Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Stealthier Attacks and Smarter Defending With TLS Fingerprinting
Ever been busted because you man in the middled software (which does TLS properly) and it alerted someone to your bad
certificate? No more! Want to detect certain types of connections leaving your network, but can’t keep the IP blacklist up
to date? This could be the answer.
This talk includes an introduction to both TLS and man in the middle attacks, a walkthrough on what TLS fingerprints
contain, how to create your own fingerprints, how we use the fingerprints in several scenarios, a demo, and a discussion of
implications and pitfalls.
TLS provides transport security to all manner of connections from legitimate financial transactions to private
conversations and malware calling home. The inability to analyse encrypted traffic protects its users, whether they are
legitimate or malicious. This talk explores a technique for quickly and passively fingerprinting TLS clients and adapting
our responses for the purposes of both attack and defence. Attackers can make automated decisions concerning when to man in
the middle a connection and when to let the clients pass through silently, remaining stealthy. Defenders can gain insight
into what is making encrypted connections within their networks without access to either endpoints or cryptographic keying
material.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.