Skip to content
/ go-ja4 Public

A Go-based implementation for generating JA4/JA4S fingerprints and check them against a malware db

License

MIT license
3 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

voukatas/go-ja4

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
cmd
cmd
 
 
internal
internal
 
 
pcap
pcap
 
 
pkg/ja4
pkg/ja4
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

JA4/JA4S Fingerprinting Tool

This project is a Go-based implementation for generating JA4 and JA4S fingerprints from TLS Client Hello and Server Hello messages. The implementation is inspired by the specifications outlined in this blog post, and the provided Wireshark traces are currently used to manually test the code.

Motivation

I started this project because there wasn't an existing Go library that could:

  1. Accurately parse JA4 and JA4S fingerprints.
  2. Handle real traffic effectively, especially in scenarios involving TCP segmentation.

This tool addresses those gaps by using gopacket for packet capture and reassembly, ensuring accurate handling of fragmented traffic and generating fingerprints based on TLS handshake data.

Features

  • TLS Fingerprinting: Generates JA4 (Client Hello) and JA4S (Server Hello) fingerprints for identifying TLS configurations.
  • TCP Reassembly: Handles TCP segmentation to capture and reassemble fragmented packets.
  • Protocol Support: Currently supports only the TCP protocol.

Project Status

This is an early-stage project. More work is needed, including:

  • Project restructuring for better maintainability.
  • Unit tests and integration tests to ensure reliability and correctness.
  • Enhanced automation for testing with real-world traffic.

Requirements

  • Go 1.18 or later
  • Administrative privileges (for live packet capture)
  • A network interface capable of capturing traffic (e.g., enp0s3)

Installation

git clone https://github.com/voukatas/go-ja4.git
cd go-ja4

go mod tidy
cd cmd
go build -o ja4tool

Usage

Update the network interface in the code (enp0s3) to match your system.

sudo ./ja4tool

Testing

Currently, Wireshark traces from the FoxIO blog are used to manually test the tool and some of them are integrated to automated tests. Integration with full automated testing is a planned enhancement.

cd go-ja4
go test -cover -v -race ./...

Limitations

  • Only the TCP protocol is supported.
  • No support for QUIC/UDP traffic (future scope).
  • Automated testing and benchmarking are not yet implemented.

To-Do

- Restructure the project for better modularity. - Add unit and integration tests.

  • Extend support for QUIC/UDP traffic.
  • Automate testing with real-world traffic captures.

About

A Go-based implementation for generating JA4/JA4S fingerprints and check them against a malware db

Topics

golang cybersecurity ja4

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages