https://github.com/o-x-l/haproxy-ja3n

HAProxy (community) Lua Plugin for JA3N TLS Client-Fingerprinting
https://github.com/o-x-l/haproxy-ja3n

fingerprint fingerprinting haproxy haproxy-plugin ja3 ja3-fingerprint ja3n lua tls-fingerprint

Last synced: 7 months ago
JSON representation

HAProxy (community) Lua Plugin for JA3N TLS Client-Fingerprinting

• Host: GitHub
• URL: https://github.com/o-x-l/haproxy-ja3n
• Owner: O-X-L
• License: mit
• Created: 2024-08-16T13:00:19.000Z (about 1 year ago)
• Default Branch: latest
• Last Pushed: 2024-09-08T13:53:23.000Z (about 1 year ago)
• Last Synced: 2024-09-08T15:25:52.423Z (about 1 year ago)
• Topics: fingerprint, fingerprinting, haproxy, haproxy-plugin, ja3, ja3-fingerprint, ja3n, lua, tls-fingerprint
• Language: Lua
• Homepage: https://docs.o-x-l.com/waf/2_fingerprinting.html
• Size: 10.7 KB
• Stars: 0
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE.txt

Awesome Lists containing this project

README

          
# HAProxy - JA3N TLS Client-Fingerprint - Lua Plugin

## Intro

About JA3:

* [Salesforce Repository](https://github.com/salesforce/ja3)

* [HAProxy Enterprise JA3 Fingerprint](https://customer-docs.haproxy.com/bot-management/client-fingerprinting/tls-fingerprint/)

* [Why JA3 broke => JA3N](https://github.com/salesforce/ja3/issues/88)

### NEW: JA4

About JA4:

* [HAProxy Lua Plugin](https://github.com/O-X-L/haproxy-ja4)

* [JA4+ Suite](https://github.com/FoxIO-LLC/ja4/blob/main/technical_details/README.md)

* [FoxIO Repository](https://github.com/FoxIO-LLC/ja4)

* [Cloudflare Blog](https://blog.cloudflare.com/ja4-signals)

* [FoxIO Blog](https://blog.foxio.io/ja4%2B-network-fingerprinting)

* [FoxIO JA4 Database](https://ja4db.com/)

----

## Usage

* Add the LUA script `ja3n.lua` to your system

## Config

* Enable SSL/TLS capture with the global setting [tune.ssl.capture-buffer-size 96](https://www.haproxy.com/documentation/haproxy-configuration-manual/latest/#tune.ssl.capture-buffer-size)

* Load the LUA module by adding `lua-load /etc/haproxy/lua/ja3n.lua` in the `global` section

* Execute the LUA script on HTTP requests: `http-request lua.fingerprint_ja3n`

* Log the fingerprint: `http-request capture var(txn.fingerprint_ja3n) len 32`

----

## Contribute

If you have:

* Found an issue/bug - please [report it](https://github.com/O-X-L/haproxy-ja3n/issues/new)

* Have an idea on how to improve it - [feel free to start a discussion](https://github.com/O-X-L/haproxy-ja3n/discussions/new/choose)

* PRs are welcome

### Testing

* Run: `bash test/run.sh`

* Access the test website: https://localhost:6969/

Exit with `CTRL+C`