://github.com/trisulnsm/trisul- scripts/tree/master/lua/frontend_scripts/reassembly/ja3/prints) • JA3 fingerprint
•
Fingerprint fingerprint
• HTTPS # & →% ! •
"( '$
ma couleur