These tools are to enable the matching (either on the wire or via pcap), creation, and export of TLS Fingerprints to other formats. For futher information on TLS Fingerprinting:
- My TLS Fingerprinting paper,
- My Derbycon Talk, and slides on the topic.
- My SecTorCA Talk, and slides on the topic.
- TLS Fingerprinting Discussion on Brakeing Down Security Podcast
- Quick demo of tor detection with FingerPrinTLS
In summary the tools are:
-
FingerprinTLS: TLS session detection on the wire or PCAP and subsequent fingerprint detetion / creation.
-
Fingerprintout: Export to other formats such as Suricata/Snort rules, ANSI C Structs, "clean" output and xkeyscore (ok, it's regex). NOTE: Because of a lack of flexibility in the suricata/snort rules language, this is currently less accurate than using FingerprinTLS to detect fingerprints and so may require tuning.
-
fingerprints.json: The fingerprint "database" itself.
Please feel free to raise issues and make pull requests to submit code changes, fingerprint submissions, etc.
You can find me on twitter and the project on twitter also.