Tool for mobile app fingerprinting
mobile app fingerprinting, JA3 fingerprinting, digital forensics, network monitoring
This tool computes JA3 and JA3S fingerprints for mobile apps using captured network communication. Originally, the method was developped by John Althouse and others, see https://engineering.salesforce.com/tls-fingerprinting-with-ja3-and-ja3s-247362855967. Here, we apply this method on mobile apps and observe reliability and stability of JA3 and JA3S fingerprints.
The script creates JA3+JA3S fingerprint databased based on the given dataset with typical mobile app communication. For selection of fingerprints directly related to the app we use Server Name Indication (SNI) string obtained from TLS handshake. Depending on the app, the mobile app fingerprint is composed either by JA3+JA3S hashes only, or as combination of JA3+SNI or JA3+JA3S+SNI.