Adding JA4+ Wireshark Plugins

For Mac, Linux, and Windows, including source code.
FoxIO-LLC · Dec 1, 2023 · f4bcbce · f4bcbce
1 parent 76a7326
commit f4bcbce
Show file tree

Hide file tree

Showing 9 changed files with 1,180 additions and 6 deletions.
diff --git a/wireshark/README.md b/wireshark/README.md
@@ -2,14 +2,24 @@
 
 ![JA4](https://github.com/FoxIO-LLC/ja4/blob/main/wireshark/screenshot.png)
 
-This has been tested on Wireshark ver. 4.2.0
-The current plugin is for Windows, a Mac version is coming soon.
-Source code is coming soon.
+This has been tested on Wireshark ver. 4.2.0 on Mac and Windows, ver 4.0.2 on Linux.
+
+Create an issue or contact john@foxio.io with any questions.
 
 ## Install
-1. Copy [ja4.dll](https://github.com/FoxIO-LLC/ja4/blob/main/wireshark/ja4.dll) to your global plugins directory under epan.  
-Windows: ```C:\Program Files\Wireshark\plugins\4.2\epan\```  
-Mac: ```/Applications/Wireshark.app/Contents/PlugIns/wireshark/4-2/epan/```  (Mac version coming soon)
+#### Windows
+1. Copy [windows/ja4.dll](https://github.com/FoxIO-LLC/ja4/blob/main/wireshark/windows/ja4.dll) to your global plugins directory under epan.  
+```C:\Program Files\Wireshark\plugins\4.2\epan\```  
+2. Start Wireshark
+
+#### Mac
+1. For Macs with ARM chips (M1/M2/etc) copy [mac/arm/ja4.so](https://github.com/FoxIO-LLC/ja4/blob/main/wireshark/mac/arm/ja4.so), for Macs with Intel chips (x86/x64) copy [mac/intel/ja4.so](https://github.com/FoxIO-LLC/ja4/blob/main/wireshark/mac/intel/ja4.so), to your global plugins directory under epan.  
+```/Applications/Wireshark.app/Contents/PlugIns/wireshark/4-2/epan/```  
+2. Start Wireshark
+
+#### Linux
+1. Copy [linux/ja4.so](https://github.com/FoxIO-LLC/ja4/blob/main/wireshark/linux/ja4.so) to your global plugins directory under epan.  
+```plugins/4.0/epan/```  
 2. Start Wireshark
 
 ## Config

diff --git a/wireshark/linux/ja4.so b/wireshark/linux/ja4.so
diff --git a/wireshark/mac/arm/ja4.so b/wireshark/mac/arm/ja4.so
diff --git a/wireshark/mac/intel/ja4.so b/wireshark/mac/intel/ja4.so
diff --git a/wireshark/source/CMakeLists.txt b/wireshark/source/CMakeLists.txt
@@ -0,0 +1,49 @@
+# CMakeLists.txt
+#
+# Wireshark - JA4 Fingerprint
+#
+
+include(WiresharkPlugin)
+
+# Plugin name and version info (major minor micro extra)
+set_module_info(ja4 0 0 1 0)
+
+set(DISSECTOR_SRC
+	packet-ja4.c
+)
+
+set(PLUGIN_FILES
+	plugin.c
+	${DISSECTOR_SRC}
+)
+
+set_source_files_properties(
+	${PLUGIN_FILES}
+	PROPERTIES
+	COMPILE_FLAGS "${WERROR_COMMON_FLAGS}"
+)
+
+register_plugin_files(
+	plugin.c
+	plugin
+	${DISSECTOR_SRC}
+)
+
+add_wireshark_plugin_library(ja4 epan)
+
+target_link_libraries(ja4 epan)
+
+install_plugin(ja4 epan)
+
+file(GLOB DISSECTOR_HEADERS RELATIVE "${CMAKE_CURRENT_SOURCE_DIR}" "*.h")
+CHECKAPI(
+	NAME
+	  ja4
+	SWITCHES
+	  --group dissectors-prohibited
+	  --group dissectors-restricted
+	SOURCES
+	  ${DISSECTOR_SRC}
+	  ${DISSECTOR_HEADERS}
+)
+