phuslu/nginx-ssl-fingerprint

# nginx-ssl-fingerprint 一个高性能的 nginx 模块，用于 ja3、ja4 和 http2 指纹识别。 ## 补丁 - [nginx - 保存 ja3/ja4/http2 指纹](patches) - [openssl - 保存 clienthello 数据](patches) ### 支持矩阵 | | openssl-3.5.6 | openssl-3.6.2 | openssl-4.0.0 | | ------------ | ------------- | ------------- | ------------- | | nginx-1.29.8 | ✅ | ✅ | | | nginx-1.30.0 | ✅ | ✅ | | ## 配置 ### HTTP 模块变量 | 名称 | 默认值 | 注释 | | ----------------- | ------------- | ------------------------ | | http_ssl_greased | 0 | TLS greased 标志。 | | http_ssl_ja3 | NULL | ja3 指纹。 | | http_ssl_ja3_hash | NULL | ja3 指纹哈希。| | http_ssl_ja4 | NULL | ja4 指纹。 | | http2_fingerprint | NULL | http2 指纹。 | #### 示例 ``` http { server { listen 127.0.0.1:4433 ssl; http2 on; ssl_certificate cert.pem; ssl_certificate_key priv.key; error_log /dev/stderr debug; return 200 "ja3: $http_ssl_ja3\nja4: $http_ssl_ja4\nh2fp: $http2_fingerprint"; } } ``` ### Stream 模块变量 | 名称 | 默认值 | 注释 | | ------------------- | ------------- | ------------------------ | | stream_ssl_greased | 0 | TLS greased 标志。 | | stream_ssl_ja3 | NULL | ja3 指纹。 | | stream_ssl_ja3_hash | NULL | ja3 指纹哈希。| | stream_ssl_ja4 | NULL | ja4 指纹。 | #### 示例 ``` stream { server { listen 127.0.0.1:4443 ssl; ssl_certificate cert.pem; ssl_certificate_key priv.key; error_log /dev/stderr debug; return "ja4: $stream_ssl_ja4\n"; } } ``` ## 快速开始 ``` # Clone $ git clone -b openssl-3.6.2 --depth=1 https://github.com/openssl/openssl $ git clone -b release-1.30.0 --depth=1 https://github.com/nginx/nginx $ git clone -b master https://github.com/phuslu/nginx-ssl-fingerprint # Patch $ patch -p1 -d openssl < nginx-ssl-fingerprint/patches/openssl-3.6.2.patch $ patch -p1 -d nginx < nginx-ssl-fingerprint/patches/release-1.30.0.patch # Build $ cd nginx $ ASAN_OPTIONS=symbolize=1 ./auto/configure --with-openssl=$(pwd)/../openssl --add-module=$(pwd)/../nginx-ssl-fingerprint --with-http_ssl_module --with-stream_ssl_module --with-debug --with-stream --with-http_v2_module --with-cc-opt="-fsanitize=address -O -fno-omit-frame-pointer -DNGX_DEBUG_PALLOC=1" --with-ld-opt="-L/usr/local/lib -Wl,-E -lasan" $ make # Test $ objs/nginx -p . -c $(pwd)/../nginx-ssl-fingerprint/nginx.conf $ curl -k https://127.0.0.1:4433 # Fuzzing $ git clone https://github.com/tlsfuzzer/tlsfuzzer $ cd tlsfuzzer $ python3 -m venv venv $ venv/bin/pip install --pre tlslite-ng $ PYTHONPATH=. venv/bin/python scripts/test-client-hello-max-size.py ``` ## 性能 性能结果如下，查看 github [actions][actions] 以获取更多结果和详细信息。 ``` ------------- Nginx Baseline ------------- Running 30s test @ https://127.0.0.1:4433 2 threads and 2000 connections Thread Stats Avg Stdev Max +/- Stdev Latency 19.54ms 26.60ms 626.85ms 98.89% Req/Sec 37.26k 3.06k 44.23k 82.94% 2155428 requests in 30.07s, 2.31GB read Requests/sec: 71669.13 Transfer/sec: 78.81MB ------------- Nginx With Fingerprint ------------- Running 30s test @ https://127.0.0.1:4433 2 threads and 2000 connections Thread Stats Avg Stdev Max +/- Stdev Latency 21.03ms 26.36ms 618.44ms 98.63% Req/Sec 37.45k 3.49k 45.50k 77.80% 2162578 requests in 30.07s, 2.22GB read Requests/sec: 71909.53 Transfer/sec: 75.44MB ``` 结果表明 nginx-ssl-fingerprint 模块具有同样出色的性能表现。

标签：Bot检测, HTTP2指纹, JA3指纹, JA4指纹, Nginx, Nginx模块, OpenSSL, Radare2, SSL指纹, TLS指纹, Web安全, 反爬虫, 威胁情报, 安全测试工具, 客户端加密, 客户端指纹, 底层网络开发, 开发者工具, 恶意流量检测, 流量检测, 网络信息安全, 网络协议分析, 网络安全, 网络流量分析, 蓝队分析, 防御规避检测, 隐私保护, 高并发