Skip to content

jabedude/ja3-rs

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

62 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

ja3-rs

crates.io Build Status Documentation license

A small JA3 TLS fingerprinting library written in Rust.

This crate enables a consumer to fingerprint the ClientHello portion of a TLS handshake. It can hash TLS handshakes over IPv4 and IPv6. It heavily depends on the tls-parser project from Rusticata.

It supports generating fingerprints from packet capture files as well as live-captures on a network interface, both using libpcap.

See the original JA3 project for more information.

Example of fingerprinting a packet capture file:

use ja3::Ja3;

let mut ja3 = Ja3::new("test.pcap")
                    .process_pcap()
                    .unwrap();

// Now we have a Vec of Ja3Hash objects
for hash in ja3 {
    println!("{}", hash);
}

Example of fingerprinting a live capture:

use ja3::Ja3;

let mut ja3 = Ja3::new("eth0")
                    .process_live()
                    .unwrap();
while let Some(hash) = ja3.next() {
    println!("Hash: {}", hash);
}

Benchmarks

Command Mean [ms] Min [ms] Max [ms] Relative
ja3 huge-cap.pcap 153.2 ± 2.3 149.8 157.2 34.85 ± 2.82
./target/release/examples/ja3 huge-cap.pcap 4.4 ± 0.3 3.6 5.5 1.00