nginx获取ja3指纹

Java方式获取ja3指纹，请参考《Java获取SSL/TLS指纹（JA3）》文章。

1.安装依赖

yum -y install patch git pcre-devel zlib zlib-devel gcc gcc-c++ autoconf automake

2.下载nginx-ssl-ja3模块代码

git clone https://github.com/fooinha/nginx-ssl-ja3.git
# 国内镜像
git clone https://gitee.com/pengjianbo/nginx-ssl-ja3.git

3.下载openssl并加入补丁包进行编译

git clone https://github.com/openssl/openssl.git
# 国内镜像
git clone https://gitee.com/mirrors/openssl.git
cd openssl
git checkout OpenSSL_1_1_1 -b patched
cp ../nginx-ssl-ja3/patches/openssl.extensions.patch .
patch -p1 < openssl.extensions.patch
./config
make && make install

4.下载nginx源码

wget http://nginx.org/download/nginx-1.17.1.tar.gz

5.编译nginx和ja3模块

tar -zxvf nginx-1.17.1.tar.gz
cd nginx-1.17.1
# 拷贝ja3补丁程序
cp ../nginx-ssl-ja3/patches/nginx.latest.patch .
# 合并补丁程序
patch -p1 < nginx.latest.patch
# 将nginx.cnf配置文件覆盖原先配置文件（这步只是可根据实际情况是否执行,主要就两个变量：$http_ssl_ja3和$http_ssl_ja3_hash）
cp ../nginx-ssl-ja3/docker/debian-nginx-ssl-ja3/nginx.conf conf/nginx.conf
# 编译前配置
./configure --add-module=/root/soft/nginx-ssl-ja3 --with-http_ssl_module --with-stream_ssl_module --with-debug --with-stream --with-http_stub_status_module --with-http_v2_module --with-http_gzip_static_module --with-http_sub_module
# 编译与安装
make && make install

# 创建日志目录
mkdir  /usr/local/nginx/logs

6.配置和启动nginx

server {
        listen       443 ssl;
        server_name  www.bbmax.cc;

                # 配置证书
        ssl_certificate      6072302_www.bbmax.cc.pem;
        ssl_certificate_key  6072302_www.bbmax.cc.key;
        
                # 将ja3信息设置到请求头header中
                proxy_set_header ja3 $http_ssl_ja3;
                proxy_set_header ja3_hash $http_ssl_ja3_hash;
        
                # 将ja3信息返回给响应header中
                #add_header ja3 $http_ssl_ja3;
                #add_header ja3_hash $http_ssl_ja3_hash;
                
                # 访问时直接返回ja3信息
        #return 200 "$http_ssl_ja3\n\n$http_ssl_ja3_hash\n";
    }

启动nginx

./nginx

7.测试

浏览器测试：

https://www.bbmax.cc

命令行测试：

openssl s_client -connect 127.0.0.1:12345 -cipher "AES128-SHA" -curves secp521r1

问题

1.更新openssl后执行openssl version提示报错：openssl: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory

cp /usr/lib64/libssl.so ~/bak/

ln -s /usr/local/lib64/libssl.so /usr/lib64/
ln -s /usr/local/lib64/libssl.so.1.1 /usr/lib64/

ln -s /usr/local/lib64/libcrypto.so /usr/lib64/
ln -s /usr/local/lib64/libcrypto.so.1.1 /usr/lib64/

2.编译报错

ngx_ssl_ja3.c: In function ‘ngx_ssl_ja3_detail_print’:
ngx_ssl_ja3.c:137: error: ‘for’ loop initial declarations are only allowed in C99 mode
ngx_ssl_ja3.c:137: note: use option -std=c99 or -std=gnu99 to compile your code

这是因为在gcc中直接在for循环中初始化了增量，修改代码将要for()循环内部定义的变量放到外部去定义