Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ja4 Supporting #42

Open
yarosman opened this issue Feb 5, 2024 · 7 comments
Open

Ja4 Supporting #42

yarosman opened this issue Feb 5, 2024 · 7 comments
Labels
enhancement New feature or request

Comments

@yarosman
Copy link

yarosman commented Feb 5, 2024

There exist updates in TLS client fingerprinting technology
https://github.com/FoxIO-LLC/ja4/tree/main

@phuslu
Copy link
Owner

phuslu commented Feb 5, 2024

Thanks! I admit that ja4 do some enhancements/improvements than ja3, but I'd like wait it to be mature
I think that bigtech (e.g. cloudflare) will merge/support ja4 variants or raise another alternative for it.
Let's keep eyes on it.

@phuslu
Copy link
Owner

phuslu commented Feb 6, 2024

a bit related/similar with #13

@phuslu phuslu added the enhancement New feature or request label Feb 6, 2024
@phuslu
Copy link
Owner

phuslu commented Feb 8, 2024

Currently I dont like ja4 because it sorted extension -- randomize extensions is a feature of new chrome -- we could distinguish/detect bot on top of it, so we shall not sort.
Rest parts of ja4 is LGTM.

@yarosman
Copy link
Author

yarosman commented Feb 9, 2024

Chrome randomizes extensions, Firefox will randomize in the future (I read somewhere)) ) - therefore without ordering, we have cases when on each page reloading we will get different ja3, and ja4 fixes it

@ne4u
Copy link

ne4u commented Apr 7, 2024

Currently I dont like ja4 because it sorted extension -- randomize extensions is a feature of new chrome -- we could distinguish/detect bot on top of it, so we shall not sort. Rest parts of ja4 is LGTM.

I agree. here's why: if you have a client that identifies as a current version of chrome but does not have a random extension list on subsequent requests, you know it's a bot. An unsorted list can always be sorted later.

But, I also agree that the hash by itself is less useful. Just out of curiosity what happens when FIPS mode is enabled on the system or during compile time since md5 function is removed? It seems to me the hash function can be removed and any hash functionality could be done by whatever process consumes the fingerprint data.

@phuslu
Copy link
Owner

phuslu commented Apr 8, 2024

For md5 hash, I remove it after randomize extension introduced in chrome, but users request me re-instate it soon.
see #44 and #46

I suppose that the users maintain/detect legacy bot's ja3 hash as fingerprint in nginx side(e.g. lua_shared_dict)

@phuslu
Copy link
Owner

phuslu commented May 10, 2024

Cloudflare added the support of JA4 in its enterprise plan, it's my turn to follow it now.

https://developers.cloudflare.com/bots/concepts/ja3-ja4-fingerprint/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

3 participants