ssllabs / sslhaf Goto Github PK
View Code? Open in Web Editor NEWPassive SSL client fingerprinting using handshake analysis.
Home Page: https://www.ssllabs.com/projects/client-fingerprinting/
License: BSD 3-Clause "New" or "Revised" License
Passive SSL client fingerprinting using handshake analysis.
Home Page: https://www.ssllabs.com/projects/client-fingerprinting/
License: BSD 3-Clause "New" or "Revised" License
The BEAST detection code assumes all client writes will use the 1/n-1 split. However, the first write is not vulnerable to the attack, which is why some clients split from the 2nd write onwards.
The solution is to watch for the 2nd and 3rd write, and detect mitigations based on that. Further, because most HTTP requests consist of a single write, BEAST mitigation will work only when enough data is sent by clients. In practice, that means only longer POST requests.
On a fairly standard Ubuntu saucy install, I can build sslhaf, but not mod_sslhaf:
$ sudo apxs2 -ci -I/usr/local/include/sslhaf/ -L/usr/local/lib/ -lsslhaf mod_sslhaf.c
/usr/share/apr-1.0/build/libtool --silent --mode=compile --tag=disable-static x86_64-linux-gnu-gcc -std=gnu99 -prefer-pic -pipe -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wformat-security -D_FORTIFY_SOURCE=2 -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -DLINUX -D_REENTRANT -D_GNU_SOURCE -pthread -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -I/usr/local/include/sslhaf/ -c -o mod_sslhaf.lo mod_sslhaf.c && touch mod_sslhaf.slo
mod_sslhaf.c: In function 'mod_sslhaf_log':
mod_sslhaf.c:230:31: error: 'conn_rec' has no member named 'remote_ip'
"mod_sslhaf [%s]: ", c->remote_ip);
^
There's more, but the errors are all around remote_ip.
Objects embedded in the client handshake include: cipher suites, compression methods
and TLS extensions
In addition to the string of ids currently being parsed out, extract more comprehensive
information:
TLS allows lower-level protocol records to be fragmented, but this case is not handled in the code. This happens only rarely, and then usually as a result of server misconfiguration. (For example, one recent case I observed was when the server was configured to send too many certificates.)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.