Glossary

TLS Fingerprinting

Transport Layer Security (TLS) is an encryption protocol that provides protection during communication over the internet. All modern browsers have the capability to communicate using this technology. Previously Secure Sockets Layer (SSL) was used to provide this encryption.

TLS has different versions such as TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3. Every TLS implementation supports different Cipher Suites, and there are different TLS Extensions.

Let’s see a couple of Cipher Suites:

  • TLS_GREASE_3A
  • TLS_AES_128_GCM_SHA256
  • TLS_RSA_WITH_AES_256_CBC_SHA

And here are some TLS Extensions:

  • server_name
  • renegotiation_info
  • session_ticket

A TLS connection is established between your browser and a web server after the browser sends its TLS specification to the server. This allows the server to encrypt data in a way that the browser can read.

Based on the TLS version, supported Cipher Suites, and installed TLS Extensions a JA3 Fingerprint Hash can be calculated for a client browser.

From privacy perspective

Bots and alternative browsers that attempt to change browser fingerprints are easily detected by websites using TLS fingerprinting.

Bots are often using custom implementations of TLS, so their JA3 Hash won’t match popular browser’s JA3 Fingerprint. Unrecognized or blacklisted JA3 hashes will tell the web server that the traffic is not coming from a valid Internet user’s browser.

The same issue occurs when tools try to manipulate the browser fingerprint. When the footprint changing mechanism is applied, most tools need to modify the traffic sent with TLS encryption. Tools decrypt and then re-encrypt traffic for modification. During encryption, the JA3 fingerprint is changing and websites will immediately flag traffic coming from these tools.

The following table shows the JA3 fingerprints of several popular web browsers.

JA3 fingerprints of popular browsers
Browser JA3 fingerprint
Chrome 98 599f223c2c9ee5702f5762913889dc21
Edge 98 599f223c2c9ee5702f5762913889dc21
Firefox 97 bd50e49d418ed1777b9a410d614440c4

The Chrome and Edge browsers (both based on the Chromium engine) share the same JA3 fingerprint, while Firefox has a different one.

Please note that different browser versions may have different JA3 hashes. See your browser’s JA3 Fingerprint with this tool.

This makes it impossible to mimic a Firefox browser with a Chromium-based browser properly. Websites will always see that the JA3 fingerprint is not matching for Firefox.

Solution

Kameleo lets you create virtual browsers that realistically mimic real ones. With our custom-built Firefox, the TLS handshake - including the JA3 fingerprint - closely matches genuine Firefox clients. TLS/JA3 is only one part of fingerprinting, however. Detection systems combine many signals, so Kameleo aims to reduce detectability rather than guarantee complete invisibility.

Hi, we’re Kameleo!

Trusted by thousands of growth hackers, and enterprises worldwide, Kameleo makes browser automation and web scraping smarter, safer, and unstoppable. With our anti-detect browser, you can bypass anti-bot defenses, and stay one step ahead - all with human-like browsers.