ja3能力改造

Security Classification: 【C-1】 | Publish Time:2024-09-24 | Category:Test Notes | Edit
Old Version | Diff |

AI摘要:本文介绍了通过反向代理配置获取JA3指纹信息的解决方案。由于当前使用的Nginx镜像未加JA3补丁，无法直接获取TLS指纹，笔者选择在HK服务器上进行反向代理，将数据迁移至SH服务器，同时调整Nginx配置。HK服务器的Nginx配置使用了SSL和反向代理设置，确保JA3指纹信息能够通过HTTP头部传递到SH服务器。SH服务器则配置了基本的静态资源支持和跨域设置。最终，实现了通过HTTP头部获取JA3指纹信息，增强了安全性，例如可以防止Burp Suite的抓包行为。 --- (来自模型:gpt-4o-mini-2024-07-18)

## 前言

笔者目前使用的docker镜像的web服务器组件nginx，没有加上ja3补丁,无法在中间件获取tls指纹。由于打补丁是高危操作，迁移新镜像又涉及到脚本语言执行引擎的兼容问题（做改造），为了尽可能最小改动实现效果用反向代理接入，实现ja3指纹信息获取。😀

## 架构调整

![](https://img.meituan.net/imgupload/604b1112a1ecaaa6caff5dd76b9d800537830.png)

需要将HK服务器上数据迁移至SH服务器中，并且对于nginx的配置仅需对server_name做调整。

HK服务器反向代理配置:

```
    ## docs.test.rce.ink
    server {
        listen 80;
        listen 443 ssl;
        server_name docs.test.rce.ink;
        ssl_certificate        /ssl/live/docs.test.rce.ink/fullchain.pem;
        ssl_certificate_key    /ssl/live/docs.test.rce.ink/privkey.pem;

if ($server_port !~ 443){
            rewrite ^(/.*)$ https://$host$1 permanent;
        }
 
        location / {
            proxy_pass http://SH:8080;
            proxy_set_header Host docs;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-JA3-INFO '{"hash":"$http_ssl_ja3_hash","fingerprint":"$http_ssl_ja3","ciphers":"$ssl_ciphers","curves":"$ssl_curves","protocol":"$ssl_protocol","user_agent":"$http_user_agent"}';
        }
    }
```

SH服务器Nginx配置:

```
## Un1kDocs服务端

server{
	listen 80;
	server_name docs;
    root "/app/docs.test.rce.ink/public";
    index index.go;

## 支持静态资源跨域
    location ~* \.(eot|otf|ttf|woff|woff2)$ {
        add_header Access-Control-Allow-Origin *;
    }

## 包含其他配置
    include /opt/docker/etc/nginx/vhost.common.d/*.conf;

}
```

注意几个case：

1、微信公众号白名单IP调整
2、反向代理国内服务器需修改HOST绕过备案限制

效果如下：

![](https://img.meituan.net/imgupload/96195e15b920330c26ac750aa7873648152572.png)

## 当前状态

调整完毕后，可以直接通过header中的字段拿到ja3指纹信息，实现一些基础的安全风控。

例如禁止burpsuite对站点进行抓包。

Web3 Info

The ownership of the data in this article is secured by blockchain encryption technology and smart contracts, and is solely owned by the creator.

Comment List

Comment

© Copyright: This article is an original work and the copyright belongs to the Depy's docs unless marked as Reproduced

Please contact the blogger for authorization to reprint

『📕Category 』

ja3能力改造

© Copyright: This article is an original work and the copyright belongs to the Depy's docs unless marked as ReproducedPlease contact the blogger for authorization to reprint

© Copyright: This article is an original work and the copyright belongs to the Depy's docs unless marked as Reproduced

Please contact the blogger for authorization to reprint