Calculate the full JA3 hash

pimterry · pimterry · commit 2287adbe9c3f · 2022-10-13T20:18:16.000+02:00
diff --git a/src/index.ts b/src/index.ts
@@ -1,4 +1,5 @@
 import * as stream from 'stream';
+import * as crypto from 'crypto';
 
 const collectBytes = (stream: stream.Readable, byteLength: number) => {
     if (byteLength === 0) return Buffer.from([]);
@@ -42,7 +43,7 @@ const collectBytes = (stream: stream.Readable, byteLength: number) => {
 const getUint16BE = (buffer: Buffer, offset: number) =>
     (buffer[offset] << 8) + buffer[offset+1];
 
-export async function getTlsFingerprint(rawStream: stream.Readable) {
+export async function getTlsFingerprintData(rawStream: stream.Readable) {
     // Create a separate stream, which isn't flowing, so we can read byte-by-byte regardless of how else
     // the stream is being used.
     const inputStream = new stream.PassThrough();
@@ -125,4 +126,18 @@ export async function getTlsFingerprint(rawStream: stream.Readable) {
         groupsFingerprint,
         curveFormatsFingerprint
     ] as const;
+}
+
+export async function getTlsFingerprintAsJa3(rawStream: stream.Readable) {
+    const fingerprintData = await getTlsFingerprintData(rawStream);
+
+    const fingerprintString = [
+        fingerprintData[0],
+        fingerprintData[1].join('-'),
+        fingerprintData[2].join('-'),
+        fingerprintData[3].join('-'),
+        fingerprintData[4].join('-')
+    ].join(',');
+
+    return crypto.createHash('md5').update(fingerprintString).digest('hex');
 }
diff --git a/test/test.spec.ts b/test/test.spec.ts
@@ -1,11 +1,15 @@
 import * as net from 'net';
 import * as tls from 'tls';
+import * as https from 'https';
 import { makeDestroyable, DestroyableServer } from 'destroyable-server';
 
 import { expect } from 'chai';
 import { getDeferred } from './test-util';
 
-import { getTlsFingerprint } from '../src/index';
+import {
+    getTlsFingerprintData,
+    getTlsFingerprintAsJa3
+} from '../src/index';
 
 const nodeMajorVersion = parseInt(process.version.slice(1).split('.')[0], 10);
 
@@ -15,7 +19,7 @@ describe("Read-TLS-Fingerprint", () => {
 
     afterEach(() => server?.destroy());
 
-    it("can read Node's fingerprint", async () => {
+    it("can read Node's fingerprint data", async () => {
         server = makeDestroyable(new net.Server());
 
         server.listen();
@@ -31,7 +35,7 @@ describe("Read-TLS-Fingerprint", () => {
         }).on('error', () => {}); // Socket will fail, since server never responds, that's OK
 
         const incomingSocket = await incomingSocketPromise;
-        const fingerprint = await getTlsFingerprint(incomingSocket);
+        const fingerprint = await getTlsFingerprintData(incomingSocket);
 
         const [
             tlsVersion,
@@ -60,4 +64,29 @@ describe("Read-TLS-Fingerprint", () => {
         ]);
         expect(curveFormats).to.deep.equal([0, 1, 2]);
     });
+
+    it("can read Node's JA3 fingerprint", async () => {
+        server = makeDestroyable(new net.Server());
+
+        server.listen();
+        await new Promise((resolve) => server.on('listening', resolve));
+
+        let incomingSocketPromise = getDeferred<net.Socket>();
+        server.on('connection', (socket) => incomingSocketPromise.resolve(socket));
+
+        const port = (server.address() as net.AddressInfo).port;
+        https.request({
+            host: 'localhost',
+            port
+        }).on('error', () => {}); // Socket will fail, since server never responds, that's OK
+
+        const incomingSocket = await incomingSocketPromise;
+        const fingerprint = await getTlsFingerprintAsJa3(incomingSocket);
+
+        expect(fingerprint).to.be.oneOf([
+            '398430069e0a8ecfbc8db0778d658d77', // Node 12 - 16
+            '0cce74b0d9b7f8528fb2181588d23793' // Node 17+
+        ]);
+    });
+
 });
