Ja4 Supporting
yarosman opened this issue · 7 comments
There exist updates in TLS client fingerprinting technology
https://github.com/FoxIO-LLC/ja4/tree/main
Thanks! I admit that ja4 do some enhancements/improvements than ja3, but I'd like wait it to be mature
I think that bigtech (e.g. cloudflare) will merge/support ja4 variants or raise another alternative for it.
Let's keep eyes on it.
Currently I dont like ja4 because it sorted extension -- randomize extensions is a feature of new chrome -- we could distinguish/detect bot on top of it, so we shall not sort.
Rest parts of ja4 is LGTM.
Chrome randomizes extensions, Firefox will randomize in the future (I read somewhere)) ) - therefore without ordering, we have cases when on each page reloading we will get different ja3, and ja4 fixes it
Currently I dont like ja4 because it sorted extension -- randomize extensions is a feature of new chrome -- we could distinguish/detect bot on top of it, so we shall not sort. Rest parts of ja4 is LGTM.
I agree. here's why: if you have a client that identifies as a current version of chrome but does not have a random extension list on subsequent requests, you know it's a bot. An unsorted list can always be sorted later.
But, I also agree that the hash by itself is less useful. Just out of curiosity what happens when FIPS mode is enabled on the system or during compile time since md5 function is removed? It seems to me the hash function can be removed and any hash functionality could be done by whatever process consumes the fingerprint data.
Cloudflare added the support of JA4 in its enterprise plan, it's my turn to follow it now.
https://developers.cloudflare.com/bots/concepts/ja3-ja4-fingerprint/