Crate ja3_livecapture
source ·Expand description
JA3 Hash
A small TLS fingerprinting library written in Rust.
This crate enables a consumer to fingerprint the ClientHello portion of a TLS handshake. It can hash TLS handshakes over IPv4 and IPv6. It heavily depends on the tls-parser project from Rusticata.
It supports generating fingerprints from packet capture files as well as live-captures on a network interface, both using libpcap.
See the original JA3 project for more information.
Example of fingerprinting a packet capture file:
use ja3::Ja3;
let mut ja3 = Ja3::new("test.pcap")
.process_pcap()
.unwrap();
// Now we have a Vec of Ja3Hash objects
for hash in ja3 {
println!("{}", hash);
}
Example of fingerprinting a live capture:
ⓘ
use ja3::Ja3;
let mut ja3 = Ja3::new("eth0")
.process_live()
.unwrap();
while let Some(hash) = ja3.next() {
println!("{}", hash);
}
Structs
- A JA3 hash builder. This provides options about how to extract a JA3 hash from a TLS handshake.
- The output of a JA3 hash object. This consists of the JA3 string and MD5 hash.
- Iterator of JA3 hashes captured during a live capture.