feat(pr2): HTTP/2+HTTP/3 fingerprint extractors — JA4H, H2 SETTINGS, JA4-QUIC

2026-05-10 00:47:19 -04:00
parent 0653e500b5
commit 92632d7afd
25 changed files with 1885 additions and 48 deletions
--- a/decnet/web/db/models/attackers.py
+++ b/decnet/web/db/models/attackers.py
@@ -180,6 +180,15 @@ class AttackerIdentity(SQLModel, table=True):
    hassh_hashes: Optional[str] = Field(
        default=None, sa_column=Column("hassh_hashes", Text, nullable=True)
    )
+    ja4h_hashes: Optional[str] = Field(
+        default=None, sa_column=Column("ja4h_hashes", Text, nullable=True)
+    )
+    ja4_quic_hashes: Optional[str] = Field(
+        default=None, sa_column=Column("ja4_quic_hashes", Text, nullable=True)
+    )
+    http_versions_seen: Optional[str] = Field(
+        default=None, sa_column=Column("http_versions_seen", Text, nullable=True)
+    )
    # JSON list[str] — SHA-256 fingerprints of leaf certs presented by
    # attacker-run TLS servers, captured by the active prober alongside
    # JARM. Same federation-gossip rationale as ja3_hashes/hassh_hashes: