Fingerprint-Based Bot Blocking & Dynamic Deception
Adel Karimi
DEF CON 33 · Day 1 · Main Stage
In this DEF CON talk, Adel Karimi introduces an innovative approach to bot detection and adversary deception through network fingerprinting and dynamic response generation. His presentation, titled "Fingerprint-Based Bot Blocking & Dynamic Deception," unveils **Finch**, an open-source, fingerprint-aware reverse proxy. Karimi blends his expertise in network fingerprinting, honeypots, and AI agents to address the limitations of traditional bot blocking methods, which often rely on easily faked indicators like IP addresses and user agents.
AI review
Karimi brings a complete, working tool — not a concept — to the table, with real open-source release, live demos, and a fingerprinting pipeline that covers TLS, HTTP/1, HTTP/2, and experimental QUIC. The AI agent loop is the flashiest piece but it's grounded in a concrete Admin API and SSE architecture rather than vibes. Minor reservations around novelty: JA3/JA4 fingerprinting is well-trodden ground, and the LLM honeypot angle is increasingly crowded.