Update read-tls-client-hello to add JA4 fingerprint to TLS events

pimterry · pimterry · commit 89229ecd8c99 · 2025-02-21T14:03:13.000+01:00
diff --git a/package.json b/package.json
@@ -194,7 +194,7 @@
     "parse-multipart-data": "^1.4.0",
     "performance-now": "^2.1.0",
     "portfinder": "^1.0.32",
-    "read-tls-client-hello": "^1.0.0",
+    "read-tls-client-hello": "^1.1.0",
     "semver": "^7.5.3",
     "socks-proxy-agent": "^7.0.0",
     "typed-error": "^3.0.2",
diff --git a/src/server/http-combo-server.ts b/src/server/http-combo-server.ts
@@ -11,6 +11,7 @@ import { makeDestroyable, DestroyableServer } from 'destroyable-server';
 import httpolyglot = require('@httptoolkit/httpolyglot');
 import {
     calculateJa3FromFingerprintData,
+    calculateJa4FromHelloData,
     NonTlsError,
     readTlsClientHello
 } from 'read-tls-client-hello';
@@ -399,7 +400,8 @@ function analyzeAndMaybePassThroughTls(
                 connectHostname,
                 connectPort,
                 clientAlpn: helloData.alpnProtocols,
-                ja3Fingerprint: calculateJa3FromFingerprintData(helloData.fingerprintData)
+                ja3Fingerprint: calculateJa3FromFingerprintData(helloData.fingerprintData),
+                ja4Fingerprint: calculateJa4FromHelloData(helloData)
             };
 
             if (shouldPassThrough(connectHostname, passThroughPatterns, interceptOnlyPatterns)) {
diff --git a/src/types.ts b/src/types.ts
@@ -84,6 +84,7 @@ export interface TlsSocketMetadata {
     connectPort?: string;
     clientAlpn?: string[];
     ja3Fingerprint?: string;
+    ja4Fingerprint?: string;
 }
 
 export interface TlsPassthroughEvent extends TlsConnectionEvent {
diff --git a/test/integration/subscriptions/tls-error-events.spec.ts b/test/integration/subscriptions/tls-error-events.spec.ts
@@ -108,6 +108,7 @@ describe("TLS error subscriptions", () => {
 
         expect(tlsError.tlsMetadata.sniHostname).to.equal('localhost');
         expect(tlsError.tlsMetadata.ja3Fingerprint!.length).to.equal(32);
+        expect(tlsError.tlsMetadata.ja4Fingerprint!.length).to.equal(36);
 
         await expectNoClientErrors();
     });
diff --git a/test/integration/subscriptions/tls-passthrough-events.spec.ts b/test/integration/subscriptions/tls-passthrough-events.spec.ts
@@ -53,6 +53,7 @@ describe("TLS passthrough subscriptions", () => {
             : ['h2', 'http/1.1']
         );
         expect(tlsMetadata.ja3Fingerprint.length).to.equal(32);
+        expect(tlsMetadata.ja4Fingerprint.length).to.equal(36);
     });
 
     it("should not fire for TLS sockets are received and handled", async () => {

Original file line number	Diff line number	Diff line change
`@@ -84,6 +84,7 @@ export interface TlsSocketMetadata {`
`84`	`84`	`connectPort?: string;`
`85`	`85`	`clientAlpn?: string[];`
`86`	`86`	`ja3Fingerprint?: string;`
	`87`	`+ ja4Fingerprint?: string;`
`87`	`88`	`}`
`88`	`89`
`89`	`90`	`export interface TlsPassthroughEvent extends TlsConnectionEvent {`