Upgrade to Pro — share decks privately, control downloads, hide ads and more …

HTTPSハニポとFingerprint

Sponsored · SiteGround - Reliable hosting with speed, security, and support you can count on.
Avatar for junk_coken junk_coken
March 09, 2019
Technology
1
2.1k

 HTTPSハニポとFingerprint

2019年3月9日に行われた第6回ハニーポッター技術交流会で発表したLT資料です。

Avatar for junk_coken

junk_coken

March 09, 2019
Tweet

More Decks by junk_coken

See All by junk_coken
6/14総サイLT~ハニーポットを作ってる話~
Avatar for junk_coken junk_coken
0
1.9k
ハニーポットで集める攻撃手法-seccamp2016
Avatar for junk_coken junk_coken
2
1k
ハニーポットで捕らえるWordPressへの攻撃
Avatar for junk_coken junk_coken
1
3.9k

Other Decks in Technology

See All in Technology
コスト削減から「セキュリティと利便性」を担うプラットフォームへ
Avatar for SansanTech sansantech
PRO
3
1.4k
Contract One Engineering Unit 紹介資料
Avatar for Sansan, Inc. sansan33
PRO
0
13k
ZOZOにおけるAI活用の現在 ~開発組織全体での取り組みと試行錯誤~
Avatar for ZOZO Developers zozotech
PRO
5
5k
プロダクト成長を支える開発基盤とスケールに伴う課題
Avatar for yuu26 yuu26
4
1.3k
20260204_Midosuji_Tech
Avatar for Takuya Yonezawa takuyay0ne
1
140
30万人の同時アクセスに耐えたい!新サービスの盤石なリリースを支える負荷試験 / SRE Kaigi 2026
Avatar for GENDA genda
3
1.1k
広告の効果検証を題材にした因果推論の精度検証について
Avatar for ZOZO Developers zozotech
PRO
0
150
AI駆動開発を事業のコアに置く
Avatar for 鬼澤輔 tasukuonizawa
1
120
2026年、サーバーレスの現在地 -「制約と戦う技術」から「当たり前の実行基盤」へ- /serverless2026
Avatar for Serverless Operations slsops
2
220
Tebiki Engineering Team Deck
Avatar for Tebiki, Inc. tebiki
0
24k
SREが向き合う大規模リアーキテクチャ 〜信頼性とアジリティの両立〜
Avatar for Kuniaki Moriya zepprix
0
430
外部キー制約の知っておいて欲しいこと - RDBMSを正しく使うために必要なこと / FOREIGN KEY Night
Avatar for soudai sone soudai
PRO
12
5.2k

Featured

See All Featured
How to build an LLM SEO readiness audit: a practical framework
Avatar for Nick Samuel nmsamuel
1
640
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
Avatar for panda_program panda_program
122
21k
The Cult of Friendly URLs
Avatar for Andy Hume andyhume
79
6.8k
Dominate Local Search Results - an insider guide to GBP, reviews, and Local SEO
Avatar for Greg Gifford greggifford
PRO
0
77
The B2B funnel & how to create a winning content strategy
Avatar for Katarina Dahlin katarinadahlin
PRO
0
270
4 Signs Your Business is Dying
Avatar for Josh Pigford shpigford
187
22k
Bioeconomy Workshop: Dr. Julius Ecuru, Opportunities for a Bioeconomy in West Africa
Avatar for AKADEMIYA2063 akademiya2063
PRO
1
54
Joys of Absence: A Defence of Solitary Play
Avatar for Sebastian Deterding codingconduct
1
290
Have SEOs Ruined the Internet? - User Awareness of SEO in 2025
Avatar for Akash Hashmi akashhashmi
0
270
Abbi's Birthday
Avatar for Violet Bock coloredviolet
1
4.7k
Designing for Timeless Needs
Avatar for Cassini Nazir cassininazir
0
130
How STYLIGHT went responsive
Avatar for nonsquared nonsquared
100
6k

Transcript

  1. HTTPSFingerprint @junk_coken

  2.  • 3(@junk_coken) • HTTP &*/% '   ($-

    '   )+",# !. 

  3. HTTPS  HTTPS   ()

  4. HTTPS 1.   • DDNSOK 2. let’s encrypt 

     3. Nginx

  5. HTTPHTTPS  0 200 400 600 800 1000 1200 HTTP

    HTTPS 2019129201922   1134 60 HTTPS 468

  6. Fingerprint

  7. Fingerprinting   (  )   Machine Fingerprint

     Fingerprinting

  8. Fingerprinting Passive fingerprinting •   ( )

  9. Fingerprinting Active fingerprinting •   (JavaScript )

  10. HoneypotFingerprint • p0f • OS " • T-POT  #

     • FingerprintJS • % • Micro Honeypot ($  '& • TLS Fingerprint • JA3, HASSH →OSS SSHCowrie !(HASSH)

  11. fingerprintjs2  - https://valve.github.io/fingerprintjs2/

  12. HoneypotFingerprint • p0f • OS " • T-POT  #

     • FingerprintJS • % • Micro Honeypot ($  '& • TLS Fingerprint • JA3, HASSH →OSS SSHCowrie !(HASSH)

  13. JA3 JA3(https://github.com/salesforce/ja3) • $ &%,'*,",!+ • Black Hat Arsenal 2016

    TLS Fingerprinting1 • HTTPS>8-45 3 E2. $ # /@=? D; ),# >8%# 6C: (-A7”(+ B9>8 0<” )

  14. JA3 1. Client Hello 2. Server Hello, Server Certificate, Server

    Key Exchange, Server Hello Done 3. Client Key Exchange, Change Cipher Spec, Finished 4. Change Cipher Spec, Finished   HTTPS  JA3

  15. JA3 Client Hello   • SSL Version • Cipher

    Suite • Extension • Elliptic Curves • Elliptic Curve Point Formats 10 MD5 

  16. 16 ← 771 ← 49162 ← 49195 ← 49169 ←

    49159 ← 49171 ← 49161 ← 49172 ← 49199 ← 5 ← 47 ← 53 ← 49170 ← 10 ← 0 ← 5 ← 10 ← 23 ← 24 ← 25 ← 11 ← 13 ← 65281 771,49199-49195-49169-49159-49171-49161-49172-49162-5-47-53-49170-10,0-5-10- 11-13-65281,23-24-25,0 ↓MD5 20c9baf81bfe96ff89722899e75d0190

  17.   Web (Nginx) tcpdump(  )   

    (pcap) HTTPS    ELK  

  18. Fingerprint ja3fingerprint.json (https://github.com/trisulnsm/trisul- scripts/tree/master/lua/frontend_scripts/reassembly/ja3/prints) • JA3  fingerprint  

    •   

  19. Fingerprint fingerprint   

  20.  • HTTPS # &  →%  ! •

     "( '$

  21. ma couleur