These tools are to enable the matching (either on the wire or via pcap), creation, and export of TLS Fingerprints to other formats. For futher information on TLS Fingerprinting please see my TLS Fingerprinting paper, talk resources, and DerbyCon Presentation on the topic.
In summary the tools are:
-
FingerprinTLS: TLS session detection on the wire or PCAP and subsequent fingerprint detetion / creation.
-
Fingerprintout: Export to other formats such as Suricata/Snort rules, ANSI C Structs, "clean" output and xkeyscore (ok, it's regex). NOTE: Because of a lack of flexibility in the suricata/snort rules language, this is currently less accurate than using FingerprinTLS to detect fingerprints and so may require tuning.
-
fingerprints.json: The fingerprint "database" itself.
Please feel free to raise issues and make pull requests to submit code changes, fingerprint submissions, etc.
You can find me on twitter and the project on twitter also.