Merge pull request fooinha#8 from fooinha/feature/ja3-string

fooinha · web-flow · commit bdd263357d2e · 2019-02-10T14:16:03.000Z
nginx-ssl-ja3: $http_ssl_ja3 and $stream_ssl_ja3
diff --git a/README.md b/README.md
@@ -16,6 +16,14 @@ No directives yet.
 
 ### Variables
 
+#### $http_ssl_ja3
+
+The ja3 fingerprint string for a SSL connection for a HTTP server.
+
+```
+771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53-10,0-23-65281-10-11-35-16-5-13-18-51-45-43-21,0-29-23-24,0
+```
+
 #### $http_ssl_ja3_hash
 
 The ja3 fingerprint MD5 hash for a SSL connection for a HTTP server.
@@ -29,11 +37,15 @@ http {
         ssl_certificate        cert.pem;
         ssl_certificate_key    rsa.key;
         error_log              /dev/stderr debug;
-        return                 200 "$time_iso8601-$http_ssl_ja3_hash\n";
+        return                 200 "$time_iso8601\n\n$http_user_agent\n\n$http_ssl_ja3\n\n$http_ssl_ja3_hash\n";
     }
 }
 ```
 
+#### $stream_ssl_ja3
+
+The ja3 fingerprint string for a SSL connection for a stream server.
+
 #### $stream_ssl_ja3_hash
 
 The ja3 fingerprint MD5 hash for a SSL connection for a stream server.
@@ -47,7 +59,7 @@ stream {
         ssl_certificate        cert.pem;
         ssl_certificate_key    rsa.key;
         error_log              /dev/stderr debug;
-        return                 "$time_iso8601-$stream_ssl_ja3_hash\n";
+        return                 "$time_iso8601\n\n$stream_ssl_ja3\n\n$stream_ssl_ja3_hash\n";
     }
 }
 ```
diff --git a/docker/debian-nginx-ssl-ja3/nginx.conf b/docker/debian-nginx-ssl-ja3/nginx.conf
@@ -12,7 +12,7 @@ http {
         ssl_certificate        cert.pem;
         ssl_certificate_key    rsa.key;
         error_log              /dev/stderr debug;
-        return                 200 "$time_iso8601-$http_ssl_ja3_hash\n";
+        return                 200 "$time_iso8601\n\n$http_user_agent\n\n$http_ssl_ja3\n\n$http_ssl_ja3_hash\n";
     }
 }
 
@@ -22,6 +22,6 @@ stream {
         ssl_certificate        cert.pem;
         ssl_certificate_key    rsa.key;
         error_log              /dev/stderr debug;
-        return                 "$time_iso8601-$stream_ssl_ja3_hash\n";
+        return                 "$time_iso8601\n\n$stream_ssl_ja3\n\n$stream_ssl_ja3_hash\n";
     }
 }
diff --git a/src/ngx_http_ssl_ja3_module.c b/src/ngx_http_ssl_ja3_module.c
@@ -62,7 +62,6 @@ ngx_module_t ngx_http_ssl_ja3_module = {
     NGX_MODULE_V1_PADDING
 };
 
-
 static ngx_int_t
 ngx_http_ssl_ja3_hash(ngx_http_request_t *r,
         ngx_http_variable_value_t *v, uintptr_t data)
@@ -112,6 +111,31 @@ ngx_http_ssl_ja3_hash(ngx_http_request_t *r,
     return NGX_OK;
 }
 
+static ngx_int_t
+ngx_http_ssl_ja3(ngx_http_request_t *r,
+        ngx_http_variable_value_t *v, uintptr_t data)
+{
+    ngx_ssl_ja3_t                  ja3;
+    ngx_str_t                      fp = ngx_null_string;
+
+    if (r->connection == NULL) {
+        return NGX_OK;
+    }
+
+    if (ngx_ssl_ja3(r->connection, r->pool, &ja3) == NGX_DECLINED) {
+        return NGX_ERROR;
+    }
+
+    ngx_ssl_ja3_fp(r->pool, &ja3, &fp);
+
+    v->data = fp.data;
+    v->len = fp.len;
+    v->valid = 1;
+    v->no_cacheable = 1;
+    v->not_found = 0;
+
+    return NGX_OK;
+}
 
 static ngx_http_variable_t  ngx_http_ssl_ja3_variables_list[] = {
 
@@ -120,6 +144,11 @@ static ngx_http_variable_t  ngx_http_ssl_ja3_variables_list[] = {
         ngx_http_ssl_ja3_hash,
         0, 0, 0
     },
+    {   ngx_string("http_ssl_ja3"),
+        NULL,
+        ngx_http_ssl_ja3,
+        0, 0, 0
+    },
 
 };
 
diff --git a/src/ngx_stream_ssl_ja3_preread_module.c b/src/ngx_stream_ssl_ja3_preread_module.c
@@ -109,6 +109,31 @@ ngx_stream_ssl_ja3_hash(ngx_stream_session_t *s,
     return NGX_OK;
 }
 
+static ngx_int_t
+ngx_stream_ssl_ja3(ngx_stream_session_t *s,
+        ngx_stream_variable_value_t *v, uintptr_t data)
+{
+    ngx_ssl_ja3_t                  ja3;
+    ngx_str_t                      fp = ngx_null_string;
+
+    if (s->connection == NULL) {
+        return NGX_OK;
+    }
+
+    if (ngx_ssl_ja3(s->connection, s->connection->pool, &ja3) == NGX_DECLINED) {
+        return NGX_ERROR;
+    }
+    ngx_ssl_ja3_fp(s->connection->pool, &ja3, &fp);
+
+    v->data = fp.data;
+    v->len = fp.len;
+    v->valid = 1;
+    v->no_cacheable = 1;
+    v->not_found = 0;
+
+    return NGX_OK;
+}
+
 
 static ngx_stream_variable_t  ngx_stream_ssl_ja3_variables_list[] = {
 
@@ -117,6 +142,11 @@ static ngx_stream_variable_t  ngx_stream_ssl_ja3_variables_list[] = {
         ngx_stream_ssl_ja3_hash,
         0, 0, 0
     },
+    {   ngx_string("stream_ssl_ja3"),
+        NULL,
+        ngx_stream_ssl_ja3,
+        0, 0, 0
+    },
 
 };
 

Original file line number	Diff line number	Diff line change
`@@ -12,7 +12,7 @@ http {`
`12`	`12`	`ssl_certificate cert.pem;`
`13`	`13`	`ssl_certificate_key rsa.key;`
`14`	`14`	`error_log /dev/stderr debug;`
`15`		`- return 200 "$time_iso8601-$http_ssl_ja3_hash\n";`
	`15`	`+ return 200 "$time_iso8601\n\n$http_user_agent\n\n$http_ssl_ja3\n\n$http_ssl_ja3_hash\n";`
`16`	`16`	`}`
`17`	`17`	`}`
`18`	`18`
`@@ -22,6 +22,6 @@ stream {`
`22`	`22`	`ssl_certificate cert.pem;`
`23`	`23`	`ssl_certificate_key rsa.key;`
`24`	`24`	`error_log /dev/stderr debug;`
`25`		`- return "$time_iso8601-$stream_ssl_ja3_hash\n";`
	`25`	`+ return "$time_iso8601\n\n$stream_ssl_ja3\n\n$stream_ssl_ja3_hash\n";`
`26`	`26`	`}`
`27`	`27`	`}`