Hacker News new | ask | show | jobs
by maldev 1088 days ago
This paper is nice, but it goes over some finer technical things. So, not about the great wall, but there's projects out there, like this one https://github.com/salesforce/ja3 , which talk about how you can fingerprint fully encrypted traffic(TLS/HTPS). There's a great section in the Readme "How it works" that goes over it. Would be surprising if the great wall doesn't do this, when some open source firewall will.
1 comments
supriyo-biswas 1088 days ago
Chrome randomizes the ClientHello these days[1], so JA3 is obsolete in that sense. You could still build a fingerprint off of the common advertised TLS parameters, disregarding their order. The linked paper references an incident where the list of ciphersuites were used to detect Tor-obfs connections[2][3].

[1] https://www.fastly.com/blog/a-first-look-at-chromes-tls-clie...

[2] https://gitlab.torproject.org/legacy/trac/-/issues/4744

[3] https://blog.torproject.org/ethiopia-introduces-deep-packet-...

link