chg: [doc] An example use-case of JA3

2024-11-21 17:07:04 +00:00 · 2022-03-06 11:22:21 +01:00 · 2022-03-06 11:22:21 +01:00 · dacd904f21
commit dacd904f21
parent deb2566496
1 changed files with 6 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -26,6 +26,12 @@ includes a JSON output option, supports [JA3](https://github.com/salesforce/ja3)

 For more details, check the man page.

+## How can I lookup ja3 hashes?
+
+This example will query ja3er.com service to display the known ja3 hashes from the TLS handshaked in the pcap.
+
+`ssldump -r yourcapture.pcap -j  | jq -r 'select(.ja3_fp != null) | .ja3_fp' | parallel 'curl -s -X GET 'https://ja3er.com/search/{}' | jq .'`
+
 # Why do you maintain this repository?

 Because it's a mess. The software maintenance process for old free (unmaintained) software