<p align="center">
<img src="https://raw.githubusercontent.com/fkie-cad/TLExport/main/logo.svg" alt="TLExport logo" width="75%" height="75%"/>
</p>
# TLExport
 [](https://pypi.org/project/tlexport)
TLExport (TLE) is a tool for decrypting TLS-Traffic and exporting the
traffic into unencrypted TCP/UDP traffic. The goal is to provide support to network analysis tools,
which have no or limited support for TLS decryption.
This project is inspired by [Wiresharks] built in TLS Decryption, which does not support the extraction
of decrypted traffic into pcap files.
## Installation
Installation is simply a matter of `pip3 install tlexport`. This will give you the `tlexport` command. You can update an existing `tlexport` installation with `pip3 install --upgrade tlexport`.
Alternatively just clone the repository and execute the `main.py` file of the src module.
## Usage
TLE requires sslkeylogs to decrypt the traffic.
They can be passed in a keylogfile:<br>
```tlexport -i in.pcapng -o out.pcapng -s sslkeylog.log```
or within the pcap file as a decryption secret block:<br>
```$ tlexport -i in.pcapng -o out.pcapng```
You can specify the ports on which TLS-Traffic is to be decrypted (default: 443):<br>
```$ tlexport -i in.pcapng -o out.pcapng -p 443 -p 8443```
and which ports to map the TLS-Traffic to (default 443:8080):<br>
```$ tlexport -i in.pcapng -o out.pcapng -p 443 -p 8443 -m 443:8080 -m 8443:8090```
Ensuring, that only packets with correct checksums are decrypted<br>
(Warning: Often the checksums are incorrect on linux due to checksum offload)<br>
```$ tlexport -i in.pcapng -o out.pcapng -c```
The program also supports old pcap files:<br>
```$ tlexport -i in.pcapng -o out.pcapng -l -s sslkeylog.log```
## Dependencies
A Python Version of 3.10 or above is required [4]
Install the python packages:
- cryptography [1]
- dpkt [2]
- scapy [3]
```pip install cryptography dpkt scapy```
## Supported Versions and Algorithms
In the following we list the supported TLS versions as well as the supported algorithms.
### Versions:
- Secure Socket Layer 3.0
- Transport Layer Security 1.0-1.3
### Algorithms:
- Block Ciphers: AES-CBC, Camellia-CBC, 3DES-CBC, IDEA (Untested / no out of the box support by cryptography [#2])
- AEAD Ciphers: AES-GCM, AES-CCM, AES-CCM-8, CHACHA20-POLY1305
- Stream Ciphers: RC4
- Compression: Zlib/Deflate (Untested)
### soon(tm)
- QUIC
- D-TLS
## Support
If you have any suggestions, questions, or bug reports, please create an issue in the Issue Tracker.
[1]: https://pypi.org/project/cryptography/
[2]: https://pypi.org/project/dpkt/
[3]: https://pypi.org/project/scapy/
[4]: https://www.python.org/
[Wiresharks]: https://www.wireshark.org/
[#2]: https://github.com/fkie-cad/TLExport/issues/2
Raw data
{
"_id": null,
"home_page": "https://github.com/fkie-cad/TLExport/",
"name": "TLExport",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3.10",
"maintainer_email": "",
"keywords": "tls,decryption,network forensik,pcap,pcapng",
"author": "",
"author_email": "daniel.baier@fkie.fraunhofer.de",
"download_url": "https://files.pythonhosted.org/packages/e1/2e/044004eb9202301af622ae70eeaa4247e05bbd9aa6c05ac1d5c40bd9f896/TLExport-0.5.tar.gz",
"platform": null,
"description": "<p align=\"center\">\n <img src=\"https://raw.githubusercontent.com/fkie-cad/TLExport/main/logo.svg\" alt=\"TLExport logo\" width=\"75%\" height=\"75%\"/>\n</p>\n\n\n# TLExport\n [](https://pypi.org/project/tlexport)\n\nTLExport (TLE) is a tool for decrypting TLS-Traffic and exporting the \ntraffic into unencrypted TCP/UDP traffic. The goal is to provide support to network analysis tools, \nwhich have no or limited support for TLS decryption.\n\nThis project is inspired by [Wiresharks] built in TLS Decryption, which does not support the extraction \nof decrypted traffic into pcap files.\n\n## Installation\n\nInstallation is simply a matter of `pip3 install tlexport`. This will give you the `tlexport` command. You can update an existing `tlexport` installation with `pip3 install --upgrade tlexport`.\n\nAlternatively just clone the repository and execute the `main.py` file of the src module.\n\n\n## Usage\n\nTLE requires sslkeylogs to decrypt the traffic.\nThey can be passed in a keylogfile:<br>\n```tlexport -i in.pcapng -o out.pcapng -s sslkeylog.log```\n\nor within the pcap file as a decryption secret block:<br>\n```$ tlexport -i in.pcapng -o out.pcapng```\n\nYou can specify the ports on which TLS-Traffic is to be decrypted (default: 443):<br>\n```$ tlexport -i in.pcapng -o out.pcapng -p 443 -p 8443```\n\nand which ports to map the TLS-Traffic to (default 443:8080):<br>\n```$ tlexport -i in.pcapng -o out.pcapng -p 443 -p 8443 -m 443:8080 -m 8443:8090```\n\nEnsuring, that only packets with correct checksums are decrypted<br> \n(Warning: Often the checksums are incorrect on linux due to checksum offload)<br>\n```$ tlexport -i in.pcapng -o out.pcapng -c```\n\nThe program also supports old pcap files:<br>\n```$ tlexport -i in.pcapng -o out.pcapng -l -s sslkeylog.log```\n\n## Dependencies\n\nA Python Version of 3.10 or above is required [4]\n\nInstall the python packages:\n- cryptography [1]\n- dpkt [2] \n- scapy [3]\n\n```pip install cryptography dpkt scapy```\n\n## Supported Versions and Algorithms\n\nIn the following we list the supported TLS versions as well as the supported algorithms.\n\n### Versions:\n- Secure Socket Layer 3.0\n- Transport Layer Security 1.0-1.3\n### Algorithms:\n- Block Ciphers: AES-CBC, Camellia-CBC, 3DES-CBC, IDEA (Untested / no out of the box support by cryptography [#2])\n- AEAD Ciphers: AES-GCM, AES-CCM, AES-CCM-8, CHACHA20-POLY1305\n- Stream Ciphers: RC4\n- Compression: Zlib/Deflate (Untested)\n### soon(tm)\n- QUIC\n- D-TLS\n\n## Support\nIf you have any suggestions, questions, or bug reports, please create an issue in the Issue Tracker.\n\n[1]: https://pypi.org/project/cryptography/\n[2]: https://pypi.org/project/dpkt/\n[3]: https://pypi.org/project/scapy/\n[4]: https://www.python.org/\n[Wiresharks]: https://www.wireshark.org/\n[#2]: https://github.com/fkie-cad/TLExport/issues/2\n\n",
"bugtrack_url": null,
"license": "GPL v3",
"summary": "TLExport (TLE) is a tool for decrypting TLS-Traffic and exporting the traffic into unencrypted TCP/UDP traffic",
"version": "0.5",
"project_urls": {
"Homepage": "https://github.com/fkie-cad/TLExport/"
},
"split_keywords": [
"tls",
"decryption",
"network forensik",
"pcap",
"pcapng"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "9c0724f23a31e326e7c0de3d1c11316c87cb530b56064b2a6b14201ecc004169",
"md5": "019f3026cff72305eb8888a88e327f2e",
"sha256": "43e1271b907d8ebc0a8853392425b5bf1b87518266f1ca63801e2419c55c242c"
},
"downloads": -1,
"filename": "TLExport-0.5-py3-none-any.whl",
"has_sig": false,
"md5_digest": "019f3026cff72305eb8888a88e327f2e",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.10",
"size": 83849,
"upload_time": "2024-02-28T09:43:03",
"upload_time_iso_8601": "2024-02-28T09:43:03.286695Z",
"url": "https://files.pythonhosted.org/packages/9c/07/24f23a31e326e7c0de3d1c11316c87cb530b56064b2a6b14201ecc004169/TLExport-0.5-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "e12e044004eb9202301af622ae70eeaa4247e05bbd9aa6c05ac1d5c40bd9f896",
"md5": "e1f0d85f5e6e5811700bbcab971c0968",
"sha256": "929aa6714df0b356396b91fbd2e28fef010eeefd8e18d2228f834a74272c728f"
},
"downloads": -1,
"filename": "TLExport-0.5.tar.gz",
"has_sig": false,
"md5_digest": "e1f0d85f5e6e5811700bbcab971c0968",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.10",
"size": 79068,
"upload_time": "2024-02-28T09:43:05",
"upload_time_iso_8601": "2024-02-28T09:43:05.728521Z",
"url": "https://files.pythonhosted.org/packages/e1/2e/044004eb9202301af622ae70eeaa4247e05bbd9aa6c05ac1d5c40bd9f896/TLExport-0.5.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-02-28 09:43:05",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "fkie-cad",
"github_project": "TLExport",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"requirements": [
{
"name": "cryptography",
"specs": []
},
{
"name": "dpkt",
"specs": []
},
{
"name": "scapy",
"specs": []
}
],
"lcname": "tlexport"
}
JSON
