1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
|
package main
import (
"encoding/json"
"fmt"
"net"
"net/http"
"os"
"strings"
"github.com/mikioh/tcp"
"github.com/mikioh/tcpinfo"
)
func assignTCPFingerprint(c net.Conn) (*JA4T, error) {
tc, err := tcp.NewConn(c)
if err != nil {
return nil, err
}
var o tcpinfo.Info
var b [256]byte
i, err := tc.Option(o.Level(), o.Name(), b[:])
if err != nil {
return nil, err
}
ci, ok := i.(*tcpinfo.Info)
if !ok {
return nil, fmt.Errorf("can't make %T into *tcpinfo.Info", i)
}
json.NewEncoder(os.Stdout).Encode(ci)
result := &JA4T{
Window: uint32(ci.Sys.SenderWindow),
MSS: uint16(ci.SenderMSS),
}
for _, opt := range ci.PeerOptions {
switch opt.(type) {
case tcpinfo.WindowScale:
result.Options = append(result.Options, 3, uint8(opt.(tcpinfo.WindowScale)))
result.WindowScale = uint8(opt.(tcpinfo.WindowScale))
case tcpinfo.SACKPermitted:
result.Options = append(result.Options, 4, 1)
case tcpinfo.Timestamps:
result.Options = append(result.Options, 8, 1)
}
}
return result, nil
}
type tcpFingerprintKey struct{}
func GetTCPFingerprint(r *http.Request) *JA4T {
ptr := r.Context().Value(tcpFingerprintKey{})
if fpPtr, ok := ptr.(*JA4T); ok && ptr != nil && fpPtr != nil {
return fpPtr
}
return nil
}
type JA4T struct {
Window uint32
Options []uint8
MSS uint16
WindowScale uint8
}
func (j JA4T) String() string {
var sb strings.Builder
fmt.Fprintf(&sb, "%d_", j.Window)
for i, opt := range j.Options {
fmt.Fprint(&sb, opt)
if i != len(j.Options)-1 {
fmt.Fprint(&sb, "-")
}
}
fmt.Fprint(&sb, "_")
fmt.Fprintf(&sb, "%d_%d", j.MSS, j.WindowScale)
return sb.String()
}
|
