←back to thread

The internet is no longer a safe haven

(brainbaking.com)
253 points akyuu | 2 comments | 16 Nov 25 13:12 UTC | HN request time: 0s | source
Show context
sequoia ◴[16 Nov 25 16:09 UTC] No.45946116[source]
I don't know if there's a simple solution to deploy this but JA3 fingerprinting is sometimes used to identify similar clients even if they're spread across IPs: https://engineering.salesforce.com/tls-fingerprinting-with-j...
replies(1): >>45946973 #
arbol ◴[16 Nov 25 17:54 UTC] No.45946973[source]
You need to terminate the TLS connection yourself so this prevents people from using DNS proxy, e.g. Cloudflare. Then you have to run a server that has a module that computes the ja3/ja4, e.g. nginx. Even then, it's possible to set your client hello in python/curl/etc. to exactly mirror the JA4 of your chosen browser like Chrome. So ja4 stops basic bots but most seasoned scrapers already implement valid ja4s/ja3s
replies(1): >>45949809 #
1. sequoia ◴[17 Nov 25 00:26 UTC] No.45949809[source]
I thought it wasn't just a matter of valid but of identicalness. Multiple clients with identical JA4 which comprises if I'm not mistaken useragent but also other aspects of the host machine indicate that they are in fact a single user agent.
replies(1): >>45985825 #
2. arbol ◴[19 Nov 25 21:55 UTC] No.45985825[source]
I'm sorry, I don't fully understand your question. This is what I meant by invalid: Anyone using chrome 142 has the same JA4 - I've checked across OS/devices. If you use nodeJS and set your user agent to "chrome 142" then you will have an invalid/incorrect JA4 and you'll stick out from the crowd.