TLExport (TLE) is a tool for decrypting TLS-Traffic and exporting the traffic into unencrypted TCP/UDP traffic
Project description
TLExport
TLExport (TLE) is a tool for decrypting TLS-Traffic and exporting the traffic into unencrypted TCP/UDP traffic. The goal is to provide support to network analysis tools, which have no or limited support for TLS decryption.
This project is inspired by Wiresharks built in TLS Decryption, which does not support the extraction of decrypted traffic into pcap files.
Installation
Clone the GitHub project and execute the main.py file of the src module
Usage
TLE requires sslkeylogs to decrypt the traffic.
They can be passed in a keylogfile:
python3 main.py -i in.pcapng -o out.pcapng -s sslkeylog.log
or within the pcap file as a decryption secret block:
$ python3 main.py -i in.pcapng -o out.pcapng
You can specify the ports on which TLS-Traffic is to be decrypted (default: 443):
$ python3 main.py -i in.pcapng -o out.pcapng -p 443 -p 8443
and which ports to map the TLS-Traffic to (default 443:8080):
$ python3 main.py -i in.pcapng -o out.pcapng -p 443 -p 8443 -m 443:8080 -m 8443:8090
Ensuring, that only packets with correct checksums are decrypted
(Warning: Often the checksums are incorrect on linux due to checksum offload)
$ python3 main.py -i in.pcapng -o out.pcapng -c
The program also supports old pcap files:
$ python3 main.py -i in.pcapng -o out.pcapng -l -s sslkeylog.log
Dependencies
A Python Version of 3.10 or above is required 4
Install the python packages:
pip install cryptography dpkt scapy
Supported Versions and Algorithms
Versions:
- Secure Socket Layer 3.0
- Transport Layer Security 1.0-1.3
Algorithms:
- Block Ciphers: AES-CBC, Camellia-CBC, 3DES-CBC, IDEA (Untested / no out of the box support by cryptography #2)
- AEAD Ciphers: AES-GCM, AES-CCM, AES-CCM-8, CHACHA20-POLY1305
- Stream Ciphers: RC4
- Compression: Zlib/Deflate (Untested)
soon(tm)
- QUIC
- D-TLS
Support
If you have any suggestions, questions, or bug reports, please create an issue in the Issue Tracker.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file TLExport-0.4.tar.gz.
File metadata
- Download URL: TLExport-0.4.tar.gz
- Upload date:
- Size: 78.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.11.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 8b7a93ab1cd90dc3f0f414af000877e3d5247e639ed1b0b98d8bcbbcb7f823dc |
|
| MD5 | 0e7a50140d75c7f4f2ac9f1a03df00a5 |
|
| BLAKE2b-256 | 6f3b97a83bae692f4b8fc706c9896dee1af1547b10951a2e12467436e105f251 |
File details
Details for the file TLExport-0.4-py3-none-any.whl.
File metadata
- Download URL: TLExport-0.4-py3-none-any.whl
- Upload date:
- Size: 83.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.11.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | c36eb04ebc883302fed36352948961741798af6dcf1fd11a48e60ee1f57624f1 |
|
| MD5 | 3d3e92c088f03bd48a5c9d88296deb33 |
|
| BLAKE2b-256 | 73f51de4826b5a5f94f2de31e6bea13fba6ac170475655346993d7308d1859c8 |
