anti
ea340065c6
feat: JA4/JA4S/JA4L fingerprints, TLS session resumption, certificate extraction
Extend the passive TLS sniffer with next-gen attacker fingerprinting:
- JA4 (ClientHello) and JA4S (ServerHello) computation with
supported_versions, signature_algorithms, and ALPN parsing
- JA4L latency measurement via TCP SYN→SYN-ACK RTT tracking
- TLS session resumption detection (session tickets, PSK, 0-RTT early data)
- Certificate extraction for TLS ≤1.2 with minimal DER/ASN.1 parser
(subject CN, issuer, SANs, validity period, self-signed flag)
- Ingester bounty extraction for all new fingerprint types
- 116 tests covering all new functionality (1255 total passing)
2026-04-13 23:20:37 -04:00
..
2026-04-11 19:51:41 -04:00
2026-04-11 19:51:41 -04:00
2026-04-10 01:50:08 -04:00
2026-04-10 01:50:08 -04:00
2026-04-12 07:48:17 -04:00
2026-04-12 01:43:42 -04:00
2026-04-12 02:17:50 -04:00
2026-04-10 01:50:08 -04:00
2026-04-10 01:50:08 -04:00
2026-04-10 01:50:08 -04:00
2026-04-12 01:34:16 -04:00
2026-04-12 07:48:17 -04:00
2026-04-12 02:01:45 -04:00
2026-04-12 01:34:16 -04:00
2026-04-12 01:34:16 -04:00
2026-04-12 01:34:16 -04:00
2026-04-12 02:17:50 -04:00
2026-04-12 07:48:17 -04:00
2026-04-10 02:16:42 -04:00
2026-04-10 01:50:08 -04:00
2026-04-12 07:48:17 -04:00
2026-04-13 23:20:37 -04:00
2026-04-12 07:48:17 -04:00
2026-04-12 07:48:17 -04:00
2026-04-12 02:03:06 -04:00
2026-04-10 01:50:08 -04:00
2026-04-10 02:16:42 -04:00
2026-04-10 00:43:50 -04:00