Skip to content

Add TLS ClientHello analyzer #2

Closed
Closed
Add TLS ClientHello analyzer#2
Labels
analyzerProtocol analyzer modulesenhancementNew feature or requestprotocol:tlsTLS/SSL protocol analysis
@Zious11

Description

@Zious11
Zious11
opened on Apr 3, 2026

Summary

Implement a TLS analyzer that parses ClientHello messages to extract SNI, cipher suites, and JA3 fingerprints.

Requirements

  • Detect TLS handshake (content type 0x16, handshake type 0x01) in TCP payload on port 443
  • Extract Server Name Indication (SNI) from extensions
  • Extract offered cipher suites and TLS version
  • Compute JA3 fingerprint hash for client profiling
  • Flag suspicious patterns: self-signed indicators, unusual cipher suites, GREASE values

Acceptance Criteria

  • TlsAnalyzer implements ProtocolAnalyzer
  • Tests with crafted ClientHello bytes
  • Summarize: top SNIs, JA3 hashes, TLS versions

Metadata

Metadata

Assignees

No one assigned

    Labels

    analyzerProtocol analyzer modulesenhancementNew feature or requestprotocol:tlsTLS/SSL protocol analysis

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions