Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Quick Tip: Using JARM With a SOCKS Proxy - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Quick Tip: Using JARM With a SOCKS Proxy

Rik talked about JARM yesterday "Threat Hunting with JARM".

JARM is a tool to fingerprint TLS servers.

I made some changes to the JARM code to support a SOCKS proxy.

Now I can use JARM over Tor, for example:

You will miss information when you use a SOCKS proxy: the resolved IP, in case you use a domain name.

And on Linux, there are other methods to achieve this.

Didier Stevens
Senior handler
Microsoft MVP


649 Posts
ISC Handler
Nov 29th 2020
The DOC (Bazaar f84b3a056abcbcfd5976afe8776a35c5894b379e65c411ddc421941d3a2a4b8b) is a malware without VBA. It is labeled as "Loki", but it could be a good trial for your TOR

Thank for your efforts!

Sign Up for Free or Log In to start participating in the conversation!