Thursday, September 10, 2020

TLS interception while keeping ciphers ... (ja3 fingerprint) the same

Anyone knows an appliance for TLS interception which does not change ciphers and other stuff from the original clients or at least allows to customize them so that the connection still looks like coming from the normal client and not some middlebox ?

Background:

https://engineering.salesforce.com/tls-fingerprinting-with-ja3-and-ja3s-247362855967

https://www.ntop.org/ndpi/effective-tls-fingerprinting-beyond-ja3/

https://i.blackhat.com/USA-19/Wednesday/us-19-Valenta-Monsters-In-The-Middleboxes-Building-Tools-For-Detecting-HTTPS-Interception.pdf



No comments:

Post a Comment