Skip to content

feat: port Go library features — JA4D, QUIC JA4S, cleanup API, raw fingerprint fix#9

Merged
Crank-Git merged 2 commits into
masterfrom
feature/go-parity
Apr 12, 2026
Merged

feat: port Go library features — JA4D, QUIC JA4S, cleanup API, raw fingerprint fix#9
Crank-Git merged 2 commits into
masterfrom
feature/go-parity

Conversation

@Crank-Git
Copy link
Copy Markdown
Owner

@Crank-Git Crank-Git commented Apr 12, 2026

Summary

  • JA4D: New DHCP fingerprinter ported from Go — 18 message types, option/param list builder, format {msg_type}{max_size}{req_ip}{fqdn}_{options}_{params}
  • QUIC JA4S: JA4S can now fingerprint QUIC Server Initials by tracking client DCIDs and decrypting server packets (server-side HKDF key derivation was already present in quic_utils.py)
  • Connection cleanup API: Added cleanup_connection(src_ip, src_port, dst_ip, dst_port, proto) to all fingerprinters — no-op default on BaseFingerprinter, per-connection eviction on stateful fingerprinters (JA4L, JA4SSH, JA4H, JA4X, JA4S) to prevent memory leaks in long-running monitors
  • JA4 raw fingerprint fix: Removed "JA4_r = " / "JA4_ro = " label prefixes from get_raw_fingerprint() return values — now returns clean data strings matching Go behavior

Test Plan

  • 52 new tests added (529 total, up from 477)
  • tests/test_ja4d.py — 30 tests covering all message types, option/param list building, section format, flags, edge cases
  • tests/test_cleanup_connection.py — 12 tests covering all stateful fingerprinters
  • tests/test_quic_utils.py — QUIC server Initial parsing + JA4S DCID state tracking
  • Full suite passes: 529 passed, 86 subtests passed

Crank-Git and others added 2 commits April 11, 2026 21:45
@Crank-Git
chore: add .worktrees/ to .gitignore
71ffa27
@Crank-Git @claude
feat: port Go library features to Python — JA4D, QUIC JA4S, cleanup A…
2611877 
…PI, raw fingerprint fix

- Add JA4D DHCP fingerprinter: 18 message types, option/param list builder,
  format {msg_type}{max_size}{req_ip}{fqdn}_{options}_{params}, ported from Go ja4d.go
- Add QUIC Server Initial decryption to JA4S: add parse_quic_server_initial()
  to quic_utils.py using server-side HKDF key derivation; JA4SFingerprinter
  now tracks client DCIDs and decrypts server Initials for QUIC JA4S fingerprints
- Add cleanup_connection() API to all fingerprinters: no-op default on
  BaseFingerprinter; per-connection eviction on JA4L, JA4SSH, JA4H, JA4X, JA4S,
  JA4D to prevent memory leaks in long-running monitors
- Fix JA4 raw fingerprint format divergence: remove "JA4_r = " / "JA4_ro = "
  label prefixes from get_raw_fingerprint() return values — return clean strings
- 52 new tests (529 total, 477 baseline)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@Crank-Git Crank-Git merged commit fae7dd2 into master Apr 12, 2026
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Crank-Git