{"id":1595,"date":"2022-12-09T10:40:00","date_gmt":"2022-12-09T02:40:00","guid":{"rendered":"https:\/\/vmlogin.us\/help\/?p=1595"},"modified":"2022-12-09T10:41:26","modified_gmt":"2022-12-09T02:41:26","slug":"vmlogin-browser-ssl-fingerprint","status":"publish","type":"post","link":"https:\/\/www.vmlogin.us\/help\/fingerprint\/ssl.html","title":{"rendered":"VMLogin Browser SSL Fingerprint"},"content":{"rendered":"\n

You can set the number and order of cipher suites in SSL fingerprint setting, which can withstand some websites that use the JA3 method to detect SSL fingerprints. Generally, each browser has a relatively fixed SSL fingerprint. When doing multi-account or anti-detection projects, the change of the SSL fingerprint may play a certain role. However, if you do not know much about what is SSL fingerprint, it is recommended not to set it randomly, otherwise it may be counterproductive.

It is generally recommended to click the Chrome SSL button<\/strong>, so that you can set the fingerprint to be consistent with Chrome. For some websites that use SSL detection, it is more friendly to use the official version of Chrome fingerprint.
<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n


JA3<\/strong> is a method for creating SSL\/TLS client fingerprints that should be easy to generate on any platforms and can be shared easily for Threat Intelligence.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n


What is SSL fingerprint?<\/strong> Genarally, it can be said that each browser has a fixed SSL fingerprint.
The JA3 method is to gather the decimal values of the bytes for the following fields in the Server Hello packet: Version, Accepted Cipher, and List of Extensions, Elliptic Curves, and Elliptic Curve Formats. Using a \u201c,\u201d to delimit each field and a \u201c-\u201d to delimit each value in each field, then concatenates those values together in order.
<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n


<\/p>\n\n\n\n

Example Client Hello packet as viewed in Wireshark<\/strong><\/p>\n\n\n\n

The field order is as follows:<\/strong><\/p>\n\n\n\n

TLSVersion,Ciphers,Extensions,EllipticCurves,EllipticCurvePointFormats<\/p>\n\n\n\n

Example:<\/strong> 769,47\u201353\u20135\u201310\u201349161\u201349162\u201349171\u201349172\u201350\u201356\u201319\u20134,0\u201310\u201311,23\u201324\u201325,0<\/p>\n\n\n\n

If there are no TLS Extensions in the Client Hello, the fields are left empty.<\/p>\n\n\n\n

769,4\u20135\u201310\u20139\u2013100\u201398\u20133\u20136\u201319\u201318\u201399,,,<\/p>\n\n\n\n

These strings are then MD5 hashed to produce an easily consumable and shareable 32 character fingerprint. This is the JA3 TLS Client Fingerprint.<\/p>\n\n\n\n

769,47\u201353\u20135\u201310\u201349161\u201349162\u201349171\u201349172\u201350\u201356\u201319\u20134,0\u201310\u201311,23\u201324\u201325,0 \u2192 ada70206e40642a3e4461f35503241d5
769,4\u20135\u201310\u20139\u2013100\u201398\u20133\u20136\u201319\u201318\u201399,,, \u2192 de350869b8c85de67a350c8d186f11e6<\/p>\n\n\n\n

We also needed to introduce some code to account for Google\u2019s GREASE (Generate Random Extensions And Sustain Extensibility) as described here. Google uses this as a mechanism to prevent extensibility failures in the TLS ecosystem. JA3 ignores these values completely to ensure that programs utilizing GREASE can still be identified with a single JA3 hash.
Websites that can be used for SSL fingerprinting tests: <\/strong>https:\/\/browserleaks.com\/ssl<\/a><\/p>\n\n\n\n


Conclusion<\/strong><\/p>\n\n\n\n

JA3 and JA3S are\u00a0security analysis methods\u00a0based on TLS fingerprints. The JA3 fingerprints\u00a0can identify the way\u00a0how the client application communicates over TLS\u00a0and the JA3S\u00a0fingerprints\u00a0can identify\u00a0the server response. If combine these 2 methods,\u00a0they essentially create a fingerprint of the cryptographic negotiation between client and server. While TLS-based detection methods are not always a silver bullet or\u00a0a guaranteed mapping to client applications, they are always valuable as a pivot point for analysis.<\/p>\n\n\n\n

VMLogin <\/a><\/strong>designs\u00a0the SSL custom setting method,\u00a0mainly to change the JA3 fingerprint of the browser. Although it is not comprehensive,\u00a0it is very simple and efficient. Hope to help some users who pursue perfectionism. At the same time, hope\u00a0users provide us good\u00a0suggestions and help.<\/p>\n\n\n\n


<\/p>\n\n\n\n



<\/p>\n","protected":false},"excerpt":{"rendered":"

You can set the number and order of cipher suites& […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[],"class_list":["post-1595","post","type-post","status-publish","format-standard","hentry","category-fingerprint"],"_links":{"self":[{"href":"https:\/\/www.vmlogin.us\/help\/wp-json\/wp\/v2\/posts\/1595","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.vmlogin.us\/help\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.vmlogin.us\/help\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.vmlogin.us\/help\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.vmlogin.us\/help\/wp-json\/wp\/v2\/comments?post=1595"}],"version-history":[{"count":4,"href":"https:\/\/www.vmlogin.us\/help\/wp-json\/wp\/v2\/posts\/1595\/revisions"}],"predecessor-version":[{"id":1602,"href":"https:\/\/www.vmlogin.us\/help\/wp-json\/wp\/v2\/posts\/1595\/revisions\/1602"}],"wp:attachment":[{"href":"https:\/\/www.vmlogin.us\/help\/wp-json\/wp\/v2\/media?parent=1595"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.vmlogin.us\/help\/wp-json\/wp\/v2\/categories?post=1595"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.vmlogin.us\/help\/wp-json\/wp\/v2\/tags?post=1595"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}