Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
HTTPSハニポとFingerprint
Search
junk_coken
March 09, 2019
Technology
1
2k
HTTPSハニポとFingerprint
2019年3月9日に行われた第6回ハニーポッター技術交流会で発表したLT資料です。
junk_coken
March 09, 2019
Tweet
Share
More Decks by junk_coken
See All by junk_coken
6/14総サイLT~ハニーポットを作ってる話~
junk_coken
0
1.8k
ハニーポットで集める攻撃手法-seccamp2016
junk_coken
2
940
ハニーポットで捕らえるWordPressへの攻撃
junk_coken
1
3.7k
Other Decks in Technology
See All in Technology
12/2(月)のBedrockアプデ速報(re:Invent 2024 Daily re:Cap #1 with AWS Heroes)
minorun365
PRO
2
300
MediaPipe と ML Kit ってどう ちがうの? / What is the difference between MediaPipe and ML Kit?
yanzm
0
440
Reliability Engineering at Studist
katsuhisa91
PRO
0
110
【ASW21-01】STAMPSTPAで導き出した課題に対する対策立案手法の提案
hianraku9498
0
490
TimeTreeが経た3つの転換点 ー プロダクト成長過程でその時、その瞬間、何を考えてたか
ysmtysts
1
2.8k
GitHub Actions의 다양한 기능 활용하기 - GitHub Universe '24 Recap
outsider
0
150
間違いだらけのポストモーテム - ホントに役立つレビューはこうだ!
jacopen
5
960
日本全国・都市3D化プロジェクト「PLATEAU」とデータ変換OSS「PLATEAU GIS Converter」の公開
nokonoko1203
4
340
多様なロール経験が導いたエンジニアキャリアのナビゲーション
coconala_engineer
1
110
LangChainとSupabaseを活用して、RAGを実装してみた
atsushii
0
140
Atelier BlueHats : Migration de l’application COBOL MedocDB de GCOS à GnuCOBOL sur GNU/Linux
bluehats
0
110
12/3(火)のBedrockアプデ速報(re:Invent 2024 Daily re:Cap #2 with AWS Heroes)
minorun365
PRO
4
130
Featured
See All Featured
Fireside Chat
paigeccino
34
3.1k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
4
410
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.3k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
44
6.9k
Documentation Writing (for coders)
carmenintech
65
4.5k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
26
1.4k
Agile that works and the tools we love
rasmusluckow
328
21k
Gamification - CAS2011
davidbonilla
80
5.1k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
45
2.2k
[RailsConf 2023] Rails as a piece of cake
palkan
52
5k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
42
9.3k
Typedesign – Prime Four
hannesfritz
40
2.4k
Transcript
HTTPSFingerprint @junk_coken
• 3(@junk_coken) • HTTP &*/% ' ($-
' )+",# !.
HTTPS HTTPS ()
HTTPS 1. • DDNSOK 2. let’s encrypt
3. Nginx
HTTPHTTPS 0 200 400 600 800 1000 1200 HTTP
HTTPS 2019129201922 1134 60 HTTPS 468
Fingerprint
Fingerprinting ( ) Machine Fingerprint
Fingerprinting
Fingerprinting Passive fingerprinting • ( )
Fingerprinting Active fingerprinting • (JavaScript )
HoneypotFingerprint • p0f • OS " • T-POT #
• FingerprintJS • % • Micro Honeypot ($ '& • TLS Fingerprint • JA3, HASSH →OSS SSHCowrie !(HASSH)
fingerprintjs2 - https://valve.github.io/fingerprintjs2/
HoneypotFingerprint • p0f • OS " • T-POT #
• FingerprintJS • % • Micro Honeypot ($ '& • TLS Fingerprint • JA3, HASSH →OSS SSHCowrie !(HASSH)
JA3 JA3(https://github.com/salesforce/ja3) • $ &%,'*,",!+ • Black Hat Arsenal 2016
TLS Fingerprinting1 • HTTPS>8-45 3 E2. $ # /@=? D; ),# >8%# 6C: (-A7”(+ B9>8 0<” )
JA3 1. Client Hello 2. Server Hello, Server Certificate, Server
Key Exchange, Server Hello Done 3. Client Key Exchange, Change Cipher Spec, Finished 4. Change Cipher Spec, Finished HTTPS JA3
JA3 Client Hello • SSL Version • Cipher
Suite • Extension • Elliptic Curves • Elliptic Curve Point Formats 10 MD5
16 ← 771 ← 49162 ← 49195 ← 49169 ←
49159 ← 49171 ← 49161 ← 49172 ← 49199 ← 5 ← 47 ← 53 ← 49170 ← 10 ← 0 ← 5 ← 10 ← 23 ← 24 ← 25 ← 11 ← 13 ← 65281 771,49199-49195-49169-49159-49171-49161-49172-49162-5-47-53-49170-10,0-5-10- 11-13-65281,23-24-25,0 ↓MD5 20c9baf81bfe96ff89722899e75d0190
Web (Nginx) tcpdump( )
(pcap) HTTPS ELK
Fingerprint ja3fingerprint.json (https://github.com/trisulnsm/trisul- scripts/tree/master/lua/frontend_scripts/reassembly/ja3/prints) • JA3 fingerprint
•
Fingerprint fingerprint
• HTTPS # & →% ! •
"( '$
ma couleur