Skip to main content

Decrypts and logs a process's SSL/TLS traffic on all major platforms.

Project description

friTap logo

friTap

version PyPi

The goal of this project is to help researchers to analyze traffic encapsulated in SSL or TLS. For details have a view into the OSDFCon webinar slides or in this blog post.

This project was inspired by SSL_Logger and currently supports all major operating systems (Linux, Windows, Android). More platforms and libraries will be added in future releases.

Installation

Installation is simply a matter of pip3 install fritap. This will give you the friTap command. You can update an existing friTap installation with pip3 install --upgrade friTap.

Alternatively just clone the repository and run the friTap.py file or download the friTap standlone version from the release page.

Usage

On Linux/Windows/MacOS we can easily attach to a process by entering its name or its PID:

$ sudo ./friTap.py --pcap mycapture.pcap thunderbird

For mobile applications we just have to add the -m parameter to indicate that we are now attaching (or spawning) an Android or iOS app:

$ ./friTap.py -m --pcap mycapture.pcap com.example.app

Further ensure that the frida-server is running on the Android/iOS device.

Remember when working with the pip installation you have to invoke the friTap command with sudo a little bit different. Either as module:

$ sudo -E python3 -m friTap.friTap --pcap mycapture.pcap thunderbird

or directly invoking the script:

$ which friTap
/home/daniel/.local/bin/friTap

$ sudo -E /home/daniel/.local/bin/friTap

More examples on using friTap can be found in the USAGE.md. A detailed introduction using friTap on Android is under EXAMPLE.md as well.

Supported SSL/TLS implementations and corresponding logging capabilities

| Library                   | Linux         | Windows       | MacOSX   | Android  | iOS          |
|---------------------------|---------------|---------------|----------|----------|--------------|
| OpenSSL                   |     Full      | R/W-Hook only |  TBI     |   Full   | TBI          |
| BoringSSL                 |     Full      | R/W-Hook only |  KeyEo   |   Full   | KeyEo        |
| NSS                       | R/W-Hook only | R/W-Hook only |  TBI     |   TBA    | TBI          |
| GnuTLS                    | R/W-Hook only | R/W-Hook only |  TBI     |   Full   | TBI          |
| WolfSSL                   | R/W-Hook only | R/W-Hook only |  TBI     |   Full   | TBI          |
| MbedTLS                   | R/W-Hook only | R/W-Hook only |  TBI     |   Full   | TBI          |
| Bouncycastle/Spongycastle |     TBA       |    TBA        |  TBA     |   Full   | TBA          |
| Conscrypt                 |     TBA       |    TBA        |  TBA     |   Full   | TBA          |

R/W-Hook only = Logging data sent and received by process
KeyEo = Only the keying material can be extracted
Full = Logging data send and received by process + Logging keys used for secure connection
TBA = To be answered
TBI = To be implemented
LibNO = This library is not supported for this plattform

We verified the Windows implementations only for Windows 10

Dependencies

  • frida
  • >= python3.6
  • hexdump (pip3 install hexdump)
  • scapy (pip3 install scapy)

Planned features

  • add the capability to alter the decrypted payload
  • add wine support
  • add Flutter support
  • add further libraries (have a look at this Wikipedia entry):
    • Botan (BSD license, Jack Lloyd)
    • LibreSSL (OpenBSD)
    • Cryptlib (Peter Gutmann)
    • S2n (Amazon)
    • JSSE (Java Secure Socket Extension, Oracle)
    • MatrixSSL
    • ...
  • Working with static linked libraries
  • Add feature to prototype TLS-Read/Write/SSLKEY functions
  • improve iOS/MacOS support (currently under development)
  • provide friTap as PyPI package

Contribute

Contributions are always welcome. Just fork it and open a pull request! More details can be found in the CONTRIBUTION.md.


Changelog

See the wiki for release notes.

Support

If you have any suggestions, or bug reports, please create an issue in the Issue Tracker.

In case you have any questions or other problems, feel free to send an email to:

daniel.baier@fkie.fraunhofer.de.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

friTap-1.0.9.4.tar.gz (5.3 MB view details)

Uploaded Source

Built Distribution

friTap-1.0.9.4-py3-none-any.whl (5.3 MB view details)

Uploaded Python 3

File details

Details for the file friTap-1.0.9.4.tar.gz.

File metadata

  • Download URL: friTap-1.0.9.4.tar.gz
  • Upload date:
  • Size: 5.3 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.1 CPython/3.10.9

File hashes

Hashes for friTap-1.0.9.4.tar.gz
Algorithm Hash digest
SHA256 819d3952e11b80913ea795fe5f3ab3df6d920831695455f192f90a2937b8a7a7
MD5 1e20d46f57bed36c36d183a3a9f00f8c
BLAKE2b-256 2b6c53561c0aaad8d877af0a3017f30b42a2272d9c9a9f56a456ec20da3ceef7

See more details on using hashes here.

File details

Details for the file friTap-1.0.9.4-py3-none-any.whl.

File metadata

  • Download URL: friTap-1.0.9.4-py3-none-any.whl
  • Upload date:
  • Size: 5.3 MB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.1 CPython/3.10.9

File hashes

Hashes for friTap-1.0.9.4-py3-none-any.whl
Algorithm Hash digest
SHA256 b9580a7b16adca5f18b511480ba54e29ecca6b3e031c832d9f142ac5a3a5536c
MD5 7ec7089d606da2cb8607b9bde3633a0f
BLAKE2b-256 1feb78c3c7dc9d62a66e603c1b1d1d077bb348607ef43e828815fc42da939782

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page