Logo
Hfinger

Hfinger

#Security Testing#Malware Analysis

A malware processing and analytics tool that utilizes Pig, Django, and Elasticsearch to analyze and visualize malware data.

Visit Website

Tool for Fingerprinting HTTP Requests of Malware

This tool is based on Tshark and is written in Python3. It is currently in the working prototype stage. Its primary goal is to create unique representations, known as fingerprints, of malware requests, which aid in their identification. The term 'unique' here means that each fingerprint should be associated with only one specific malware family; however, a single family can have multiple fingerprints. Hfinger provides a more concise representation of the request, making it shorter than displaying the entire request while still being understandable to humans. Hfinger can be utilized in manual malware analysis as well as in sandbox environments or Security Information and Event Management (SIEM) systems.

The generated fingerprints are valuable for cybersecurity analysis

The generated fingerprints are valuable for grouping requests, identifying requests linked to specific malware families, distinguishing various operations within a single family, or uncovering unknown malicious requests that other security systems may have missed but share the same fingerprint. An academic paper accompanies the development of this tool, detailing aspects such as the rationale behind design choices and the tool's performance evaluation against p0f, FATT, and Mercury.