Product Details

Tool for mobile app fingerprinting

Created: 2020

Czech title
Nástroj pro vytváření otisku mobilní aplikace
Type
software
License
optional - free
Authors
Matoušek Petr, doc. Ing., Ph.D., M.A. (DIFS FIT BUT)
Keywords

mobile app fingerprinting, JA3 fingerprinting, digital forensics, network monitoring

Description

This tool computes JA3 and JA3S fingerprints for mobile apps using captured network communication. Originally, the method was developped by John Althouse and others, see https://engineering.salesforce.com/tls-fingerprinting-with-ja3-and-ja3s-247362855967. Here, we apply this method on mobile apps and observe reliability and stability of JA3 and JA3S fingerprints.

The script creates JA3+JA3S fingerprint databased based on the given dataset with typical mobile app communication. For selection of fingerprints directly related to the app we use Server Name Indication (SNI) string obtained from TLS handshake. Depending on the app, the mobile app fingerprint is composed either by JA3+JA3S hashes only, or as combination of JA3+SNI or JA3+JA3S+SNI.

Location

See https://github.com/matousp/ja3s-fingerprinting.

Projects
Integrated platform for analysis of digital data from security incidents (VI20172020062)
Departments
Department of Information Systems FIT BUT (DIFS FIT BUT)
Back to top