Upgrade to Pro — share decks privately, control downloads, hide ads and more …

HTTPSハニポとFingerprint

Avatar for junk_coken junk_coken
March 09, 2019
Technology
2.2k
1

 HTTPSハニポとFingerprint

2019年3月9日に行われた第6回ハニーポッター技術交流会で発表したLT資料です。

Avatar for junk_coken

junk_coken

March 09, 2019

More Decks by junk_coken

See All by junk_coken
6/14総サイLT~ハニーポットを作ってる話~
Avatar for junk_coken junk_coken
0
1.9k
ハニーポットで集める攻撃手法-seccamp2016
Avatar for junk_coken junk_coken
2
1k
ハニーポットで捕らえるWordPressへの攻撃
Avatar for junk_coken junk_coken
1
4k

Other Decks in Technology

See All in Technology
テストコードのないプロジェクトにテストを根付かせる
Avatar for Toru Takahashi tttol
0
220
エンジニアは生成AIと どのように向き合うべきか? ことばの意味という観点から
Avatar for Hitomi Yanaka verypluming
3
290
電子辞書Brainをネットに繋げてみた(自力編)
Avatar for らすぴー raspython3
0
310
ポスター発表&デモと総括 / Poster Presentations & Demonstrations and Summary
Avatar for Kenji Saito ks91
PRO
0
150
【ハノーバーメッセ振り返りイベントat名古屋】データは集約からAI起点の収集に ~組織内・組織間でのデータ連携~
Avatar for 田中 聖也 tanakaseiya
0
140
データ分析基盤の信頼を支える視点と設計
Avatar for Yuki yuki_saito
2
760
さきさん文庫の書籍ができるまで
Avatar for H.Saki sakiengineer
0
300
速さだけじゃない! VoidZero ツールが移行先に選ばれる理由
Avatar for mizdra mizdra
PRO
6
640
layerx-fde-practices
Avatar for cipepser cipepser
6
2.8k
AI フレンドリーなエラー監視を TypeScript で実現する
Avatar for Shinobu Hayashi shinyaigeek
2
130
Anthropic AIネイティブ・スタートアップ構築のプレイブック を理解する
Avatar for 長津孝輔 nagatsu
0
210
AI Adaptable なテストを整える工夫 / Ways to Make Your Tests AI-Adaptable
Avatar for 株式会社ビットキー / Bitkey Inc. bitkey
PRO
2
110

Featured

See All Featured
Done Done
Avatar for chrislema chrislema
186
16k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
Avatar for Irina Nazarova irinanazarova
9
1.4k
The Illustrated Children's Guide to Kubernetes
Avatar for Chris Short chrisshort
51
52k
Jess Joyce - The Pitfalls of Following Frameworks
Avatar for Tech SEO Connect techseoconnect
PRO
1
160
The Invisible Side of Design
Avatar for Vitaly Friedman smashingmag
302
52k
[RailsConf 2023 Opening Keynote] The Magic of Rails
Avatar for Eileen M. Uchitelle eileencodes
31
10k
Product Roadmaps are Hard
Avatar for C. Todd Lombardo iamctodd
PRO
55
12k
Deep Space Network (abreviated)
Avatar for Tony Rice tonyrice
0
150
[RailsConf 2023] Rails as a piece of cake
Avatar for Vladimir Dementyev palkan
59
6.6k
The Straight Up "How To Draw Better" Workshop
Avatar for Dennis Kardys denniskardys
239
140k
Un-Boring Meetings
Avatar for Sebastian Deterding codingconduct
0
300
How to Think Like a Performance Engineer
Avatar for Harry Roberts csswizardry
28
2.6k

Transcript

  1. HTTPSFingerprint @junk_coken

  2.  • 3(@junk_coken) • HTTP &*/% '   ($-

    '   )+",# !. 

  3. HTTPS  HTTPS   ()

  4. HTTPS 1.   • DDNSOK 2. let’s encrypt 

     3. Nginx

  5. HTTPHTTPS  0 200 400 600 800 1000 1200 HTTP

    HTTPS 2019129201922   1134 60 HTTPS 468

  6. Fingerprint

  7. Fingerprinting   (  )   Machine Fingerprint

     Fingerprinting

  8. Fingerprinting Passive fingerprinting •   ( )

  9. Fingerprinting Active fingerprinting •   (JavaScript )

  10. HoneypotFingerprint • p0f • OS " • T-POT  #

     • FingerprintJS • % • Micro Honeypot ($  '& • TLS Fingerprint • JA3, HASSH →OSS SSHCowrie !(HASSH)

  11. fingerprintjs2  - https://valve.github.io/fingerprintjs2/

  12. HoneypotFingerprint • p0f • OS " • T-POT  #

     • FingerprintJS • % • Micro Honeypot ($  '& • TLS Fingerprint • JA3, HASSH →OSS SSHCowrie !(HASSH)

  13. JA3 JA3(https://github.com/salesforce/ja3) • $ &%,'*,",!+ • Black Hat Arsenal 2016

    TLS Fingerprinting1 • HTTPS>8-45 3 E2. $ # /@=? D; ),# >8%# 6C: (-A7”(+ B9>8 0<” )

  14. JA3 1. Client Hello 2. Server Hello, Server Certificate, Server

    Key Exchange, Server Hello Done 3. Client Key Exchange, Change Cipher Spec, Finished 4. Change Cipher Spec, Finished   HTTPS  JA3

  15. JA3 Client Hello   • SSL Version • Cipher

    Suite • Extension • Elliptic Curves • Elliptic Curve Point Formats 10 MD5 

  16. 16 ← 771 ← 49162 ← 49195 ← 49169 ←

    49159 ← 49171 ← 49161 ← 49172 ← 49199 ← 5 ← 47 ← 53 ← 49170 ← 10 ← 0 ← 5 ← 10 ← 23 ← 24 ← 25 ← 11 ← 13 ← 65281 771,49199-49195-49169-49159-49171-49161-49172-49162-5-47-53-49170-10,0-5-10- 11-13-65281,23-24-25,0 ↓MD5 20c9baf81bfe96ff89722899e75d0190

  17.   Web (Nginx) tcpdump(  )   

    (pcap) HTTPS    ELK  

  18. Fingerprint ja3fingerprint.json (https://github.com/trisulnsm/trisul- scripts/tree/master/lua/frontend_scripts/reassembly/ja3/prints) • JA3  fingerprint  

    •   

  19. Fingerprint fingerprint   

  20.  • HTTPS # &  →%  ! •

     "( '$

  21. ma couleur