Generate JA3 fingerprints from PCAPs using Python.
Project description
JA3 provides fingerprinting services on SSL packets. This is a python wrapper around JA3 logic in order to produce valid JA3 fingerprints from an input PCAP file.
Getting Started
Install the pyja3 module:
pip install pyja3 or python setup.py install
Test with a PCAP file or download a sample:
$(venv) ja3 –json /your/file.pcap
Example
Output from sample PCAP:
[
{
"destination_ip": "192.168.1.3",
"destination_port": 443,
"ja3": "769,255-49162-49172-136-135-57-56-49167-49157-132-53-49159-49161-49169-49171-69-68-51-50-49164-49166-49154-49156-150-65-4-5-47-49160-49170-22-19-49165-49155-65279-10,0-10-11-35,23-24-25,0",
"ja3_digest": "2aef69b4ba1938c3a400de4188743185",
"source_ip": "192.168.1.4",
"source_port": 2061,
"timestamp": 1350802591.754299
},
{
"destination_ip": "192.168.1.3",
"destination_port": 443,
"ja3": "769,255-49162-49172-136-135-57-56-49167-49157-132-53-49159-49161-49169-49171-69-68-51-50-49164-49166-49154-49156-150-65-4-5-47-49160-49170-22-19-49165-49155-65279-10,0-10-11-35,23-24-25,0",
"ja3_digest": "2aef69b4ba1938c3a400de4188743185",
"source_ip": "192.168.1.4",
"source_port": 2068,
"timestamp": 1350802597.517011
}
]
Changelog
2018-02-05
Change: Ported single script to valid Python Package
Change: Re-factored code to be cleaner and PEP8 compliant
Change: Supported Python2 and Python3
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
pyja3-1.0.0.tar.gz
(4.9 kB
view hashes)
Built Distribution
pyja3-1.0.0-py2-none-any.whl
(7.0 kB
view hashes)