• Getting Started
  • Browser Configuration
  • Proxy Setting
  • Advanced Setting
  • Video Tutorial
  • FAQ
  • API

SSL fingerprint Setting

What is an SSL fingerprint?
It can be said that each browser generally has a fixed SSL fingerprint. For general users, as long as the default state is sufficient, the default is the default SSL fingerprint of the Google chrome browser.

Mainly you can set the number and order of cipher suites, which can resist some websites that use JA3 method to detect SSL fingerprints. Generally, each browser has a relatively fixed SSL fingerprint. When doing multi-account or anti-association projects, the change of the SSL fingerprint may play a certain role. However, if you don’t know what an SSL fingerprint is, it is recommended to still don't mess with it, because it may be counterproductive.

SSL fingerprint settings
SSL fingerprint settings

The JA3 method is used to collect the decimal values ​​of the bytes of the following fields in the client Hello packet: version, accepted ciphers, list of extensions, elliptic curve, and elliptic curve format. Then, separate each field with "," and the values ​​in each field with "-", concatenating the values ​​together in order.

JA3 TLS Protocol
JA3 TLS Protocol

JA3 is a method for creating SSL/TLS client fingerprints that should be easy to generate on any platform and easily shared for threat intelligence purposes.

how SSL works
how SSL works

Example client hello packet viewed in Wireshark

The order of the fields is as follows:

TLSVersion, Ciphers, Extensions, EllipticCurves, EllipticCurvePointFormats



If there are no TLS extensions in the Client Hello, these fields will be left blank.


These strings are then MD5 hashed to generate a 32-character fingerprint that is easy to use and share. This is the JA3 TLS client fingerprint.

769,47–53–5–10–49161–49162–49171–49172–50–56–19–4,0–10–11,23–24–25,0 → ada70206e40642a3e4461f35503241d5769,4–5–10–9– 100–98–3–6–19–18–99,,, → de350869b8c85de67a350c8d186f11e6

We also need to introduce some code to account for Google's GREASE (Generate Random Extensions And Sustain Extensibility), as described here. In fact, Google uses this mechanism to prevent scalability failures in the TLS ecosystem. However, JA3 ignores these values ​​entirely to ensure that programs using GREASE can still be fingerprinted with a single JA3 hash.

Websites that can be used for SSL fingerprinting:



JA3 and JA3S are a security analysis method based on TLS fingerprint. JA3 fingerprints can indicate how client applications communicate over TLS, and JA3 fingerprints can indicate server responses. If the two are combined, they essentially generate a fingerprint of the cryptographic negotiation between the client and server. While TLS-based detection methods are not necessarily a panacea or guaranteed mapping to client applications, they are always the axis of security analysis.

Lalicat anti fingerprint browser design SSL custom method, mainly to change the JA3 fingerprint of the virtual browser, which is not comprehensive, but also very simple and efficient. Hope can help some users who pursue perfectionism.

get free trial

We Offer 3-Day Free Trial for All New Users

No Limitations in Features

By clicking "accept", you agree to use Cookies to optimize the information presented to you, and analyze the traffic of our website.
If you want to opt out of our cookies, please read our Cookie Policy for your guidance.