Claude is a prominent contender in the expanding field of AI chatbots on the internet. Designed to simulate human conversation, Claude uses a combination of advanced machine learning techniques and natural language processing to deliver accurate and natural responses to user inquiries.
This blog will delve into the intricacies of what happens behind the scenes as we await responses to our questions. We will focus particularly on the network analysis aspect examine the patterns of network traffic, identifying the types of requests and responses, and analyzing how the AI transmits information.
Login Management
The Login can be done through Google login or Using email ID and password. immediately after login one get request is sent to API – https://claude.ai/api/bootstrap/<UUID> /statsig
We have observed the UUID present in this get request to be unique per client and it is referred to several other request throughout the session.
The response of this get request contains information about the user and his capabilities and features-
The response shows that statsig-python-sdk is being used for this indicating the use of StatSig a feature management platform for software products.
This response also contains sensitive keywords, different domain names, country codes, prompt templates etc.
Web Content Delivery
We have noticed that the delivery of web content primarily utilizes three endpoints:
-
claude.ai/_next/static /* – This URL pattern is responsible for the delivery of CSS, fonts, and the majority of JS. The URL suggests that the internal framework in use is next.js.
-
s-cdn.anthropic.com/* – This host is utilized for the delivery of certain JS files and images.
-
Intercom.io – This service is employed for the delivery of some tracker JS and for subsequent ping requests.
Chat Services
The chat begins by requesting for a new session with a UUID as payload
And the server responds with “201 Created” to start a new chat conversation
Then for each individual user prompt a POST request gets generated
And in response Claude sends the response in form of event stream
Overall Network Analysis
Here is the total list of hosts we have observed while analyzing the traffic-
And here is the distribution of the payload sizes for each of the hosts
FIg: Traffic distribution per Host of Claude AI
The Claude AI has gained significant popularity on the internet, resulting in a large amount of related network traffic. If you’re wondering how to test and calibrate your network equipment to ensure accuracy and resiliency against this traffic, then BreakingPoint Systems is the perfect solution for you.
The Keysight Application and Threat Intelligence (ATI) team have analyzed the network traffic related to Claude AI and released a set of simulations in our ATI-2024-14 bi-weekly strikepack release.
Keysight’s Application and Threat Intelligence subscription provides daily malware and bi-weekly updates of the latest application protocols and vulnerabilities for use with Keysight test platforms. The ATI Research Centre continuously monitors threats as they appear in the wild. Customers of BreakingPoint now have access to attack campaigns for different advanced persistent threats, allowing them to test their currently deployed security control’s ability to detect or block such attacks