From f5ef25b58b351f2bff53689d7c3f16cc54f8bf68 Mon Sep 17 00:00:00 2001 From: "Pinto Spindler, Stephan" <25225092+s-spindler@users.noreply.github.com> Date: Wed, 25 Sep 2024 00:05:59 +0200 Subject: [PATCH 1/2] Add technical details file for JA4H --- technical_details/JA4H.md | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 technical_details/JA4H.md diff --git a/technical_details/JA4H.md b/technical_details/JA4H.md new file mode 100644 index 0000000..f6c10af --- /dev/null +++ b/technical_details/JA4H.md @@ -0,0 +1,9 @@ +# JA4H: HTTP Client Fingerprint + +![JA4H](https://github.com/FoxIO-LLC/ja4/blob/main/technical_details/JA4H.png) + +JA4H fingerprints the HTTP client based on each HTTP request. + +### Number of Headers: +2 digit number of headers, not counting Cookie and Referer. For 3 headers the value is "03". +If there are more than 99, the output is 99. From 8efe153a157bc12175580738b213068b5b6c8486 Mon Sep 17 00:00:00 2001 From: "Pinto Spindler, Stephan" <25225092+s-spindler@users.noreply.github.com> Date: Wed, 25 Sep 2024 00:06:52 +0200 Subject: [PATCH 2/2] Allow max 99 as header count value --- python/ja4h.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/python/ja4h.py b/python/ja4h.py index 5c13fb7..962f712 100644 --- a/python/ja4h.py +++ b/python/ja4h.py @@ -24,14 +24,14 @@ def to_ja4h(x, debug_stream=-1): unsorted_cookie_values = [] x['headers'] = [ h.split(':')[0] for h in x['headers'] ] - x['headers'] = [ h for h in x['headers'] - if not h.startswith(':') and not h.lower().startswith('cookie') + x['headers'] = [ h for h in x['headers'] + if not h.startswith(':') and not h.lower().startswith('cookie') and h.lower() != 'referer' and h ] raw_headers = x['headers'][:] #x['headers'] = [ '-'.join([ y.capitalize() for y in h.split('-')]) for h in x['headers'] ] - header_len = '{:02d}'.format(len(x['headers'])) + header_len = '{:02d}'.format(min(len(x['headers']), 99)) if 'cookies' in x: if isinstance(x['cookies'], list):