Free online service for scanning TLS fingerprints of servers (JA3S and JA4S scanner)
TLS Fingerprinting is a technique for obtaining unique fingerprints of clients and servers, allowing you to determine the type of software used (web browser, console utility, bot, malware, etc.).
A TLS (Transport Layer Security) handshake is used for identification. Moreover, the unencrypted part of the transmitted data is used – that is, there is no need to decrypt the data.
A TLS handshake has enough unique features that allow you to identify the client (which software group it belongs to) and, sometimes, even the version of the program.
A TLS fingerprint is a hash obtained by hashing the identifying features of the client or server.
Usually, different groups of clients have different TLS fingerprint values, but sometimes the hash values may coincide for unrelated utilities and programs.
A distinction is made between TLS fingerprints of servers and clients. Sometimes the same program can be both a server (listening for incoming connections) and a client (initiating connections) – for example, this is common among malware that acts as a Command and Control infrastructure (also known as C2 or C&C).
This service will show JA3S and JA4S fingerprints for servers.
Description of the output fields:
- JA3S – the original version of the TLS server fingerprint.
- JA3S_FULL – the raw data used to compute the JA3S hash.
- JA4S – TLS server fingerprint (supersedes JA3S).
- JA4S_R – the raw data used to compute the JA4S hash.
Examples:
- 157.245.118.66
- w-e-b.site
- 2604:a880:800:c1::2ae:d001
- 2001:4860:4860::8888
Port examples:
- 443
- 55443