Generate JA3 fingerprints from PCAPs using Python.
Project description
JA3 provides fingerprinting services on SSL packets. This is a python wrapper around JA3 logic in order to produce valid JA3 fingerprints from an input PCAP file.
Getting Started
Install the pyja3 module:
pip install pyja3 or python setup.py install
Test with a PCAP file or download a sample:
$(venv) ja3 –json /your/file.pcap
Example
Output from sample PCAP:
[ { "destination_ip": "192.168.1.3", "destination_port": 443, "ja3": "769,255-49162-49172-136-135-57-56-49167-49157-132-53-49159-49161-49169-49171-69-68-51-50-49164-49166-49154-49156-150-65-4-5-47-49160-49170-22-19-49165-49155-65279-10,0-10-11-35,23-24-25,0", "ja3_digest": "2aef69b4ba1938c3a400de4188743185", "source_ip": "192.168.1.4", "source_port": 2061, "timestamp": 1350802591.754299 }, { "destination_ip": "192.168.1.3", "destination_port": 443, "ja3": "769,255-49162-49172-136-135-57-56-49167-49157-132-53-49159-49161-49169-49171-69-68-51-50-49164-49166-49154-49156-150-65-4-5-47-49160-49170-22-19-49165-49155-65279-10,0-10-11-35,23-24-25,0", "ja3_digest": "2aef69b4ba1938c3a400de4188743185", "source_ip": "192.168.1.4", "source_port": 2068, "timestamp": 1350802597.517011 } ]
Changelog
2018-02-05
Change: Ported single script to valid Python Package
Change: Re-factored code to be cleaner and PEP8 compliant
Change: Supported Python2 and Python3
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file pyja3-1.0.0.tar.gz
.
File metadata
- Download URL: pyja3-1.0.0.tar.gz
- Upload date:
- Size: 4.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 |
cd1782dc0f6be5f665c4a72b54d0ef8e9b8fd4c9ef301a783911df6f0f2be89f
|
|
MD5 |
595409525c3d9dcb5964a8fe060048d2
|
|
BLAKE2b-256 |
8cec19ccb4f363381fb162c9fd145a5648150554a24bbabecbadd4522d227264
|
File details
Details for the file pyja3-1.0.0-py2-none-any.whl
.
File metadata
- Download URL: pyja3-1.0.0-py2-none-any.whl
- Upload date:
- Size: 7.0 kB
- Tags: Python 2
- Uploaded using Trusted Publishing? No
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 |
6340ad453cbf8326cc07ce2f09acb5b1d76fa6d4494b5ec76ba2e465d05e8251
|
|
MD5 |
818f00e8f6d394bb9f62621329e78db1
|
|
BLAKE2b-256 |
ae5f043f39ea0e6ff12079f58ad6131d5ca1e2cf92eaee17a52da805d709e789
|