ja3能力改造

Security Classification: 【C-1】 | Publish Time:2024-09-11 | Category:Test Notes | Edit
Old Version | Diff | Latest Version
Expiry Notice: The article was published three months ago. Please independently assess the validity of the technical methods and code mentioned within. :)

AI Summary: 本文介绍了通过反向代理配置获取JA3指纹信息的解决方案。由于当前使用的Nginx镜像未加JA3补丁，无法直接获取TLS指纹，笔者选择在HK服务器上进行反向代理，将数据迁移至SH服务器，同时调整Nginx配置。HK服务器的Nginx配置使用了SSL和反向代理设置，确保JA3指纹信息能够通过HTTP头部传递到SH服务器。SH服务器则配置了基本的静态资源支持和跨域设置。最终，实现了通过HTTP头部获取JA3指纹信息，增强了安全性，例如可以防止Burp Suite的抓包行为。 --- (From Model:gpt-4o-mini-2024-07-18)

前言

笔者目前使用的docker镜像的web服务器组件nginx，没有加上ja3补丁,无法在中间件获取tls指纹。由于打补丁是高危操作，迁移新镜像又涉及到脚本语言执行引擎的兼容问题（做改造），为了尽可能最小改动实现效果用反向代理接入，实现ja3指纹信息获取。?

架构调整

需要将HK服务器上数据迁移至SH服务器中，并且对于nginx的配置仅需对server_name做调整。

HK服务器反向代理配置:

    ## docs.test.rce.ink
    server {
        listen 80;
        listen 443 ssl;
        server_name docs.test.rce.ink;
        ssl_certificate        /ssl/live/docs.test.rce.ink/fullchain.pem;
        ssl_certificate_key    /ssl/live/docs.test.rce.ink/privkey.pem;
        if ($server_port !~ 443){
            rewrite ^(/.*)$ https://$host$1 permanent;
        }
        location / {
            proxy_pass http://SH:8080;
            proxy_set_header Host docs;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-JA3-INFO '{"hash":"$http_ssl_ja3_hash","fingerprint":"$http_ssl_ja3","ciphers":"$ssl_ciphers","curves":"$ssl_curves","protocol":"$ssl_protocol","user_agent":"$http_user_agent"}';
        }
    }

SH服务器Nginx配置:

## Un1kDocs服务端
server{
    listen 80;
    server_name docs;
    root "/app/docs.test.rce.ink/public";
    index index.go;
    ## 支持静态资源跨域
    location ~* \.(eot|otf|ttf|woff|woff2)$ {
        add_header Access-Control-Allow-Origin *;
    }
    ## 包含其他配置
    include /opt/docker/etc/nginx/vhost.common.d/*.conf;
}