F5 iRules for generating JA4+ fingerprints. Currently, only JA4, JA4S, JA4T, JA4L, and JA4H fingerprint iRules are provided. More JA4+ fingerprint iRules MAY be added in the future.
Warning
DISCLAIMER: These iRules are provided as-is with no guarantee of performance or functionality. Use at your own risk. These iRules have been tested on F5 BIGIPs running TMOS versions 16.1 and 17.1.
From the FoxIO JA4+ Repo:
JA4+ is a suite of network fingerprinting methods that are easy to use and easy to share. These methods are both human >and machine readable to facilitate more effective threat-hunting and analysis. The use-cases for these fingerprints >include scanning for threat actors, malware detection, session hijacking prevention, compliance automation, location >tracking, DDoS detection, grouping of threat actors, reverse shell detection, and many more.
Please read this blog post for more details: JA4+ Network Fingerprinting
To understand how to read JA4+ fingerprints, see Technical Details
Important
JA4 TLS Client Fingerprinting is licensed under BSD 3-Clause
Copyright (c) 2024, FoxIO All rights reserved. JA4 TLS Client Fingerprinting is Open-Source, Licensed under BSD 3-Clause. For full license text and more details, see the repo root https://github.com/FoxIO-LLC/ja4
All other JA4+ Fingerprints are under the FoxIO License 1.1
Copyright (c) 2024, FoxIO, LLC. All rights reserved. Licensed under FoxIO License 1.1 For full license text and more details, see the repo root https://github.com/FoxIO-LLC/ja4
Coming Soon