Definition
- When your browser or tool starts a TLS handshake (to make a secure connection), it sends a message called ClientHello. That message includes things like which TLS version is supported, what encryption methods (ciphers) it accepts, and extra options (extensions).
- JA3 takes certain parts of that ClientHello (version, cipher list, extensions, elliptic curves, etc.), puts them together in a fixed order, and then runs them through a hash function (often MD5) to create a short fingerprint - the JA3 hash.
- Because the handshake parameters are in plain text (not encrypted yet), network devices and security systems can see them and compute the JA3 hash.
- Different browsers, tools, or automated bots often have distinct combinations of those handshake values, so their JA3 hashes tend to differ.
- But it’s not perfect: sometimes two different tools may generate the same JA3 hash if their handshake settings are very similar - this is called a collision.
Relevance to Kameleo
For Kameleo to appear like a real browser, it must generate JA3 hashes that match known browser patterns (or at least be plausible), so that anti-bot systems don’t identify it as fake. If Kameleo’s JA3 fingerprint is off (odd values, rare combinations, or too static), detection systems might flag or block the session.
