<p align="center">
<img src="https://raw.githubusercontent.com/fkie-cad/TLExport/main/logo.svg" alt="TLExport logo" width="75%" height="75%"/>
</p>
# TLExport
 [](https://badge.fury.io/py/TLExport)
TLExport (TLE) is a tool for decrypting TLS-Traffic and exporting the
traffic into unencrypted TCP/UDP traffic. The goal is to provide support to network analysis tools,
which have no or limited support for TLS decryption.
This project is inspired by [Wiresharks] built in TLS Decryption, which does not support the extraction
of decrypted traffic into pcap files.
## Installation
Installation is simply a matter of `pip3 install tlexport`. This will give you the `tlexport` command. You can update an existing `tlexport` installation with `pip3 install --upgrade tlexport`.
Alternatively just clone the repository and execute the `main.py` file of the src module.
## Usage
TLE requires sslkeylogs to decrypt the traffic.
They can be passed in a keylogfile:<br>
```tlexport -i in.pcapng -o out.pcapng -s sslkeylog.log```
or within the pcap file as a decryption secret block:<br>
```$ tlexport -i in.pcapng -o out.pcapng```
You can specify the ports on which TLS-Traffic is to be decrypted (default: 443):<br>
```$ tlexport -i in.pcapng -o out.pcapng -p 443 -p 8443```
and which ports to map the TLS-Traffic to (default 443:8080):<br>
```$ tlexport -i in.pcapng -o out.pcapng -p 443 -p 8443 -m```
```$ tlexport -i in.pcapng -o out.pcapng -p 443 -p 8443 -m 443:8081 444:8088```
By default (when no `m`-parameter is provided) the orignal port will be used.
Ensuring, that only packets with correct checksums are decrypted<br>
(Warning: Often the checksums are incorrect on linux due to checksum offload)<br>
```$ tlexport -i in.pcapng -o out.pcapng -c```
The program also supports old pcap files:<br>
```$ tlexport -i in.pcapng -o out.pcapng -l -s sslkeylog.log```
## Dependencies
A Python Version of 3.10 or above is required [4]
Install the python packages:
- cryptography [1]
- dpkt [2]
- scapy [3]
```pip install cryptography dpkt scapy```
## Supported Versions and Algorithms
In the following we list the supported TLS versions as well as the supported algorithms.
### Versions:
- Secure Socket Layer 3.0
- Transport Layer Security 1.0-1.3
- QUIC
### Algorithms:
- Block Ciphers: AES-CBC, Camellia-CBC, 3DES-CBC, IDEA (Untested / no out of the box support by cryptography [#2])
- AEAD Ciphers: AES-GCM, AES-CCM, AES-CCM-8, CHACHA20-POLY1305
- Stream Ciphers: RC4
- Compression: Zlib/Deflate (Untested)
### soon(tm)
- D-TLS
## Support
If you have any suggestions, questions, or bug reports, please create an issue in the Issue Tracker.
[1]: https://pypi.org/project/cryptography/
[2]: https://pypi.org/project/dpkt/
[3]: https://pypi.org/project/scapy/
[4]: https://www.python.org/
[Wiresharks]: https://www.wireshark.org/
[#2]: https://github.com/fkie-cad/TLExport/issues/2
Raw data
{
"_id": null,
"home_page": "https://github.com/fkie-cad/TLExport/",
"name": "TLExport",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.10",
"maintainer_email": null,
"keywords": "tls, decryption, network forensik, pcap, pcapng",
"author": null,
"author_email": "daniel.baier@fkie.fraunhofer.de",
"download_url": "https://files.pythonhosted.org/packages/b7/11/5ffad1210e2db213ea2fc4515d2777c6d115f3e59d4c976579c8342ae4e1/tlexport-0.9.tar.gz",
"platform": null,
"description": "<p align=\"center\">\n <img src=\"https://raw.githubusercontent.com/fkie-cad/TLExport/main/logo.svg\" alt=\"TLExport logo\" width=\"75%\" height=\"75%\"/>\n</p>\n\n\n# TLExport\n [](https://badge.fury.io/py/TLExport)\n\nTLExport (TLE) is a tool for decrypting TLS-Traffic and exporting the \ntraffic into unencrypted TCP/UDP traffic. The goal is to provide support to network analysis tools, \nwhich have no or limited support for TLS decryption.\n\nThis project is inspired by [Wiresharks] built in TLS Decryption, which does not support the extraction \nof decrypted traffic into pcap files.\n\n## Installation\n\nInstallation is simply a matter of `pip3 install tlexport`. This will give you the `tlexport` command. You can update an existing `tlexport` installation with `pip3 install --upgrade tlexport`.\n\nAlternatively just clone the repository and execute the `main.py` file of the src module.\n\n\n## Usage\n\nTLE requires sslkeylogs to decrypt the traffic.\nThey can be passed in a keylogfile:<br>\n```tlexport -i in.pcapng -o out.pcapng -s sslkeylog.log```\n\nor within the pcap file as a decryption secret block:<br>\n```$ tlexport -i in.pcapng -o out.pcapng```\n\nYou can specify the ports on which TLS-Traffic is to be decrypted (default: 443):<br>\n```$ tlexport -i in.pcapng -o out.pcapng -p 443 -p 8443```\n\nand which ports to map the TLS-Traffic to (default 443:8080):<br>\n```$ tlexport -i in.pcapng -o out.pcapng -p 443 -p 8443 -m```\n```$ tlexport -i in.pcapng -o out.pcapng -p 443 -p 8443 -m 443:8081 444:8088```\n\nBy default (when no `m`-parameter is provided) the orignal port will be used.\n\nEnsuring, that only packets with correct checksums are decrypted<br> \n(Warning: Often the checksums are incorrect on linux due to checksum offload)<br>\n```$ tlexport -i in.pcapng -o out.pcapng -c```\n\nThe program also supports old pcap files:<br>\n```$ tlexport -i in.pcapng -o out.pcapng -l -s sslkeylog.log```\n\n## Dependencies\n\nA Python Version of 3.10 or above is required [4]\n\nInstall the python packages:\n- cryptography [1]\n- dpkt [2] \n- scapy [3]\n\n```pip install cryptography dpkt scapy```\n\n## Supported Versions and Algorithms\n\nIn the following we list the supported TLS versions as well as the supported algorithms.\n\n### Versions:\n- Secure Socket Layer 3.0\n- Transport Layer Security 1.0-1.3\n- QUIC\n \n### Algorithms:\n- Block Ciphers: AES-CBC, Camellia-CBC, 3DES-CBC, IDEA (Untested / no out of the box support by cryptography [#2])\n- AEAD Ciphers: AES-GCM, AES-CCM, AES-CCM-8, CHACHA20-POLY1305\n- Stream Ciphers: RC4\n- Compression: Zlib/Deflate (Untested)\n### soon(tm)\n- D-TLS\n\n## Support\nIf you have any suggestions, questions, or bug reports, please create an issue in the Issue Tracker.\n\n[1]: https://pypi.org/project/cryptography/\n[2]: https://pypi.org/project/dpkt/\n[3]: https://pypi.org/project/scapy/\n[4]: https://www.python.org/\n[Wiresharks]: https://www.wireshark.org/\n[#2]: https://github.com/fkie-cad/TLExport/issues/2\n\n",
"bugtrack_url": null,
"license": "GPL v3",
"summary": "TLExport (TLE) is a tool for decrypting TLS-Traffic and exporting the traffic into unencrypted TCP/UDP traffic",
"version": "0.9",
"project_urls": {
"Homepage": "https://github.com/fkie-cad/TLExport/"
},
"split_keywords": [
"tls",
" decryption",
" network forensik",
" pcap",
" pcapng"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "2ea6b03cbaf50e98b7b8fa193b6ae528cfff98f00dbc2eff57c1926bf0947793",
"md5": "ec3a8c2c39757fcbf24b8408481facc1",
"sha256": "e6dcd9530abfb23e3bf452b3dbc3ba66b9719f166958a8dce0f79862762e58fe"
},
"downloads": -1,
"filename": "TLExport-0.9-py3-none-any.whl",
"has_sig": false,
"md5_digest": "ec3a8c2c39757fcbf24b8408481facc1",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.10",
"size": 121042,
"upload_time": "2024-07-04T09:42:56",
"upload_time_iso_8601": "2024-07-04T09:42:56.906305Z",
"url": "https://files.pythonhosted.org/packages/2e/a6/b03cbaf50e98b7b8fa193b6ae528cfff98f00dbc2eff57c1926bf0947793/TLExport-0.9-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "b7115ffad1210e2db213ea2fc4515d2777c6d115f3e59d4c976579c8342ae4e1",
"md5": "9c401855fe7e061df65abfd011f549f6",
"sha256": "b106ff83138b4ceb9c77f8f6657bf5ae9577d19c035fdf3e880ad997f3723037"
},
"downloads": -1,
"filename": "tlexport-0.9.tar.gz",
"has_sig": false,
"md5_digest": "9c401855fe7e061df65abfd011f549f6",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.10",
"size": 111968,
"upload_time": "2024-07-04T09:42:58",
"upload_time_iso_8601": "2024-07-04T09:42:58.755942Z",
"url": "https://files.pythonhosted.org/packages/b7/11/5ffad1210e2db213ea2fc4515d2777c6d115f3e59d4c976579c8342ae4e1/tlexport-0.9.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-07-04 09:42:58",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "fkie-cad",
"github_project": "TLExport",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"requirements": [],
"lcname": "tlexport"
}
JSON
