Quick Tip: Using JARM With a SOCKS Proxy

Published: 2020-11-29
Last Updated: 2020-11-29 12:29:53 UTC
by Didier Stevens (Version: 1)
1 comment(s)

Rik talked about JARM yesterday "Threat Hunting with JARM".

JARM is a tool to fingerprint TLS servers.

I made some changes to the JARM code to support a SOCKS proxy.

Now I can use JARM over Tor, for example:

You will miss information when you use a SOCKS proxy: the resolved IP, in case you use a domain name.

And on Linux, there are other methods to achieve this.

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

Keywords: JARM SOCKS Tor
1 comment(s)

Comments

The DOC (Bazaar f84b3a056abcbcfd5976afe8776a35c5894b379e65c411ddc421941d3a2a4b8b) is a malware without VBA. It is labeled as "Loki", but it could be a good trial for your TOR jarm.py

Thank for your efforts!

Diary Archives