Upgrade to Pro — share decks privately, control downloads, hide ads and more …

HTTPSハニポとFingerprint

Avatar for junk_coken junk_coken
March 09, 2019
Technology
1
2.1k

 HTTPSハニポとFingerprint

2019年3月9日に行われた第6回ハニーポッター技術交流会で発表したLT資料です。

Avatar for junk_coken

junk_coken

March 09, 2019
Tweet

More Decks by junk_coken

See All by junk_coken
6/14総サイLT~ハニーポットを作ってる話~
Avatar for junk_coken junk_coken
0
1.9k
ハニーポットで集める攻撃手法-seccamp2016
Avatar for junk_coken junk_coken
2
1k
ハニーポットで捕らえるWordPressへの攻撃
Avatar for junk_coken junk_coken
1
3.9k

Other Decks in Technology

See All in Technology
Black Hat USA 2025 Recap ~ クラウドセキュリティ編 ~
Avatar for Kyohei Mizumoto kyohmizu
0
520
自己的售票系統自己做!
Avatar for 高見龍 eddie
0
430
Lazy Constant - finalフィールドの遅延初期化
Avatar for Yuichi.Sakuraba skrb
0
130
Datadog On-Call と Cloud SIEM で作る SOC 基盤
Avatar for Yoshiki Kurihara kuriyosh
0
160
Proxmox × HCP Terraformで始めるお家プライベートクラウド
Avatar for Lamaglama39 lamaglama39
1
190
Master Dataグループ紹介資料
Avatar for Sansan, Inc. sansan33
PRO
1
3.9k
Design and implementation of "Markdown to Google Slides" / phpconfuk 2025
Avatar for Ken’ichiro Oyama k1low
1
390
AIと自動化がもたらす業務効率化の実例: 反社チェック等の調査・業務プロセス自動化
Avatar for enpipi enpipi
0
110
メタプログラミングRuby問題集の活用
Avatar for Shinichi Maeshima willnet
2
780
AI時代におけるドメイン駆動設計 入門 / Introduction to Domain-Driven Design in the AI ​​Era
Avatar for Futoshi Endo fendo181
0
670
これからアウトプットする人たちへ - アウトプットを支える技術 / that support output
Avatar for soudai sone soudai
PRO
18
5.3k
どうなる Remix 3
Avatar for Hisateru Tanaka tanakahisateru
2
360

Featured

See All Featured
Bootstrapping a Software Product
Avatar for Garrett Dimon garrettdimon
PRO
307
110k
Easily Structure & Communicate Ideas using Wireframe
Avatar for Afnizar Nur Ghifari afnizarnur
194
17k
Writing Fast Ruby
Avatar for Erik Berlin sferik
630
62k
It's Worth the Effort
Avatar for 3n 3n
187
28k
Java REST API Framework Comparison - PWX 2021
Avatar for Matt Raible mraible
34
9k
Code Review Best Practice
Avatar for Trisha Gee trishagee
72
19k
Leading Effective Engineering Teams in the AI Era
Avatar for Addy Osmani addyosmani
9
1.1k
Balancing Empowerment & Direction
Avatar for Lara Hogan lara
5
740
GitHub's CSS Performance
Avatar for Jon Rohan jonrohan
1032
470k
Keith and Marios Guide to Fast Websites
Avatar for Keith Pitt keithpitt
413
23k
Faster Mobile Websites
Avatar for Dean Hume deanohume
310
31k
Speed Design
Avatar for Sergey Chernyshev sergeychernyshev
32
1.2k

Transcript

  1. HTTPSFingerprint @junk_coken

  2.  • 3(@junk_coken) • HTTP &*/% '   ($-

    '   )+",# !. 

  3. HTTPS  HTTPS   ()

  4. HTTPS 1.   • DDNSOK 2. let’s encrypt 

     3. Nginx

  5. HTTPHTTPS  0 200 400 600 800 1000 1200 HTTP

    HTTPS 2019129201922   1134 60 HTTPS 468

  6. Fingerprint

  7. Fingerprinting   (  )   Machine Fingerprint

     Fingerprinting

  8. Fingerprinting Passive fingerprinting •   ( )

  9. Fingerprinting Active fingerprinting •   (JavaScript )

  10. HoneypotFingerprint • p0f • OS " • T-POT  #

     • FingerprintJS • % • Micro Honeypot ($  '& • TLS Fingerprint • JA3, HASSH →OSS SSHCowrie !(HASSH)

  11. fingerprintjs2  - https://valve.github.io/fingerprintjs2/

  12. HoneypotFingerprint • p0f • OS " • T-POT  #

     • FingerprintJS • % • Micro Honeypot ($  '& • TLS Fingerprint • JA3, HASSH →OSS SSHCowrie !(HASSH)

  13. JA3 JA3(https://github.com/salesforce/ja3) • $ &%,'*,",!+ • Black Hat Arsenal 2016

    TLS Fingerprinting1 • HTTPS>8-45 3 E2. $ # /@=? D; ),# >8%# 6C: (-A7”(+ B9>8 0<” )

  14. JA3 1. Client Hello 2. Server Hello, Server Certificate, Server

    Key Exchange, Server Hello Done 3. Client Key Exchange, Change Cipher Spec, Finished 4. Change Cipher Spec, Finished   HTTPS  JA3

  15. JA3 Client Hello   • SSL Version • Cipher

    Suite • Extension • Elliptic Curves • Elliptic Curve Point Formats 10 MD5 

  16. 16 ← 771 ← 49162 ← 49195 ← 49169 ←

    49159 ← 49171 ← 49161 ← 49172 ← 49199 ← 5 ← 47 ← 53 ← 49170 ← 10 ← 0 ← 5 ← 10 ← 23 ← 24 ← 25 ← 11 ← 13 ← 65281 771,49199-49195-49169-49159-49171-49161-49172-49162-5-47-53-49170-10,0-5-10- 11-13-65281,23-24-25,0 ↓MD5 20c9baf81bfe96ff89722899e75d0190

  17.   Web (Nginx) tcpdump(  )   

    (pcap) HTTPS    ELK  

  18. Fingerprint ja3fingerprint.json (https://github.com/trisulnsm/trisul- scripts/tree/master/lua/frontend_scripts/reassembly/ja3/prints) • JA3  fingerprint  

    •   

  19. Fingerprint fingerprint   

  20.  • HTTPS # &  →%  ! •

     "( '$

  21. ma couleur