{"id":16080743,"url":"https://github.com/pagpeter/TrackMe","last_synced_at":"2025-10-22T22:30:48.994Z","repository":{"id":38790810,"uuid":"454114895","full_name":"pagpeter/TrackMe","owner":"pagpeter","description":null,"archived":false,"fork":false,"pushed_at":"2025-09-24T17:43:16.000Z","size":158,"stargazers_count":331,"open_issues_count":1,"forks_count":52,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-09-24T18:24:14.756Z","etag":null,"topics":["fingerprinting","http2","http2-server","http2-web-server","https","ja3","passive-fingerprinting","ssl","tls"],"latest_commit_sha":null,"homepage":"https://tls.peet.ws","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pagpeter.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2022-01-31T18:04:07.000Z","updated_at":"2025-09-24T17:43:19.000Z","dependencies_parsed_at":"2023-02-16T00:50:13.901Z","dependency_job_id":"4d5d03fb-275b-4567-9d41-932b12cb6e82","html_url":"https://github.com/pagpeter/TrackMe","commit_stats":null,"previous_names":["pagpeter/trackme","wwhtrbbtt/trackme"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/pagpeter/TrackMe","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pagpeter%2FTrackMe","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pagpeter%2FTrackMe/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pagpeter%2FTrackMe/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pagpeter%2FTrackMe/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pagpeter","download_url":"https://codeload.github.com/pagpeter/TrackMe/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pagpeter%2FTrackMe/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":280526620,"owners_count":26345529,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-22T02:00:06.515Z","response_time":63,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["fingerprinting","http2","http2-server","http2-web-server","https","ja3","passive-fingerprinting","ssl","tls"],"created_at":"2024-10-09T11:01:45.199Z","updated_at":"2025-10-22T22:30:48.988Z","avatar_url":"https://github.com/pagpeter.png","language":"Go","readme":"# TrackMe - Server side http/tls tracking demo in go\n\nTrackMe is a custom, low-level http/1 and h2 server, that responds with the fine details about the request made.\n\nIt returns the ja3, akamai h2 fingerprint, header + header order, h2 frames, and much more.\n\n## Generating the certificates and config\n\nYou first need to generate the certificate.pem and the key.pem files.\n\n```bash\n$ mkdir certs\n$ openssl req -x509 -newkey rsa:4096 -keyout certs/key.pem -out certs/chain.pem -sha256 -days 365 -nodes\n```\n\nThen, you need to copy the example config (and maybe edit it)\n\n```bash\n$ cp config.example.json config.json\n$ nano config.json\n...\n```\n\n## Running it (Docker)\n\n```bash\n$ docker build -t \"trackme:Dockerfile\" .\n$ docker run -p 80:80 -p 443:443 \"trackme:Dockerfile\"\n```\n\n## Running it (Without Docker)\n\nYou can build a binary by running `go build -o TrackMe cmd/main.go`\n\nAfter that, just run the binary (`sudo ./TrackMe`)\n\n## Different fingerprints\n\nThe site returns 3 different fingerprints: the [JA3](https://engineering.salesforce.com/tls-fingerprinting-with-ja3-and-ja3s-247362855967/), a TLS fingerprint, an HTTP/2 [\"akamai-fingerprint\"](https://www.blackhat.com/docs/eu-17/materials/eu-17-Shuster-Passive-Fingerprinting-Of-HTTP2-Clients-wp.pdf) (Only works on HTTP/2 connections) and my own custom \"PeetPrint\".\n\n### Custom Fingerpint (\"PeetPrint\")\n\nI wanted to extend JA3, so I created my own TLS fingerprint algorithm. It's better suited for fingerprinting TLS1.3 connections, because [JA3 doesn't really do that well](https://github.com/salesforce/ja3/issues/78), and has more datapoints. The designed is inspired by the http/2 fingerprint proposed by akamai.\n\nIt looks like this:\n\n```\nsupported-tls-versions|supported-protocols|supported-groups|supported-signature-algorithms|psk-key-exchange-mode|certificate-compression-algorithms|cipher-suites|sorted-extensions\n```\n\n\"-\" is used as the seperator.\n\n**supported-tls-versions**: Seperated list of supported TLS versions as sent in the `supported_versions` extension.\n\n**supported-protocols**: Seperated list of supported HTTP versions as sent in the `application_layer_protocol_negotiation` extension. http/1.0 =\u003e 1.0, http/1.1 =\u003e 1.1, http/2 =\u003e 2\n\n**supported-groups**: Seperated list of supported elliptic curve groups as sent in the `supported_groups` extension.\n\n**supported-signature-algorithms**: Seperated list of supported signatue algorithms as sent in the `signature_algorithms` extension.\n\n**psk-key-exchange-mode** The PSK key exchange mode as specified in the `psk_key_exchange_modes` extension. Usually 0 or 1.\n\n**certificate-compression-algorithms** Seperated list of the certificate compression algorithms as sent in the `compress_certificate` extension.\n\n**cipher-suites**: Seperated list of the supported cipher suites.\n\n**sorted-extensions**: Sorted list of the supported extensions. (Sorted because of order randomization used by chrome)\n\nAll TLS GREASE values must be replaced with \"GREASE\".\n\nThat means, a fingerprint could look something like this:\n\n```\nGREASE-772-771|2-1.1|GREASE-29-23-24|1027-2052-1025-1283-2053-1281-2054-1537|1|2|GREASE-4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53|GREASE-0-23-65281-10-11-35-16-5-13-18-51-45-43-27-17513-GREASE-21-41\n```\n\n## API endpoints\n\nThe site exposes a lot of different API endpoints.\n\n### /api/all\n\nReturns all of the collected data about an request\n\n### /api/tls\n\nReturns only the TLS data\n\n### /api/clean\n\nReturns only the different fingerprints (akamai-fp+ja3)\n\n### /api/request-count\n\nReturns the total request count the database captured. Only works when connected to a database.\n\n### /api/search-ja3\n\nParam: `?by=\u003cja3\u003e`\n\nReturns the most seen other identifiers (user-agent, h2, peetprint) that were seen together with this identifier. Only works when connected to a database.\n\n### /api/search-h2\n\nParam: `?by=\u003cakamai-fp\u003e`\n\nReturns the most seen other identifiers (user-agent, JA3, peetprint) that were seen together with this identifier. Only works when connected to a database.\n\n### /api/search-peetprint\n\nParam: `?by=\u003cpeetprint\u003e`\n\nReturns the most seen other identifiers (user-agent, h2, JA3) that were seen together with this identifier. Only works when connected to a database.\n\n## Docker\n\nYou can also run the server in a docker container using docker-compose.\n\n```bash\n# generate certs and update your config.json\ndocker-compose -up --build\n# visit https://localhost/api/all\n```\n\n## TLS \u0026 HTTP2 fingerprinting resources\n\n- [TLS 1.3, every byte explained](https://tls13.xargs.org/)\n- [Ja3 explanation - Salesforce](https://engineering.salesforce.com/tls-fingerprinting-with-ja3-and-ja3s-247362855967/)\n- [\"A very simple article about TLS.\"](https://kronoz.dev/articles/tls)\n- [State of TLS fingerprinting - fastly](https://www.fastly.com/blog/the-state-of-tls-fingerprinting-whats-working-what-isnt-and-whats-next)\n- [TLS fingerprinting - lwthiker](https://lwthiker.com/networks/2022/06/17/tls-fingerprinting.html)\n- [HTTP2 Explained - haxx.se](https://http2-explained.haxx.se/en/part1)\n- [Akamai - HTTP2 fingerprinting](https://www.blackhat.com/docs/eu-17/materials/eu-17-Shuster-Passive-Fingerprinting-Of-HTTP2-Clients-wp.pdf)\n- [Fingerprinting HTTP2 - privacycheck.sec.lrz.de](https://privacycheck.sec.lrz.de/passive/fp_h2/fp_http2.html)\n- [HTTP2 Fingerprinting](https://lwthiker.com/networks/2022/06/17/http2-fingerprinting.html)\n\n- [TCP fingerprinting wikipedia](https://en.wikipedia.org/wiki/TCP/IP_stack_fingerprinting) (The german version is better)\n- [TCP/IP stack fingerprinting](https://en-academic.com/dic.nsf/enwiki/868408) (lots of other links)\n","funding_links":[],"categories":["Go"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpagpeter%2FTrackMe","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpagpeter%2FTrackMe","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpagpeter%2FTrackMe/lists"}