TLS Fingerprinting

  • Created

Transport Layer Security (TLS) is an encryption protocol that provides protection during communication over the internet. All modern browsers have the capability to communicate using this technology. Previously Secure Sockets Layer (SSL) was used to provide this encryption.

TLS has different versions such as TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3. Every TLS implementation supports different Cipher Suites, and there are different TLS Extensions.

Let’s see a couple of Cipher Suites:

  • TLS_GREASE_3A
  • TLS_AES_128_GCM_SHA256
  • TLS_RSA_WITH_AES_256_CBC_SHA

And here are some TLS Extensions:

  • server_name
  • renegotiation_info
  • session_ticket

A TLS connection is established between your browser and a web server after the browser sends its TLS specification to the server. This allows the server to encrypt data in a way that the browser can read.

Based on the TLS version, supported Cipher Suites, and installed TLS Extensions a JA3 Fingerprint Hash can be calculated for a client browser.

From privacy perspective

Bots and alternative browsers that attempt to change browser fingerprints are easily detected by websites using TLS fingerprinting.

Bots are often using custom implementations of TLS, so their JA3 Hash won’t match popular browser’s JA3 Fingerprint. Unrecognized or blacklisted JA3 hashes will tell the web server that the traffic is not coming from a valid Internet user’s browser.

The same issue occurs when tools try to manipulate the browser fingerprint. When the footprint changing mechanism is applied, most tools need to modify the traffic sent with TLS encryption. Tools decrypt and then re-encrypt traffic for modification. During encryption, the JA3 fingerprint is changing and websites will immediately flag traffic coming from these tools.

The following table shows the JA3 fingerprints of several popular web browsers.

Browser JA3 fingerprint
Chrome 98 599f223c2c9ee5702f5762913889dc21
Edge 98 599f223c2c9ee5702f5762913889dc21
Firefox 97 bd50e49d418ed1777b9a410d614440c4

The Chrome and Edge browsers (both based on the Chromium engine) share the same JA3 fingerprint, while Firefox has a different one.

Please note that different browser versions may have different JA3 hashes. See your browser’s JA3 Fingerprint with this tool.

This makes it impossible to mimic a Firefox browser with a Chromium-based browser properly. Websites will always see that the JA3 fingerprint is not matching for Firefox.

Solution

Kameleo is a tool developed by experienced professionals. It lets you control your browser’s fingerprint without providing a detectable JA3 fingerprint. So for example you can create a virtual browser to imitate the behavior of a Firefox user. As Kameleo will let you mimic a Firefox browser with our custom-built Firefox instead of a Chromium-based browser, the TLS fingerprint will match with real Firefox users'. Kameleo is shipped with 4 different built-in browsers. This won’t make you suspicious and keeps you and your bots undetectable.

Was this article helpful?

2 out of 2 found this helpful