TLExport (TLE) is a tool for decrypting TLS-Traffic and exporting the traffic into unencrypted TCP/UDP traffic
Project description
TLExport
TLExport (TLE) is a tool for decrypting TLS-Traffic and exporting the traffic into unencrypted TCP/UDP traffic. The goal is to provide support to network analysis tools, which have no or limited support for TLS decryption.
This project is inspired by Wiresharks built in TLS Decryption, which does not support the extraction of decrypted traffic into pcap files.
Installation
Installation is simply a matter of pip3 install tlexport. This will give you the tlexport command. You can update an existing tlexport installation with pip3 install --upgrade tlexport.
Alternatively just clone the repository and execute the main.py file of the src module.
Usage
TLE requires sslkeylogs to decrypt the traffic.
They can be passed in a keylogfile:
tlexport -i in.pcapng -o out.pcapng -s sslkeylog.log
or within the pcap file as a decryption secret block:
$ tlexport -i in.pcapng -o out.pcapng
You can specify the ports on which TLS-Traffic is to be decrypted (default: 443):
$ tlexport -i in.pcapng -o out.pcapng -p 443 -p 8443
and which ports to map the TLS-Traffic to (default 443:8080):
$ tlexport -i in.pcapng -o out.pcapng -p 443 -p 8443 -m
$ tlexport -i in.pcapng -o out.pcapng -p 443 -p 8443 -m 443:8081 444:8088
By default (when no m-parameter is provided) the orignal port will be used.
Ensuring, that only packets with correct checksums are decrypted
(Warning: Often the checksums are incorrect on linux due to checksum offload)
$ tlexport -i in.pcapng -o out.pcapng -c
The program also supports old pcap files:
$ tlexport -i in.pcapng -o out.pcapng -l -s sslkeylog.log
Dependencies
A Python Version of 3.10 or above is required 4
Install the python packages:
pip install cryptography dpkt scapy
Supported Versions and Algorithms
In the following we list the supported TLS versions as well as the supported algorithms.
Versions:
- Secure Socket Layer 3.0
- Transport Layer Security 1.0-1.3
- QUIC
Algorithms:
- Block Ciphers: AES-CBC, Camellia-CBC, 3DES-CBC, IDEA (Untested / no out of the box support by cryptography #2)
- AEAD Ciphers: AES-GCM, AES-CCM, AES-CCM-8, CHACHA20-POLY1305
- Stream Ciphers: RC4
- Compression: Zlib/Deflate (Untested)
soon(tm)
- D-TLS
Support
If you have any suggestions, questions, or bug reports, please create an issue in the Issue Tracker.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file tlexport-0.9.tar.gz.
File metadata
- Download URL: tlexport-0.9.tar.gz
- Upload date:
- Size: 112.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | b106ff83138b4ceb9c77f8f6657bf5ae9577d19c035fdf3e880ad997f3723037 |
|
| MD5 | 9c401855fe7e061df65abfd011f549f6 |
|
| BLAKE2b-256 | b7115ffad1210e2db213ea2fc4515d2777c6d115f3e59d4c976579c8342ae4e1 |
File details
Details for the file TLExport-0.9-py3-none-any.whl.
File metadata
- Download URL: TLExport-0.9-py3-none-any.whl
- Upload date:
- Size: 121.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | e6dcd9530abfb23e3bf452b3dbc3ba66b9719f166958a8dce0f79862762e58fe |
|
| MD5 | ec3a8c2c39757fcbf24b8408481facc1 |
|
| BLAKE2b-256 | 2ea6b03cbaf50e98b7b8fa193b6ae528cfff98f00dbc2eff57c1926bf0947793 |
