Commit Graph

10 Commits

Author SHA1 Message Date
CarterPerez-dev ab22c3b1b8 feat(tlsfp): add social-share OG image and one-command tunnel redeploy
- add 1200x630 og-image.jpg plus Open Graph and Twitter Card meta tags so
  the live demo renders a rich preview when shared (LinkedIn, etc.)
- omit og:url to avoid crawler cache canonicalizing share URLs back to a
  stale entry
- justfile: add redeploy recipe (tunnel down, cached build, up -d with the
  backend profile and remove-orphans); strip the exported dev .env overrides
  so it deploys under the prod project name and ports
- install.sh: clearer live-capture hint (setcap, then run without sudo)
2026-06-18 23:24:30 -04:00
dependabot[bot] 8382f29f9d
chore(deps): bump axios
Bumps [axios](https://github.com/axios/axios) from 1.13.2 to 1.16.0.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](https://github.com/axios/axios/compare/v1.13.2...v1.16.0)

---
updated-dependencies:
- dependency-name: axios
  dependency-version: 1.16.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-06-18 23:40:29 +00:00
CarterPerez-dev fb8e8c0ac9 chore(ja3-ja4-tls-fingerprinting): untrack accidentally committed frontend/.pnpm-store 2026-06-18 19:32:46 -04:00
CarterPerez-dev e87efe7e29 i count the tiles every morning. today there's one more. there's always one more. 2026-06-18 19:28:21 -04:00
CarterPerez-dev 56c2b0233c the hallway is four steps longer at night. i've confirmed this. 2026-06-18 17:40:31 -04:00
CarterPerez-dev 4bb95fdb97 feat(ja3-ja4-tls-fingerprinting): M11 forensic pcap report, criterion benches, TLS miss-rate counter
Add a --report flag to the pcap command that prints one forensic summary of
a whole capture (endpoint inventory, fingerprint distribution, intel verdicts,
detection alerts, and a coverage section with the TLS miss rate and throughput)
instead of the per-event stream, folding in intel and detection automatically
when a seeded database is present. Add a tls_handshakes_fingerprinted counter
and Counters::tls_miss_rate so truncated and multi-segment ClientHellos the
capture clipped are reported rather than mistaken for absence. Add criterion
benches over the vendored captures and the parse/hash hot path. Plus frontend
landing and asset polish.
2026-06-18 11:19:13 -04:00
CarterPerez-dev b689b4ceb9 lol 2026-06-17 15:40:25 -04:00
CarterPerez-dev 1bb94b08eb feat(ja3-ja4-tls-fingerprinting): M8 SQLite intel store + M9 detection engine
M8: tlsfp-intel crate with seeded fingerprint DB, JA4 fuzzy matcher, prevalence scoring.
M9: six detection rules (known_bad, ua_mismatch, os_mismatch, first_seen, fp_rotation, monoculture) over an observation/alert store (migration v2); --detect on pcap/live plus an intel alerts feed; user_agent plumbed through StreamEvent::HttpRequest.
M10 scaffolding: cybercore frontend, compose/infra/install groundwork (serve not yet wired).
Relicense MIT -> AGPL-3.0; ignore env/node_modules/dist; exclude seed CSVs from whitespace hooks.
2026-06-16 03:06:31 -04:00
CarterPerez-dev 7845d9a1d9 m1-7 2026-06-14 02:38:11 -04:00
CarterPerez-dev e4207b343a feat(ja3-ja4-tls-fingerprinting): JA3/JA4 TLS fingerprinting tool in Rust (M0-M5)
Passive TLS client and server fingerprinting from packet captures. Two-crate
workspace: tlsfp-core (parsing and fingerprint logic, no I/O, unsafe forbidden)
and tlsfp (clap CLI). Edition 2024, MSRV 1.85.

Core (M0-M4): a hand-rolled bounds-checked TLS parser for ClientHello,
ServerHello, and the TLS 1.2 Certificate chain, plus the full fingerprint
family computed byte-exact against published vectors: JA3/JA3S (MD5), JA4/JA4_r,
JA4S, JA4H, JA4X, and JA4T. GREASE is stripped, wire order and unknown cipher
and extension values are preserved.

Pipeline (M5): a pcap and pcapng file reader behind a PacketSource trait,
etherparse L2-L4 decode (Ethernet, raw IP, BSD loopback, Linux SLL and SLL2,
VLAN and QinQ), and a hand-rolled per-flow TCP reassembler with wrapping serial
arithmetic, out-of-order parking, first-write-wins overlap resolution, and
bounded memory. The tlsfp pcap subcommand fingerprints every handshake in a
capture, as readable lines or NDJSON.

Verified three ways: 94 tests including unit KATs, nine real-pcap full-pipeline
KATs against the FoxIO sample corpus, and property tests that reassemble
arbitrarily segmented and reordered streams. Builds clean on stable and MSRV
1.85; clippy -D warnings and rustfmt clean.

Test captures under testdata/pcap are vendored unmodified from the FoxIO ja4
repository with per-file SHA-256 provenance.
2026-06-10 08:01:24 -04:00