mirrors/CyberChef
1
0
Fork 0
mirror of https://github.com/gchq/CyberChef.git synced 2025-04-20 23:06:16 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Refactor and formatting

Browse source
This commit is contained in:
Niall 2024-09-25 20:05:26 +00:00
parent 5fcb1cf372
commit 7dab6e3039
1 changed files with 33 additions and 62 deletions
Download patch file Download diff file Expand all files Collapse all files

81
src/core/operations/JA4FingerprintSummary.mjs
View file

@ -40,78 +40,49 @@ class JA4FingerprintSummary extends Operation {
*/ */
run(input, args) { run(input, args) {
const [inputFormat] = args; const [inputFormat] = args;
let retString = "Fingerprint summary of: " + input + "\n+------------------------------------------------------------+" let retString = `Fingerprint summary of: ${input}\n+------------------------------------------------------------+`;
if (inputFormat === "JA4") { // Define format validation logic
const isValidJA4 = (input) => /[a-z-0-9]{10}_[a-z-0-9]{12}_[a-z-0-9]{12}/.test(input);
const isValidJA4Server = (input) => /[a-z-0-9]{7}_[a-z-0-9]{4}_[a-z-0-9]{12}/.test(input);
// Validate the input based on inputFormat
if (inputFormat === "JA4" && !isValidJA4(input)) {
return `Error: The input does not match the expected JA4 format. Please check your input: ${input}`;
}
if (inputFormat === "JA4Server" && !isValidJA4Server(input)) {
return `Error: The input does not match the expected JA4Server format. Please check your input: ${input}`;
}
const protocolMap = { t: "TCP", q: "QUIC" }; const protocolMap = { t: "TCP", q: "QUIC" };
const tlsMap = { const tlsMap = {
"13": "1.3", "12": "1.2", "11": "1.1", "10": "1.0", "13": "1.3", "12": "1.2", "11": "1.1", "10": "1.0",
"s3": "SSL 3.0", "s2": "SSL 2.0", "s1": "SSL 1.0" "s3": "SSL 3.0", "s2": "SSL 2.0", "s1": "SSL 1.0"
}; };
const sniMap = { d: "Yes (to domain)", i: "No (to IP)" };
const alpnMap = { const alpnMap = {
"00": "No ALPN Chosen", "dt": "DNS-over-TLS", "00": "No ALPN Chosen", "dt": "DNS-over-TLS",
"h1": "HTTP/1.1", "h2": "HTTP/2" "h1": "HTTP/1.1", "h2": "HTTP/2"
}; };
const getProtocol = (input) => `\nProtocol: ${protocolMap[input[0]] || "Unknown"}`;
// Protocol const getTLSVersion = (input, start = 1, end = 3) => `\nTLS Version: ${tlsMap[input.slice(start, end)] || input.slice(start, end)}`;
retString += `\nProtocol: ${protocolMap[input[0]] || "Unknown"}`; const getALPN = (input, start, end) => `\nALPN Chosen: ${alpnMap[input.slice(start, end)] || input.slice(start, end)}`;
if (inputFormat === "JA4") {
// TLS Version const sniMap = { d: "Yes (to domain)", i: "No (to IP)" };
retString += `\nTLS Version: ${tlsMap[input.slice(1, 3)] || input.slice(1, 3)}`; retString += getProtocol(input);
retString += getTLSVersion(input);
// SNI Extension
retString += `\nSNI Extension Present: ${sniMap[input[3]] || "Invalid symbol: " + input[3]}`; retString += `\nSNI Extension Present: ${sniMap[input[3]] || "Invalid symbol: " + input[3]}`;
// Number of Cipher Suites and Extensions
retString += `\nNumber of Cipher Suites: ${input.slice(4, 6)}`; retString += `\nNumber of Cipher Suites: ${input.slice(4, 6)}`;
retString += `\nNumber of Extensions: ${input.slice(6, 8)}`; retString += `\nNumber of Extensions: ${input.slice(6, 8)}`;
retString += getALPN(input, 8, 10);
// ALPN
retString += `\nALPN Chosen: ${alpnMap[input.slice(8, 10)] || input.slice(8, 10)}`;
// Truncated SHA256 hashes
retString += `\nTruncated SHA256 hash of the Cipher Suites, sorted: ${input.slice(11, 23)}`; retString += `\nTruncated SHA256 hash of the Cipher Suites, sorted: ${input.slice(11, 23)}`;
retString += `\nTruncated SHA256 hash of the Extensions, sorted + Signature Algorithms, in the order they appear: ${input.slice(24)}`; retString += `\nTruncated SHA256 hash of the Extensions, sorted + Signature Algorithms, in the order they appear: ${input.slice(24)}`;
} } else if (inputFormat === "JA4Server") {
retString += getProtocol(input);
retString += getTLSVersion(input);
if (inputFormat == "JA4Server"){
const protocolMap = { t: "TCP", q: "QUIC" };
const tlsMap = {
"13": "1.3", "12": "1.2", "11": "1.1", "10": "1.0",
"s3": "SSL 3.0", "s2": "SSL 2.0", "s1": "SSL 1.0"
};
const alpnMap = {
"00": "No ALPN Chosen", "dt": "DNS-over-TLS",
"h1": "HTTP/1.1", "h2": "HTTP/2"
};
// Protocol
retString += `\nProtocol: ${protocolMap[input[0]] || "Unknown"}`;
// TLS Version
retString += `\nTLS Version: ${tlsMap[input.slice(1, 3)] || input.slice(1, 3)}`;
// Number of Extensions
retString += `\nNumber of Extensions: ${input.slice(3, 5)}`; retString += `\nNumber of Extensions: ${input.slice(3, 5)}`;
retString += getALPN(input, 5, 7);
// ALPN retString += `\nCipher Suite Chosen: ${input.slice(8, 12)}`;
retString += `\nALPN Chosen: ${alpnMap[input.slice(5, 7)] || input.slice(5, 7)}`; retString += `\nTruncated SHA256 hash of the Extensions, in the order they appear: ${input.slice(13)}`;
// Cipher Suite
retString += `\nCipher Suite Chosen: ${input.slice(8,12)}`;
// Truncated SHA256 hashes
retString += `\nTruncated SH256 hash of the Extensions, in the order they appear: ${input.slice(13)}`;
} }
return retString;
return retString
} }
} }
export default JA4FingerprintSummary; export default JA4FingerprintSummary;
/**
* Truncated SHA256 hash of the Cipher Suites, sorted
* Truncated SHA256 hash of the Extensions, sorted + Signature Algorithms, in the order they appear
*/