HTTPS
Fingerprint @junk_coken 


• 3(@junk_coken) • HTTP &*/% '
  ($- '  )+",#!.  

HTTPS 
 HTTPS  
(
) 

HTTPS
 1.   • DDNS
OK 2. let’s encrypt  3. Nginx 

HTTP
HTTPS  0 200 400 600 800 1000 1200 HTTP HTTPS 2019129201922   1134 60

HTTPS 468 

Fingerprint 

Fingerprinting
   (
 )  Machine Fingerprint  Fingerprinting 

Fingerprinting
 Passive fingerprinting •   (
 ) 

Fingerprinting
 Active fingerprinting •   (JavaScript
) 

Honeypot
Fingerprint • p0f • OS " • T-POT#  • FingerprintJS • % • Micro Honeypot($ 
'& • TLS Fingerprint • JA3, HASSH →OSS SSHCowrie!(HASSH) 

fingerprintjs2 
 - https://valve.github.io/fingerprintjs2/ 

Honeypot
Fingerprint • p0f • OS " • T-POT#  • FingerprintJS • % • Micro Honeypot($ 
'& • TLS Fingerprint • JA3, HASSH →OSS SSHCowrie!(HASSH) 

JA3 JA3(https://github.com/salesforce/ja3) • $ &%,
'*,",!
+ • Black Hat Arsenal 2016 TLS Fingerprinting1 • HTTPS>8-453 E2. $ #/@=?D; ),# >8%# 6C: (-A7”(+ B9>8 0<” ) 

JA3
 1. Client Hello 2. Server Hello, Server Certificate, Server Key Exchange, Server Hello Done 3. Client Key Exchange, Change Cipher Spec, Finished 4. Change Cipher Spec, Finished 
HTTPS  JA3  

JA3
 Client Hello
• SSL Version • Cipher Suite • Extension • Elliptic Curves • Elliptic Curve Point Formats 10
MD5  

16 ← 771 ← 49162 ← 49195 ← 49169 ← 49159 ← 49171 ← 49161 ← 49172 ← 49199 ← 5 ← 47 ← 53 ← 49170 ← 10 ← 0 ← 5 ← 10 ← 23 ← 24 ← 25 ← 11 ← 13 ← 65281 771,49199-49195-49169-49159-49171-49161-49172-49162-5-47-53-49170-10,0-5-10- 11-13-65281,23-24-25,0 ↓MD5
 20c9baf81bfe96ff89722899e75d0190 

 
 Web(Nginx) tcpdump(
 )   (pcap) HTTPS
  ELK   


Fingerprint ja3fingerprint.json (https://github.com/trisulnsm/trisul- scripts/tree/master/lua/frontend_scripts/reassembly/ja3/prints) • JA3 fingerprint 
 •  
  


Fingerprint 
fingerprint 
 


 • HTTPS# &  →% !
 •  "('$ 

ma couleur