HackingLZ

HackingLZ / ja4_proxy

Public

JA4 proxy tooling.

c2-infrastructure evasion go golang ja3
23
0
69% credibility
Found Feb 19, 2026 at 18 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Go
AI Summary

This project creates a simple intermediary program that disguises secure web connections to match the exact patterns of Windows applications like OneDrive.

How It Works

1
🕵️ Discover the Disguiser

You hear about a handy tool that lets your web connections pretend to be from everyday Windows apps like OneDrive, helping stay under the radar.

2
💻 Get It Ready

Download the single program file and prepare it on your computer with a quick setup.

3
🎭 Pick Your Disguise

Choose from ready-made disguises that match real apps, like the popular OneDrive look.

4
🚀 Start the Helper

Launch the disguiser program, and it quietly listens for your web traffic on your machine.

5
🔄 Route Your Connections

Point your web browser or app to go through the helper, so all secure connections get the disguise.

6
🔍 Verify It Works

Visit a test website through the helper to confirm your connections now look just like the real app.

🎉 Perfect Camouflage

Congratulations, your internet traffic is now invisibly disguised as coming from a genuine Windows app!

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 18 to 23 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is ja4_proxy?

ja4_proxy is a Go-built HTTP proxy that spoofs TLS Client Hellos to mimic Windows apps like OneDrive.exe, delivering exact JA4 fingerprints at the TLS layer. Developers point curl or scripts at it via CONNECT or X-Target-URL headers, and outbound HTTPS traffic looks like native SChannel or WinHTTP from Win11. It chains optionally to SOCKS proxies for IPv6 source rotation from a /64 subnet, all in a single static binary with no runtime deps.

Why is it gaining traction?

This ja4 fingerprint github tooling stands out by embedding verified profiles matching foxio ja4 github standards—think OneDrive TLS 1.3 or Edge Chromium—letting you verify fingerprints instantly with a CLI flag against tls.peet.ws. Unlike bloated alternatives, it's dead simple: build, run, test, with runtime custom YAML loading and production IPv6 tricks via TREVORproxy. Devs grab it for reliable, data-driven TLS evasion without fiddling configs.

Who should use this?

Red teamers and pentesters crafting stealthy C2 beacons or probing WAFs that block by JA4. Security researchers validating fingerprints in evasion pipelines. Go devs building proxy chains needing precise Windows TLS emulation for integration tests.

Verdict

Grab it if JA4 proxy tooling fits your stack—solid docs and verify mode make it production-viable despite 18 stars and 0.7% credibility score signaling early maturity. Low risk for niche use, but watch for upstream uTLS updates.

(187 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.