{"id":33520,"date":"2024-06-27T08:09:23","date_gmt":"2024-06-27T08:09:23","guid":{"rendered":"https:\/\/kalilinuxtutorials.com\/?p=33520"},"modified":"2024-06-27T08:09:25","modified_gmt":"2024-06-27T08:09:25","slug":"hfinger","status":"publish","type":"post","link":"https:\/\/kalilinuxtutorials.com\/hfinger\/","title":{"rendered":"Hfinger &#8211; Fingerprinting Malware HTTP Requests"},"content":{"rendered":"\n<p>Tool for fingerprinting HTTP requests of malware. Based on Tshark and written in Python3. Working prototype stage.<\/p>\n\n\n\n<p>Its main objective is to provide unique representations (fingerprints) of malware requests, which help in their identification.\u00a0<\/p>\n\n\n\n<p>Unique\u00a0means here that each fingerprint should be seen only in one particular malware family, yet one family can have multiple fingerprints. <\/p>\n\n\n\n<p>Hfinger represents the request in a shorter form than printing the whole request, but still human interpretable.<\/p>\n\n\n\n<p>Hfinger can be used in manual malware analysis but also in sandbox systems or SIEMs. <\/p>\n\n\n\n<p>The generated fingerprints are useful for grouping requests, pinpointing requests to particular malware families, identifying different operations of one family, or discovering unknown malicious requests omitted by other security systems but which share fingerprint.<\/p>\n\n\n\n<p><a href=\"https:\/\/www.mdpi.com\/1099-4300\/23\/5\/507\/htm\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">An academic paper<\/a>\u00a0accompanies work on this tool, describing, for example, the motivation of design choices, and the evaluation of the tool compared to\u00a0<a href=\"https:\/\/lcamtuf.coredump.cx\/p0f3\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">p0f<\/a>,\u00a0<a href=\"https:\/\/github.com\/0x4D31\/fatt\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">FATT<\/a>, and\u00a0<a href=\"https:\/\/github.com\/cisco\/mercury\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Mercury<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Table Of Contents<\/strong><a href=\"https:\/\/github.com\/CERT-Polska\/hfinger#table-of-contents\"><\/a><\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>The idea<\/li>\n\n\n\n<li>Installation<\/li>\n\n\n\n<li>Usage<\/li>\n\n\n\n<li>Fingerprint creation<\/li>\n\n\n\n<li>Report modes<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>The Idea<\/strong><a href=\"https:\/\/github.com\/CERT-Polska\/hfinger#the-idea\"><\/a><\/h2>\n\n\n\n<p>The basic assumption of this project is that HTTP requests of different malware families are more or less unique, so they can be fingerprinted to provide some sort of identification. <\/p>\n\n\n\n<p>Hfinger retains information about the structure and values of some headers to provide means for further analysis.<\/p>\n\n\n\n<p> For example, grouping of similar requests &#8211; at this moment, it is still a work in progress.<\/p>\n\n\n\n<p>After analysis of malware&#8217;s HTTP requests and headers, we have identified some parts of requests as being most distinctive. These include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Request method<\/li>\n\n\n\n<li>Protocol version<\/li>\n\n\n\n<li>Header order<\/li>\n\n\n\n<li>Popular headers&#8217; values<\/li>\n\n\n\n<li>Payload length, entropy, and presence of non-ASCII characters<\/li>\n<\/ul>\n\n\n\n<p>Additionally, some standard features of the request URL were also considered. All these parts were translated into a set of features, described in details\u00a0<a href=\"https:\/\/github.com\/CERT-Polska\/hfinger\/blob\/master\/docs\/feature_description.md\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">here<\/a>.<\/p>\n\n\n\n<p>The above features are translated into varying length representation, which is the actual fingerprint. <\/p>\n\n\n\n<p>Depending on report mode, different features are used to fingerprint requests. More information on these modes is presented below. <\/p>\n\n\n\n<p>The feature selection process will be described in the forthcoming academic paper.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Installation<\/strong><a href=\"https:\/\/github.com\/CERT-Polska\/hfinger#installation\"><\/a><\/h2>\n\n\n\n<p>Minimum requirements needed before installation:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>Python<\/code>\u00a0>= 3.3,<\/li>\n\n\n\n<li><code>Tshark<\/code>\u00a0>= 2.2.0.<\/li>\n<\/ul>\n\n\n\n<p>Installation available from PyPI:<\/p>\n\n\n\n<p><code>pip install hfinger<\/code><\/p>\n\n\n\n<p>Hfinger has been tested on Xubuntu 22.04 LTS with&nbsp;<code>tshark<\/code>&nbsp;package in version&nbsp;<code>3.6.2<\/code>, but should work with older versions like&nbsp;<code>2.6.10<\/code>&nbsp;on Xubuntu 18.04 or&nbsp;<code>3.2.3<\/code>&nbsp;on Xubuntu 20.04.<\/p>\n\n\n\n<p>Please note that as with any PoC, you should run Hfinger in a separated environment, at least with Python virtual environment. Its setup is not covered here, but you can try\u00a0<a href=\"https:\/\/docs.python.org\/3\/library\/venv.html\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">this tutorial<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Usage<\/strong><a href=\"https:\/\/github.com\/CERT-Polska\/hfinger#usage\"><\/a><\/h2>\n\n\n\n<p>After installation, you can call the tool directly from a command line with&nbsp;<code>hfinger<\/code>&nbsp;or as a Python module with&nbsp;<code>python -m hfinger<\/code>.<\/p>\n\n\n\n<p>For example:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>foo@bar:~$ hfinger -f \/tmp\/test.pcap\n&#91;{\"epoch_time\": \"1614098832.205385000\", \"ip_src\": \"127.0.0.1\", \"ip_dst\": \"127.0.0.1\", \"port_src\": \"53664\", \"port_dst\": \"8080\", \"fingerprint\": \"2|3|1|php|0.6|PO|1|us-ag,ac,ac-en,ho,co,co-ty,co-le|us-ag:f452d7a9\/ac:as-as\/ac-en:id\/co:Ke-Al\/co-ty:te-pl|A|4|1.4\"}]<\/code><\/pre>\n\n\n\n<p>For more information click <a href=\"https:\/\/github.com\/CERT-Polska\/hfinger\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">here<\/a>.<a href=\"https:\/\/github.com\/CERT-Polska\/hfinger#hfinger---fingerprinting-malware-http-requests\"><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Tool for fingerprinting HTTP requests of malware. Based on Tshark and written in Python3. Working prototype stage. Its main objective is to provide unique representations (fingerprints) of malware requests, which help in their identification.\u00a0 Unique\u00a0means here that each fingerprint should be seen only in one particular malware family, yet one family can have multiple fingerprints. [&hellip;]<\/p>\n","protected":false},"author":12,"featured_media":33525,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh2dFvivlI34NOko9yPfXxqscsSivBNxLRBqLtIKT3wWg3yxqjlDzAMVGDU6IYgbVIx3Tu9xFKAokC_T__uFWIsgGED8LEpJKZ6KjgaicDDZdTGvJBUpE40eayOGLq9CarMIGb0RafUa9V0FWYb6n6Tupm8W5mshR-NbnutU8QiC3lsBxnj4p2-Bjp-c2Lt\/s16000\/Hfinger%20.webp","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[20],"tags":[737,6813,6321,6052,6325],"class_list":["post-33520","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-security","tag-cybersecurity","tag-hfinger","tag-informationsecurity","tag-kalilinux","tag-kalilinuxtools"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Hfinger - Fingerprinting Malware HTTP Requests<\/title>\n<meta name=\"description\" content=\"Tool for fingerprinting HTTP requests of malware. Based on Tshark and written in Python3. Working prototype stage :-)\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kalilinuxtutorials.com\/hfinger\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Hfinger - Fingerprinting Malware HTTP Requests\" \/>\n<meta property=\"og:description\" content=\"Tool for fingerprinting HTTP requests of malware. Based on Tshark and written in Python3. Working prototype stage :-)\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kalilinuxtutorials.com\/hfinger\/\" \/>\n<meta property=\"og:site_name\" content=\"Kali Linux Tutorials\" \/>\n<meta property=\"article:published_time\" content=\"2024-06-27T08:09:23+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-06-27T08:09:25+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh2dFvivlI34NOko9yPfXxqscsSivBNxLRBqLtIKT3wWg3yxqjlDzAMVGDU6IYgbVIx3Tu9xFKAokC_T__uFWIsgGED8LEpJKZ6KjgaicDDZdTGvJBUpE40eayOGLq9CarMIGb0RafUa9V0FWYb6n6Tupm8W5mshR-NbnutU8QiC3lsBxnj4p2-Bjp-c2Lt\/s16000\/Hfinger%20.webp\" \/>\n<meta name=\"author\" content=\"Varshini\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh2dFvivlI34NOko9yPfXxqscsSivBNxLRBqLtIKT3wWg3yxqjlDzAMVGDU6IYgbVIx3Tu9xFKAokC_T__uFWIsgGED8LEpJKZ6KjgaicDDZdTGvJBUpE40eayOGLq9CarMIGb0RafUa9V0FWYb6n6Tupm8W5mshR-NbnutU8QiC3lsBxnj4p2-Bjp-c2Lt\/s16000\/Hfinger%20.webp\" \/>\n<meta name=\"twitter:creator\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:site\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Varshini\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/hfinger\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/hfinger\/\"},\"author\":{\"name\":\"Varshini\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/3c3b3f82a74146532c4def299fe069fa\"},\"headline\":\"Hfinger &#8211; Fingerprinting Malware HTTP Requests\",\"datePublished\":\"2024-06-27T08:09:23+00:00\",\"dateModified\":\"2024-06-27T08:09:25+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/hfinger\/\"},\"wordCount\":446,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/hfinger\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh2dFvivlI34NOko9yPfXxqscsSivBNxLRBqLtIKT3wWg3yxqjlDzAMVGDU6IYgbVIx3Tu9xFKAokC_T__uFWIsgGED8LEpJKZ6KjgaicDDZdTGvJBUpE40eayOGLq9CarMIGb0RafUa9V0FWYb6n6Tupm8W5mshR-NbnutU8QiC3lsBxnj4p2-Bjp-c2Lt\/s16000\/Hfinger%20.webp\",\"keywords\":[\"cybersecurity\",\"Hfinger\",\"informationsecurity\",\"kalilinux\",\"kalilinuxtools\"],\"articleSection\":[\"Cyber security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/hfinger\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/hfinger\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/hfinger\/\",\"name\":\"Hfinger - Fingerprinting Malware HTTP Requests\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/hfinger\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/hfinger\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh2dFvivlI34NOko9yPfXxqscsSivBNxLRBqLtIKT3wWg3yxqjlDzAMVGDU6IYgbVIx3Tu9xFKAokC_T__uFWIsgGED8LEpJKZ6KjgaicDDZdTGvJBUpE40eayOGLq9CarMIGb0RafUa9V0FWYb6n6Tupm8W5mshR-NbnutU8QiC3lsBxnj4p2-Bjp-c2Lt\/s16000\/Hfinger%20.webp\",\"datePublished\":\"2024-06-27T08:09:23+00:00\",\"dateModified\":\"2024-06-27T08:09:25+00:00\",\"description\":\"Tool for fingerprinting HTTP requests of malware. Based on Tshark and written in Python3. Working prototype stage :-)\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/hfinger\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/hfinger\/#primaryimage\",\"url\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh2dFvivlI34NOko9yPfXxqscsSivBNxLRBqLtIKT3wWg3yxqjlDzAMVGDU6IYgbVIx3Tu9xFKAokC_T__uFWIsgGED8LEpJKZ6KjgaicDDZdTGvJBUpE40eayOGLq9CarMIGb0RafUa9V0FWYb6n6Tupm8W5mshR-NbnutU8QiC3lsBxnj4p2-Bjp-c2Lt\/s16000\/Hfinger%20.webp\",\"contentUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh2dFvivlI34NOko9yPfXxqscsSivBNxLRBqLtIKT3wWg3yxqjlDzAMVGDU6IYgbVIx3Tu9xFKAokC_T__uFWIsgGED8LEpJKZ6KjgaicDDZdTGvJBUpE40eayOGLq9CarMIGb0RafUa9V0FWYb6n6Tupm8W5mshR-NbnutU8QiC3lsBxnj4p2-Bjp-c2Lt\/s16000\/Hfinger%20.webp\",\"width\":\"1600\",\"height\":\"900\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"name\":\"Kali Linux Tutorials\",\"description\":\"Kali Linux Tutorials\",\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\",\"name\":\"Kali Linux Tutorials\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"contentUrl\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"width\":272,\"height\":90,\"caption\":\"Kali Linux Tutorials\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/CyberEdition\",\"https:\/\/www.threads.com\/@cybersecurityedition\",\"https:\/\/www.linkedin.com\/company\/cyberedition\",\"https:\/\/www.instagram.com\/cybersecurityedition\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/3c3b3f82a74146532c4def299fe069fa\",\"name\":\"Varshini\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f19f43637c0f83fb3dcfb498f306b2a9ac0025ce85840ab52ee8c01f5361f269?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f19f43637c0f83fb3dcfb498f306b2a9ac0025ce85840ab52ee8c01f5361f269?s=96&d=mm&r=g\",\"caption\":\"Varshini\"},\"description\":\"Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.\",\"sameAs\":[\"http:\/\/kalilinuxtutorials.com\",\"https:\/\/www.linkedin.com\/in\/senthamil-selvan-14043a285\/\"],\"url\":\"https:\/\/kalilinuxtutorials.com\/author\/vinayakagrawal\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Hfinger - Fingerprinting Malware HTTP Requests","description":"Tool for fingerprinting HTTP requests of malware. Based on Tshark and written in Python3. Working prototype stage :-)","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kalilinuxtutorials.com\/hfinger\/","og_locale":"en_US","og_type":"article","og_title":"Hfinger - Fingerprinting Malware HTTP Requests","og_description":"Tool for fingerprinting HTTP requests of malware. Based on Tshark and written in Python3. Working prototype stage :-)","og_url":"https:\/\/kalilinuxtutorials.com\/hfinger\/","og_site_name":"Kali Linux Tutorials","article_published_time":"2024-06-27T08:09:23+00:00","article_modified_time":"2024-06-27T08:09:25+00:00","og_image":[{"url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh2dFvivlI34NOko9yPfXxqscsSivBNxLRBqLtIKT3wWg3yxqjlDzAMVGDU6IYgbVIx3Tu9xFKAokC_T__uFWIsgGED8LEpJKZ6KjgaicDDZdTGvJBUpE40eayOGLq9CarMIGb0RafUa9V0FWYb6n6Tupm8W5mshR-NbnutU8QiC3lsBxnj4p2-Bjp-c2Lt\/s16000\/Hfinger%20.webp","type":"","width":"","height":""}],"author":"Varshini","twitter_card":"summary_large_image","twitter_image":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh2dFvivlI34NOko9yPfXxqscsSivBNxLRBqLtIKT3wWg3yxqjlDzAMVGDU6IYgbVIx3Tu9xFKAokC_T__uFWIsgGED8LEpJKZ6KjgaicDDZdTGvJBUpE40eayOGLq9CarMIGb0RafUa9V0FWYb6n6Tupm8W5mshR-NbnutU8QiC3lsBxnj4p2-Bjp-c2Lt\/s16000\/Hfinger%20.webp","twitter_creator":"@CyberEdition","twitter_site":"@CyberEdition","twitter_misc":{"Written by":"Varshini","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kalilinuxtutorials.com\/hfinger\/#article","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/hfinger\/"},"author":{"name":"Varshini","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/3c3b3f82a74146532c4def299fe069fa"},"headline":"Hfinger &#8211; Fingerprinting Malware HTTP Requests","datePublished":"2024-06-27T08:09:23+00:00","dateModified":"2024-06-27T08:09:25+00:00","mainEntityOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/hfinger\/"},"wordCount":446,"commentCount":0,"publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/hfinger\/#primaryimage"},"thumbnailUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh2dFvivlI34NOko9yPfXxqscsSivBNxLRBqLtIKT3wWg3yxqjlDzAMVGDU6IYgbVIx3Tu9xFKAokC_T__uFWIsgGED8LEpJKZ6KjgaicDDZdTGvJBUpE40eayOGLq9CarMIGb0RafUa9V0FWYb6n6Tupm8W5mshR-NbnutU8QiC3lsBxnj4p2-Bjp-c2Lt\/s16000\/Hfinger%20.webp","keywords":["cybersecurity","Hfinger","informationsecurity","kalilinux","kalilinuxtools"],"articleSection":["Cyber security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/kalilinuxtutorials.com\/hfinger\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/kalilinuxtutorials.com\/hfinger\/","url":"https:\/\/kalilinuxtutorials.com\/hfinger\/","name":"Hfinger - Fingerprinting Malware HTTP Requests","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/hfinger\/#primaryimage"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/hfinger\/#primaryimage"},"thumbnailUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh2dFvivlI34NOko9yPfXxqscsSivBNxLRBqLtIKT3wWg3yxqjlDzAMVGDU6IYgbVIx3Tu9xFKAokC_T__uFWIsgGED8LEpJKZ6KjgaicDDZdTGvJBUpE40eayOGLq9CarMIGb0RafUa9V0FWYb6n6Tupm8W5mshR-NbnutU8QiC3lsBxnj4p2-Bjp-c2Lt\/s16000\/Hfinger%20.webp","datePublished":"2024-06-27T08:09:23+00:00","dateModified":"2024-06-27T08:09:25+00:00","description":"Tool for fingerprinting HTTP requests of malware. Based on Tshark and written in Python3. Working prototype stage :-)","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kalilinuxtutorials.com\/hfinger\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/hfinger\/#primaryimage","url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh2dFvivlI34NOko9yPfXxqscsSivBNxLRBqLtIKT3wWg3yxqjlDzAMVGDU6IYgbVIx3Tu9xFKAokC_T__uFWIsgGED8LEpJKZ6KjgaicDDZdTGvJBUpE40eayOGLq9CarMIGb0RafUa9V0FWYb6n6Tupm8W5mshR-NbnutU8QiC3lsBxnj4p2-Bjp-c2Lt\/s16000\/Hfinger%20.webp","contentUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh2dFvivlI34NOko9yPfXxqscsSivBNxLRBqLtIKT3wWg3yxqjlDzAMVGDU6IYgbVIx3Tu9xFKAokC_T__uFWIsgGED8LEpJKZ6KjgaicDDZdTGvJBUpE40eayOGLq9CarMIGb0RafUa9V0FWYb6n6Tupm8W5mshR-NbnutU8QiC3lsBxnj4p2-Bjp-c2Lt\/s16000\/Hfinger%20.webp","width":"1600","height":"900"},{"@type":"WebSite","@id":"https:\/\/kalilinuxtutorials.com\/#website","url":"https:\/\/kalilinuxtutorials.com\/","name":"Kali Linux Tutorials","description":"Kali Linux Tutorials","publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/kalilinuxtutorials.com\/#organization","name":"Kali Linux Tutorials","url":"https:\/\/kalilinuxtutorials.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/","url":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","contentUrl":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","width":272,"height":90,"caption":"Kali Linux Tutorials"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/CyberEdition","https:\/\/www.threads.com\/@cybersecurityedition","https:\/\/www.linkedin.com\/company\/cyberedition","https:\/\/www.instagram.com\/cybersecurityedition\/"]},{"@type":"Person","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/3c3b3f82a74146532c4def299fe069fa","name":"Varshini","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/f19f43637c0f83fb3dcfb498f306b2a9ac0025ce85840ab52ee8c01f5361f269?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f19f43637c0f83fb3dcfb498f306b2a9ac0025ce85840ab52ee8c01f5361f269?s=96&d=mm&r=g","caption":"Varshini"},"description":"Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.","sameAs":["http:\/\/kalilinuxtutorials.com","https:\/\/www.linkedin.com\/in\/senthamil-selvan-14043a285\/"],"url":"https:\/\/kalilinuxtutorials.com\/author\/vinayakagrawal\/"}]}},"jetpack_featured_media_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh2dFvivlI34NOko9yPfXxqscsSivBNxLRBqLtIKT3wWg3yxqjlDzAMVGDU6IYgbVIx3Tu9xFKAokC_T__uFWIsgGED8LEpJKZ6KjgaicDDZdTGvJBUpE40eayOGLq9CarMIGb0RafUa9V0FWYb6n6Tupm8W5mshR-NbnutU8QiC3lsBxnj4p2-Bjp-c2Lt\/s16000\/Hfinger%20.webp","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":17473,"url":"https:\/\/kalilinuxtutorials.com\/jarm\/","url_meta":{"origin":33520,"position":0},"title":"Jarm : Active Transport Layer Security (TLS) server fingerprinting tool","author":"R K","date":"August 15, 2021","format":false,"excerpt":"JARM is an active Transport Layer Security (TLS) server fingerprinting tool. JARM fingerprints can be used to: Quickly verify that all servers in a group have the same TLS configuration.Group disparate servers on the internet by configuration, identifying that a server may belong to Google vs. Salesforce vs. Apple, for\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":3590,"url":"https:\/\/kalilinuxtutorials.com\/imaginaryc2-network-analysis-malware\/","url_meta":{"origin":33520,"position":1},"title":"ImaginaryC2:Python Tool Help In Network Behavioral Analysis Of Malware","author":"R K","date":"January 18, 2019","format":false,"excerpt":"ImaginaryC2 is a python tool which aims to help in the behavioral (network) analysis of malware. It hosts a HTTP server which captures HTTP requests towards selectively chosen domains\/IPs. Additionally, the tool aims to make it easy to replay captured Command-and-Control responses\/served payloads. By using this tool, an analyst can\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2019\/01\/Imaginary-C2-1-1024x721.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2019\/01\/Imaginary-C2-1-1024x721.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2019\/01\/Imaginary-C2-1-1024x721.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2019\/01\/Imaginary-C2-1-1024x721.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":36604,"url":"https:\/\/kalilinuxtutorials.com\/lummac2-stealer\/","url_meta":{"origin":33520,"position":2},"title":"LummaC2 Stealer : Unpacking The Threats Of A Marketed &#8216;Premium&#8217; Malware","author":"Varshini","date":"February 20, 2025","format":false,"excerpt":"LummaC2 is a commodity malware designed as an information stealer, targeting browsers, cryptocurrency wallets, and authentication data. Marketed as a \"premium\" infostealer on underground cybercrime forums, its actual implementation reveals significant weaknesses, making it a low-quality tool in the malware ecosystem. Despite its advanced claims, the stealer is riddled with\u2026","rel":"","context":"In &quot;Cyber security&quot;","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/LummaC2-Stealer.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/LummaC2-Stealer.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/LummaC2-Stealer.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/LummaC2-Stealer.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/LummaC2-Stealer.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/LummaC2-Stealer.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":1779,"url":"https:\/\/kalilinuxtutorials.com\/sipi-simple-ip-information-tools\/","url_meta":{"origin":33520,"position":3},"title":"SIPI &#8211; Simple IP Information Tools for Reputation Data Analysis","author":"R K","date":"June 28, 2018","format":false,"excerpt":"SIPI tool is aimed for Incident Response Team and anyone what's want to know the behaviour of the \"suspicious\" IP Address. The tools do search looking for reputation info from a set of open threat intelligence sources. Information about this IP like malware activity, malicious activity, blacklist, spam and botnet\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2018\/04\/button_download.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":37350,"url":"https:\/\/kalilinuxtutorials.com\/spyai\/","url_meta":{"origin":33520,"position":4},"title":"SpyAI : Intelligent Malware With Advanced Capabilities","author":"Varshini","date":"March 28, 2025","format":false,"excerpt":"SpyAI is a sophisticated form of malware that leverages advanced technologies to capture and analyze screenshots from entire monitors. It utilizes Slack as a trusted channel to exfiltrate these screenshots to a Command and Control (C2) server. The C2 server employs GPT-4 Vision, a cutting-edge AI model, to analyze the\u2026","rel":"","context":"In &quot;Cyber security&quot;","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/SpyAI-.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/SpyAI-.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/SpyAI-.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/SpyAI-.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/SpyAI-.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/SpyAI-.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":20569,"url":"https:\/\/kalilinuxtutorials.com\/hashdb-ida\/","url_meta":{"origin":33520,"position":5},"title":"Hashdb-Ida : HashDB API Hash Lookup Plugin For IDA Pro","author":"R K","date":"December 7, 2021","format":false,"excerpt":"Hashdb-Ida is tool for Malware string hash lookup plugin for IDA Pro. This plugin connects to the OALABS\u00a0HashDB Lookup Service. Adding New Hash Algorithms The hash algorithm database is open source and new algorithms can be added on\u00a0GitHub here. Pull requests are mostly automated and as long as our automated\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEhPjLboXYtkGSe69hz_3sbdtIChasz54k-DUCh5jzeZDjcZLaIEfY0d7HtiEDVCAEWi1j0N15OC5hnW1q_sNabP3OZUTSbCxLt_n67eTA7gBLn1gFc6SDX9bJwHfm95oAbl0xkzo-jk1YRrlw-iRw6ARB98R6wWrAdLATdOU1qors9EUUQwz-Ppp6a7=s380","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/33520","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/comments?post=33520"}],"version-history":[{"count":5,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/33520\/revisions"}],"predecessor-version":[{"id":33526,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/33520\/revisions\/33526"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media\/33525"}],"wp:attachment":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media?parent=33520"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/categories?post=33520"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/tags?post=33520"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}