Trisul Network Analytics
Developer Zone

User Tools

Site Tools

You are here: Home » app » Automatically resolving unknown TLS Fingerprints
Trace:
app:auto_fingerprint

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Last revisionBoth sides next revision
app:auto_fingerprint [2017/11/29 18:05] vivekapp:auto_fingerprint [2017/11/29 18:19] vivek
Line 35: Line 35:
  
  
-Running the script +Running the script.  
 + 
 +//Usage : mk_ja3fingerprint.rb  TRP-Server-Endpoint  Webserver-IP  Webserver-Access-Logs  Trisul-TLSPrint-Log-Pattern// 
 + 
 +A sample run of the script is shown below
  
 <code> <code>
Line 60: Line 64:
  
  
-The output is written to ''/tmp/prints.json'' this can be easily appended to the TLS Prints database.  +Once the script is finished, the JSON output is written to ''/tmp/prints.json'' this can be easily appended to the TLS Prints database. 
  
 <code json> <code json>
Line 73: Line 76:
  
 Iteratively running this script for a few days can resolve most of the unknown prints. That makes outlier detection much easier.  Iteratively running this script for a few days can resolve most of the unknown prints. That makes outlier detection much easier. 
 +
 +===== Other methods to resolve =====
 +
 +Once you get the unknown prints down to 10-20% you can use Trisul's excellent Graph Analytics manually to explore and nail down each print.  We will see that in another article.
 +
  
  
app/auto_fingerprint.txt · Last modified: 2017/11/29 22:58 by veera