[zeek] [script] JA4 Fingerprinting Support

eladsolomon · September 27, 2023, 8:25am

Hello fellow Zeekers!

Did you know? JA4 was just released: JA4+ Network Fingerprinting. TL;DR | by John Althouse | Sep, 2023 | FoxIO

This is a huge leap from JA3, as it handles randomly created TLS certificates as well as support fingerprinting over many additional protocols - UDP, SSH, etc.

Eagerly expecting to see a Zeek package that supports JA4!
Is anyone currently working on it?

ntyze · November 16, 2023, 3:09pm

Released today: https://github.com/FoxIO-LLC/ja4/tree/main/zeek

JA1 · February 28, 2024, 8:38pm

The repo now includes all of JA4+ methods as zeek scripts

zkg install zeek/foxio/ja4

Topic	Replies	Views
Zeek Newsletter - Issue 36 - February 2024 Announcements newsletter	201	March 4, 2024
Zeek Newsletter - Issue 18 - May-Early June 2022 Zeek newsletter	498	June 6, 2022
Zeek Newsletter - Issue 37 - March 2024 Announcements newsletter	95	April 5, 2024
Zeek Newsletter - Issue 35 - January 2024 Announcements newsletter	142	January 31, 2024
FOSDEM 2024 - JavaScript support in Zeek Announcements	112	January 9, 2024

[zeek] [script] JA4 Fingerprinting Support

Related Topics