hrbrmstr
/
jarmed
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Browse Source

tweak due to IP addresses not coming back on some sites

master
boB Rudis 3 years ago
parent
8c7aa28e62
commit
baf8d395dc
No known key found for this signature in database GPG Key ID: 1D7529BE14E2BBA9
2 changed files with 11 additions and 9 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      README.md
  2. 14
      inst/python/jarm.py

6
README.md
View File

@ -91,9 +91,9 @@ sites %>%
## host port ip result jarm ## host port ip result jarm
## <chr> <int> <chr> <chr> <chr> ## <chr> <int> <chr> <chr> <chr>
## 1 rud.is 443 172.93.4… 15d2ad16d29d29d00015d2ad15d29dd1… 009e|0303|h2|0000-ff01-0010,c030|0303|h2|0000-ff01-000b-0… ## 1 rud.is 443 172.93.4… 15d2ad16d29d29d00015d2ad15d29dd1… 009e|0303|h2|0000-ff01-0010,c030|0303|h2|0000-ff01-000b-0…
## 2 r-projec… 443 <NA> 07d19d1ad21d21d07c42d43d000000ee… 0033|0303|http/1.1|ff01-0000-0001-0023-0010-0017,00c0|030… ## 2 r-projec… 443 137.208.… 07d19d1ad21d21d07c42d43d000000ee… 0033|0303|http/1.1|ff01-0000-0001-0023-0010-0017,00c0|030…
## 3 rstudio.… 443 <NA> 2ad2ad16d2ad2ad00042d42d000000df… c030|0303|h2|ff01-0000-0001-000b-0023-0010-0017,c030|0303… ## 3 rstudio.… 443 104.198.… 2ad2ad16d2ad2ad00042d42d000000df… c030|0303|h2|ff01-0000-0001-000b-0023-0010-0017,c030|0303…
## 4 apple.com 443 <NA> 29d29d15d29d29d00041d41d000000a5… c02f|0303||ff01-0000-0001-000b-0023-0017,c02f|0303||ff01- ## 4 apple.com 443 17.253.1… 29d29d15d29d29d00041d41d0000004a… c02f|0303|http/1.0|ff01-0000-0001-000b-0023-0010-0017,c02
``` ```
## jarmed Metrics ## jarmed Metrics

14
inst/python/jarm.py
View File

@ -232,9 +232,10 @@ def supported_versions(jarm_details, grease):
return ext return ext
#Send the assembled client hello using a socket #Send the assembled client hello using a socket
def send_packet(destination_host, destination_port, packet): def send_packet(destination_host, destination_port, packet, timeout = 20):
try: try:
#Determine if the input is an IP or domain name #Determine if the input is an IP or domain name
raw_ip = False
try: try:
if (type(ipaddress.ip_address(destination_host)) == ipaddress.IPv4Address) or (type(ipaddress.ip_address(destination_host)) == ipaddress.IPv6Address): if (type(ipaddress.ip_address(destination_host)) == ipaddress.IPv4Address) or (type(ipaddress.ip_address(destination_host)) == ipaddress.IPv6Address):
raw_ip = True raw_ip = True
@ -245,13 +246,11 @@ def send_packet(destination_host, destination_port, packet):
#Connect the socket #Connect the socket
if ":" in destination_host: if ":" in destination_host:
sock = socket.socket(socket.AF_INET6, socket.SOCK_STREAM) sock = socket.socket(socket.AF_INET6, socket.SOCK_STREAM)
#Timeout of 20 seconds sock.settimeout(timeout)
sock.settimeout(20)
sock.connect((destination_host, destination_port, 0, 0)) sock.connect((destination_host, destination_port, 0, 0))
else: else:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
#Timeout of 20 seconds sock.settimeout(timeout)
sock.settimeout(20)
sock.connect((destination_host, destination_port)) sock.connect((destination_host, destination_port))
#Resolve IP if given a domain name #Resolve IP if given a domain name
if raw_ip == False: if raw_ip == False:
@ -436,9 +435,11 @@ def jarm_query(destination_host, destination_port):
jarm = "" jarm = ""
#Assemble, send, and decipher each packet #Assemble, send, and decipher each packet
iterate = 0 iterate = 0
ips = []
while iterate < len(queue): while iterate < len(queue):
payload = packet_building(queue[iterate]) payload = packet_building(queue[iterate])
server_hello, ip = send_packet(destination_host, destination_port, payload) server_hello, ip = send_packet(destination_host, destination_port, payload)
ips.append(ip)
#Deal with timeout error #Deal with timeout error
if server_hello == "TIMEOUT": if server_hello == "TIMEOUT":
jarm = "|||,|||,|||,|||,|||,|||,|||,|||,|||,|||" jarm = "|||,|||,|||,|||,|||,|||,|||,|||,|||,|||"
@ -452,5 +453,6 @@ def jarm_query(destination_host, destination_port):
jarm += "," jarm += ","
#Fuzzy hash #Fuzzy hash
result = jarm_hash(jarm) result = jarm_hash(jarm)
ips = [ ip for ip in list(set(ips)) if ip ]
return({ "host" : destination_host, "port" : destination_port, "ip": ip, "result" : result, "jarm" : jarm }) return({ "host" : destination_host, "port" : destination_port, "ip": ips, "result" : result, "jarm" : jarm })

Write Preview
Loading…
Cancel
Save