A small JA3 TLS fingerprinting library written in Rust.
This crate enables a consumer to fingerprint the ClientHello portion of a TLS handshake. It can hash TLS handshakes over IPv4 and IPv6. It heavily depends on the tls-parser project from Rusticata.
It supports generating fingerprints from packet capture files as well as live-captures on a network interface, both using libpcap.
See the original JA3 project for more information.
Example of fingerprinting a packet capture file:
```rust use ja3::Ja3;
let mut ja3 = Ja3::new("test.pcap") .process_pcap() .unwrap();
// Now we have a Vec of Ja3Hash objects for hash in ja3 { println!("{}", hash); } ```
Example of fingerprinting a live capture:
```rust use ja3::Ja3;
let mut ja3 = Ja3::new("eth0") .process_live() .unwrap(); while let Some(hash) = ja3.next() { println!("Hash: {}", hash); }
```
| Command | Mean [ms] | Min [ms] | Max [ms] | Relative |
|:---|---:|---:|---:|---:|
| ja3 huge-cap.pcap | 153.2 ± 2.3 | 149.8 | 157.2 | 34.85 ± 2.82 |
| ./target/release/examples/ja3 huge-cap.pcap | 4.4 ± 0.3 | 3.6 | 5.5 | 1.00 |