Skip to content

Latest commit

 

History

History
75 lines (51 loc) · 1.99 KB

README.md

File metadata and controls

75 lines (51 loc) · 1.99 KB

ja3box

extract ja3(s) when sniffing or from a pcap (or pcapng ...).

about ja3(s):

  1. https://engineering.salesforce.com/tls-fingerprinting-with-ja3-and-ja3s-247362855967
  2. https://xz.aliyun.com/t/3889

理论上支持 TLS/SSL 全版本提取(精力有限未全部测试,如有问题请提交 issue)

Env

  1. pip install scapy colorama cryptography
  2. py3.x
  3. macos/linux/windows
  4. run as root when in the online mode

Example

online mode

sudo python ja3box.py -i en0

offline mode

sudo python ja3box.py -f test.pcap

output in json format

sudo python ja3box.py -i en0 --json

saved json as file

sudo python ja3box.py -i en0 -of test.json --json

More

» sudo python ja3box.py -h
  ________
 [__,.,--\\ __     ______
    | |    / \\   |___ //
    | |   / _ \\    |_ \\
  ._| |  / ___ \\  ___) ||  toolbox
  \__// /_//  \_\\|____//   v2.2

usage: ja3box.py [-h] [-i I] [-f F] [-of OF] [-bpf BPF] [--type {ja3,ja3s,all}] [--json] [--savepcap] [-pf PF]

Version: 2.2; Running in Py3.x

optional arguments:
  -h, --help            show this help message and exit
  -i I                  interface or list of interfaces (default: sniffing on all interfaces)
  -f F                  local pcap filename (in the offline mode)
  -of OF                print result to? (default: stdout)
  -bpf BPF              yes, it is BPF
  --type {ja3,ja3s,all}
                        get pure ja3/ja3s
  --json                print result as json
  --savepcap            save the raw pcap
  -pf PF                eg. `-pf test`: save the raw pcap as test.pcap

Others

Stargazers over time