Skip to content
Vol. 1 · Ed. 2026
CyberGlossary
日本語
Entry № 629

JA4 Fingerprint

JA4 Fingerprint とは何ですか?

JA4 FingerprintA 2023 successor to JA3, published by John Althouse at FoxIO, that produces structured, human-readable TLS, HTTP, SSH, and TCP fingerprints designed to remain robust as TLS clients evolve and to be paired across protocols.

JA4 (and the JA4+ family — JA4S, JA4H, JA4X, JA4SSH, JA4T, JA4L) is a 2023 evolution of JA3 published by John Althouse at FoxIO. Where JA3 produced an opaque MD5, JA4 produces a structured string with explicit fields and a small truncated hash, so a fingerprint is both human-readable and trivially groupable by partial match. JA4 covers more parts of the handshake (e.g. signature algorithms, ALPN, the actual TLS version negotiated vs. the offered one) and ignores well-known fields that change for noise reasons, making the resulting fingerprint more stable across TLS-extension shuffling. JA4S fingerprints the server's response, JA4H fingerprints HTTP requests, JA4X fingerprints X.509 certificate issuers, JA4T fingerprints raw TCP options, JA4L estimates light-latency on the path, and JA4SSH fingerprints SSH client handshakes. The license is BSD-3, and integrations exist in Zeek, Wireshark, Suricata, Cloudflare's edge, and several commercial NDR products. JA4-based detections increasingly replace or complement JA3 in modern threat-hunt content.

  1. 01

    An NDR product tags a high-confidence Cobalt Strike beacon by matching its JA4 fingerprint plus a JA4H HTTP header pattern.

  2. 02

    A defender writes a Suricata rule that alerts on any TLS client whose JA4 matches a known Go-`net/http` malware family but whose JA4H differs from the legitimate Go SDK signature.

よくある質問

JA4 Fingerprint とは何ですか?

A 2023 successor to JA3, published by John Althouse at FoxIO, that produces structured, human-readable TLS, HTTP, SSH, and TCP fingerprints designed to remain robust as TLS clients evolve and to be paired across protocols. サイバーセキュリティの ネットワークセキュリティ カテゴリに属します。

JA4 Fingerprint とはどういう意味ですか?

A 2023 successor to JA3, published by John Althouse at FoxIO, that produces structured, human-readable TLS, HTTP, SSH, and TCP fingerprints designed to remain robust as TLS clients evolve and to be paired across protocols.

JA4 Fingerprint はどのように機能しますか?

JA4 (and the JA4+ family — JA4S, JA4H, JA4X, JA4SSH, JA4T, JA4L) is a 2023 evolution of JA3 published by John Althouse at FoxIO. Where JA3 produced an opaque MD5, JA4 produces a structured string with explicit fields and a small truncated hash, so a fingerprint is both human-readable and trivially groupable by partial match. JA4 covers more parts of the handshake (e.g. signature algorithms, ALPN, the actual TLS version negotiated vs. the offered one) and ignores well-known fields that change for noise reasons, making the resulting fingerprint more stable across TLS-extension shuffling. JA4S fingerprints the server's response, JA4H fingerprints HTTP requests, JA4X fingerprints X.509 certificate issuers, JA4T fingerprints raw TCP options, JA4L estimates light-latency on the path, and JA4SSH fingerprints SSH client handshakes. The license is BSD-3, and integrations exist in Zeek, Wireshark, Suricata, Cloudflare's edge, and several commercial NDR products. JA4-based detections increasingly replace or complement JA3 in modern threat-hunt content.

JA4 Fingerprint からどのように防御しますか?

JA4 Fingerprint に対する防御は通常、上記の定義で述べたとおり、技術的統制と運用上の実践を組み合わせます。

JA4 Fingerprint の別名は何ですか?

一般的な別名: JA4+, JA4S, JA4H, JA4X。

関連用語