[zeek] [script] JA4 Fingerprinting Support

Hello fellow Zeekers!

Did you know? JA4 was just released: JA4+ Network Fingerprinting. TL;DR | by John Althouse | Sep, 2023 | FoxIO

This is a huge leap from JA3, as it handles randomly created TLS certificates as well as support fingerprinting over many additional protocols - UDP, SSH, etc.

Eagerly expecting to see a Zeek package that supports JA4!
Is anyone currently working on it?

Released today: https://github.com/FoxIO-LLC/ja4/tree/main/zeek

1 Like

The repo now includes all of JA4+ methods as zeek scripts

zkg install zeek/foxio/ja4