Quick Tip: Using JARM With a SOCKS Proxy, (Sun, Nov 29th)
SANS Internet Storm Center, InfoCON: green 2020-11-29
Rik talked about JARM yesterday "Threat Hunting with JARM".
JARM is a tool to fingerprint TLS servers.
I made some changes to the JARM code to support a SOCKS proxy.
Now I can use JARM over Tor, for example:
You will miss information when you use a SOCKS proxy: the resolved IP, in case you use a domain name.
And on Linux, there are other methods to achieve this.
Didier Stevens Senior handler Microsoft MVP blog.DidierStevens.com DidierStevensLabs.com
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.