php for SSL/TLS ja3 fingerprint.

Last update: Aug 26, 2022

Related tags

Security php-ja3

Overview

php-ja3

php for SSL/TLS ja3 fingerprint. This project has two ideas, one is to cooperate with the web server (wkm_ja3.php), and the other is to monitor the tcpdump standard output (ja3_tcpdump.php)

Installing

composer install

ja3_tcpdump.php

Data transfer direction

brower =>  nginx(https=>http) => /web/ja3.php
            | |                     A
             V                     | |
           tcpdump => stdout =>  ja3_tcpdump.php

Config

TCPDUMP_LISTEN_INTERFACE

// tcpdump listen interface, defautl 1. See 'tcpdump - D' for details
define('TCPDUMP_LISTEN_INTERFACE',1);

Run

sudo  php ja3_tcpdump.php start -d

Tests

request

curl https://example.com/ja3.php

return

{"ja3_hash":"0d69ff4……2834766","speed_time":0.402}

demo and blog

php、ja3和tcpdump (TLS握手指纹实践2)

Some problems

return none If you visit after a period of time, you will return none. You need to go to the following link to close the socket before the TLS handshake can occur again chrome://net-internals/#sockets
so slow With curl request, the average time spent is 0.5 minutes 02 ~ 0.6s, mainly due to the slow return of the command Popen ('tcpdump.. '). I don't know how to optimize it

wkm_ja3.php

Data transfer direction

brower => php-ja3(INBOUND) => catch JA3 => php-ja3(OUTBOUND) => nginx(https=>http) => /web/ja3.php

Config

INBOUND

// one prot 9763
define('INBOUND','tcp://0.0.0.0:9763');

OUTBOUND

define('OUTBOUND','tcp://example.com:443');

nginx

server {
    listen :443 ssl ;
    server_name example.com;
    …… ssl set
    root "pathto/php-ja3/web";
    location ~ \.php(.*)$ {
    ……  
    }

Run

php wkm_ja3.php start -d

Tests

request

curl https://example.com:9763/ja3.php

return

{"ja3_hash":"0d69ff4……2834766","speed_time":0.402}

catch all request

// public ip 
define('INBOUND','tcp://example.com:443'); 
// private ip (nginx need to listen it too)
define('OUTBOUND','tcp://127.0.0.1:443');

demo

php-JA3er TLS握手指纹实践

relevant

You might also like...

㊙️ AntiXSS | Protection against Cross-site scripting (XSS) via PHP

㊙️ AntiXSS "Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inje

Lars Moelleken

570 Dec 16, 2022

An experimental object oriented SSH api in PHP

PHP SSH (master) Provides an object-oriented wrapper for the php ssh2 extension. Requirements You need PHP version 5.3+ with the SSH2 extension. Insta

Antoine Hérault

355 Dec 6, 2022

TCrypto is a simple and flexible PHP 5.3+ in-memory key-value storage library

About TCrypto is a simple and flexible PHP 5.3+ in-memory key-value storage library. By default, a cookie will be used as a storage backend. TCrypto h

timoh

57 Dec 2, 2022

Fetches random integers from random.org instead of using PHP's PRNG implementation

TrulyRandom Composer-compatible library to interact with random.org's API in order to generate truly random lists of integers, sequences of integers,

Erik Wurzer

46 Nov 25, 2022

PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.

PHPGGC: PHP Generic Gadget Chains PHPGGC is a library of unserialize() payloads along with a tool to generate them, from command line or programmatica

Ambionics Security

2.5k Jan 4, 2023

Let's Encrypt/ACME Command Line client written in PHP

Acme PHP Acme PHP is a simple yet very extensible CLI client for Let's Encrypt that will help you get and renew free HTTPS certificates. Acme PHP is a

Acme PHP

539 Dec 30, 2022

PHP Malware Finder

PHP Malware Finder _______ __ __ _______ | ___ || |_| || | | | | || || ___| | |___| || || |___ Webshell finder, |

NBS System

205 Dec 24, 2022

Compatibility with the password_* functions that ship with PHP 5.5

password_compat This library is intended to provide forward compatibility with the password_* functions that ship with PHP 5.5. See the RFC for more d

Anthony Ferrara

2.2k Dec 30, 2022

A petite library of encryption functions for PHP

🔐 dcrypt A petite library of essential encryption functions for PHP 7.1+. For legacy PHP version support, look here. If you need a dcrypt inspired en

null

96 Oct 6, 2022

Comments

Outdated
Hello,

The current version doesn't contain some important fields like the demo version: https://bjun.tech:9763/demo/ja3/ja3.php

Specifically:

ja3t_hash

ja3_str

Could you please update the Git?

Thank you so much!
opened by codemonies 16

Owner

null

GitHub

Laravel Sail plugin to enable SSL (HTTPS) connection with Nginx.

Laravel Sail plugin to enable SSL (HTTPS) connection with Nginx.

Ryo Kobayashi

51 Dec 19, 2022

PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application

PHPIDS PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web ap

null

752 Jan 3, 2023

php-chmod is a PHP library for easily changing permissions recursively.

PHP chmod php-chmod is a PHP library for easily changing the permissions recursively. Versions & Dependencies Version PHP Documentation ^1.1 ^7.4 curr

Mathias Reker ⚡️

5 Oct 7, 2022

PHP 5.x support for random_bytes() and random_int()

random_compat PHP 5.x polyfill for random_bytes() and random_int() created and maintained by Paragon Initiative Enterprises. Although this library sho

Paragon Initiative Enterprises

8k Jan 5, 2023

PHP Secure Communications Library

phpseclib - PHP Secure Communications Library Supporting phpseclib Become a backer or sponsor on Patreon One-time donation via PayPal or crypto-curren

null

4.9k Jan 7, 2023

Simple Encryption in PHP.

php-encryption composer require defuse/php-encryption This is a library for encrypting data with a key or password in PHP. It requires PHP 5.6 or new

Taylor Hornby

3.6k Jan 3, 2023

Standards compliant HTML filter written in PHP

HTML Purifier HTML Purifier is an HTML filtering solution that uses a unique combination of robust whitelists and aggressive parsing to ensure that no

Edward Z. Yang

2.7k Jan 5, 2023

A database of PHP security advisories

PHP Security Advisories Database The PHP Security Advisories Database references known security vulnerabilities in various PHP projects and libraries.

null

1.9k Dec 18, 2022

A php.ini scanner for best security practices

Scanner for PHP.ini The Iniscan is a tool designed to scan the given php.ini file for common security practices and report back results. Currently it

psec.io

1.5k Dec 5, 2022

🤖 Id obfuscation based on Knuth's multiplicative hashing method for PHP.

Optimus id transformation With this library, you can transform your internal id's to obfuscated integers based on Knuth's integer hash. It is similar

Jens Segers

1.2k Jan 2, 2023