Realtime & offline TLS fingerprint analysis and blacklist blocking 🔒🚦
JA3Block-Check is a powerful Python tool that captures and analyzes TLS packets in real time and from pcap files, focusing on fingerprinting Client Hello and Server Hello messages to detect threats and security anomalies in encrypted traffic.
- 🕵️♂️ Real-time packet capture and live analysis
- 📦 Offline support: analyze pcap files
- ⚡ Customizable output: stdout or file, JSON format for easy integration
- 🗂️ Customizable JA3 blacklist (sslbl JA3 fingerprints)
- ❌ Block malicious connections via iptables
- 🧑💻 Compatibility: Python 3.x, Scapy, Colorama
git clone https://github.com/Mic52M/JA3Block-Check.git cd JA3Block-Check pip install -r requirements.txt
python JA3Script.py -i Any --json --savepcap -pf output
text
- -i: network interface ("Any" for all)
- --json: JSON output
- --savepcap: save raw packets
- -pf: output pcap file prefix
python JA3Script.py -f input.pcap --json --savepcap -pf output
- -f: path to the pcap file
-jtype: "ja3", "ja3s", "all" (default: all)--ja3blacklist: path to JA3 blacklist file--IPblacklist: path to IP blacklist file
Live scan, JSON output, save pcap files python JA3Script.py -i Any --json --savepcap -pf results
Analyze a previously captured pcap python JA3Script.py -f traffic.pcap
JA3Script.py: main script, CLI parser, core logicrequirements.txt: dependencies (Scapy, Colorama, etc.)README.md: documentation
#TLS #fingerprinting #JA3 #network-security #pcap #python #Infosec #iptables #cybersecurity #real-time #offline
Mic52M
Cybersecurity Researcher.
MIT License - see LICENSE for details.