From dacd904f21e29bd8ba52b090fdcedb71bc162d6a Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Sun, 6 Mar 2022 11:22:21 +0100
Subject: [PATCH] chg: [doc] An example use-case of JA3

---
 README.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/README.md b/README.md
index 633a7b0..989021a 100644
--- a/README.md
+++ b/README.md
@@ -26,6 +26,12 @@ includes a JSON output option, supports [JA3](https://github.com/salesforce/ja3)
 
 For more details, check the man page.
 
+## How can I lookup ja3 hashes?
+
+This example will query ja3er.com service to display the known ja3 hashes from the TLS handshaked in the pcap.
+
+`ssldump -r yourcapture.pcap -j  | jq -r 'select(.ja3_fp != null) | .ja3_fp' | parallel 'curl -s -X GET 'https://ja3er.com/search/{}' | jq .'`
+
 # Why do you maintain this repository?
 
 Because it's a mess. The software maintenance process for old free (unmaintained) software