Skip to content

f5devcentral/f5-ja4

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

28 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

F5 iRules for JA4+ Network Fingerprinting

F5 iRules for generating JA4+ fingerprints. Currently, only JA4, JA4S, JA4T, JA4L, and JA4H fingerprint iRules are provided. More JA4+ fingerprint iRules MAY be added in the future.

Warning

DISCLAIMER: These iRules are provided as-is with no guarantee of performance or functionality. Use at your own risk. These iRules have been tested on F5 BIGIPs running TMOS versions 16.1 and 17.1.

What is JA4+ Network Fingerprinting?

From the FoxIO JA4+ Repo:

JA4+ is a suite of network fingerprinting methods that are easy to use and easy to share. These methods are both human >and machine readable to facilitate more effective threat-hunting and analysis. The use-cases for these fingerprints >include scanning for threat actors, malware detection, session hijacking prevention, compliance automation, location >tracking, DDoS detection, grouping of threat actors, reverse shell detection, and many more.

Please read this blog post for more details: JA4+ Network Fingerprinting

To understand how to read JA4+ fingerprints, see Technical Details

JA4+ Licensing

Important

JA4 TLS Client Fingerprinting is licensed under BSD 3-Clause

Copyright (c) 2024, FoxIO All rights reserved. JA4 TLS Client Fingerprinting is Open-Source, Licensed under BSD 3-Clause. For full license text and more details, see the repo root https://github.com/FoxIO-LLC/ja4

All other JA4+ Fingerprints are under the FoxIO License 1.1

Copyright (c) 2024, FoxIO, LLC. All rights reserved. Licensed under FoxIO License 1.1 For full license text and more details, see the repo root https://github.com/FoxIO-LLC/ja4

How to Use

Coming Soon

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published