TLExport


NameTLExport JSON
Version 0.9 PyPI version JSON
download
home_pagehttps://github.com/fkie-cad/TLExport/
SummaryTLExport (TLE) is a tool for decrypting TLS-Traffic and exporting the traffic into unencrypted TCP/UDP traffic
upload_time2024-07-04 09:42:58
maintainerNone
docs_urlNone
authorNone
requires_python>=3.10
licenseGPL v3
keywords tls decryption network forensik pcap pcapng
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage No coveralls.
            <p align="center">
    <img src="https://raw.githubusercontent.com/fkie-cad/TLExport/main/logo.svg" alt="TLExport logo" width="75%" height="75%"/>
</p>


# TLExport
![version](https://img.shields.io/badge/version-0.9-blue) [![PyPI version](https://badge.fury.io/py/TLExport.svg)](https://badge.fury.io/py/TLExport)

TLExport (TLE) is a tool for decrypting TLS-Traffic and exporting the 
traffic into unencrypted TCP/UDP traffic. The goal is to provide support to network analysis tools, 
which have no or limited support for TLS decryption.

This project is inspired by [Wiresharks] built in TLS Decryption, which does not support the extraction 
of decrypted traffic into pcap files.

## Installation

Installation is simply a matter of `pip3 install tlexport`. This will give you the `tlexport` command. You can update an existing `tlexport` installation with `pip3 install --upgrade tlexport`.

Alternatively just clone the repository and execute the `main.py` file of the src module.


## Usage

TLE requires sslkeylogs to decrypt the traffic.
They can be passed in a keylogfile:<br>
```tlexport -i in.pcapng -o out.pcapng -s sslkeylog.log```

or within the pcap file as a decryption secret block:<br>
```$ tlexport -i in.pcapng -o out.pcapng```

You can specify the ports on which TLS-Traffic is to be decrypted (default: 443):<br>
```$ tlexport -i in.pcapng -o out.pcapng -p 443 -p 8443```

and which ports to map the TLS-Traffic to (default 443:8080):<br>
```$ tlexport -i in.pcapng -o out.pcapng -p 443 -p 8443 -m```
```$ tlexport -i in.pcapng -o out.pcapng -p 443 -p 8443 -m 443:8081 444:8088```

By default (when no `m`-parameter is provided) the orignal port will be used.

Ensuring, that only packets with correct checksums are decrypted<br> 
(Warning: Often the checksums are incorrect on linux due to checksum offload)<br>
```$ tlexport -i in.pcapng -o out.pcapng -c```

The program also supports old pcap files:<br>
```$ tlexport -i in.pcapng -o out.pcapng -l -s sslkeylog.log```

## Dependencies

A Python Version of 3.10 or above is required [4]

Install the python packages:
- cryptography    [1]
- dpkt                  [2] 
- scapy [3]

```pip install cryptography dpkt scapy```

## Supported Versions and Algorithms

In the following we list the supported TLS versions as well as the supported algorithms.

### Versions:
- Secure Socket Layer 3.0
- Transport Layer Security 1.0-1.3
- QUIC
  
### Algorithms:
- Block Ciphers: AES-CBC, Camellia-CBC, 3DES-CBC, IDEA (Untested / no out of the box support by cryptography [#2])
- AEAD Ciphers: AES-GCM, AES-CCM, AES-CCM-8, CHACHA20-POLY1305
- Stream Ciphers: RC4
- Compression: Zlib/Deflate (Untested)
### soon(tm)
- D-TLS

## Support
If you have any suggestions, questions, or bug reports, please create an issue in the Issue Tracker.

[1]: https://pypi.org/project/cryptography/
[2]: https://pypi.org/project/dpkt/
[3]: https://pypi.org/project/scapy/
[4]: https://www.python.org/
[Wiresharks]: https://www.wireshark.org/
[#2]: https://github.com/fkie-cad/TLExport/issues/2


            

Raw data

            {
    "_id": null,
    "home_page": "https://github.com/fkie-cad/TLExport/",
    "name": "TLExport",
    "maintainer": null,
    "docs_url": null,
    "requires_python": ">=3.10",
    "maintainer_email": null,
    "keywords": "tls, decryption, network forensik, pcap, pcapng",
    "author": null,
    "author_email": "daniel.baier@fkie.fraunhofer.de",
    "download_url": "https://files.pythonhosted.org/packages/b7/11/5ffad1210e2db213ea2fc4515d2777c6d115f3e59d4c976579c8342ae4e1/tlexport-0.9.tar.gz",
    "platform": null,
    "description": "<p align=\"center\">\n    <img src=\"https://raw.githubusercontent.com/fkie-cad/TLExport/main/logo.svg\" alt=\"TLExport logo\" width=\"75%\" height=\"75%\"/>\n</p>\n\n\n# TLExport\n![version](https://img.shields.io/badge/version-0.9-blue) [![PyPI version](https://badge.fury.io/py/TLExport.svg)](https://badge.fury.io/py/TLExport)\n\nTLExport (TLE) is a tool for decrypting TLS-Traffic and exporting the \ntraffic into unencrypted TCP/UDP traffic. The goal is to provide support to network analysis tools, \nwhich have no or limited support for TLS decryption.\n\nThis project is inspired by [Wiresharks] built in TLS Decryption, which does not support the extraction \nof decrypted traffic into pcap files.\n\n## Installation\n\nInstallation is simply a matter of `pip3 install tlexport`. This will give you the `tlexport` command. You can update an existing `tlexport` installation with `pip3 install --upgrade tlexport`.\n\nAlternatively just clone the repository and execute the `main.py` file of the src module.\n\n\n## Usage\n\nTLE requires sslkeylogs to decrypt the traffic.\nThey can be passed in a keylogfile:<br>\n```tlexport -i in.pcapng -o out.pcapng -s sslkeylog.log```\n\nor within the pcap file as a decryption secret block:<br>\n```$ tlexport -i in.pcapng -o out.pcapng```\n\nYou can specify the ports on which TLS-Traffic is to be decrypted (default: 443):<br>\n```$ tlexport -i in.pcapng -o out.pcapng -p 443 -p 8443```\n\nand which ports to map the TLS-Traffic to (default 443:8080):<br>\n```$ tlexport -i in.pcapng -o out.pcapng -p 443 -p 8443 -m```\n```$ tlexport -i in.pcapng -o out.pcapng -p 443 -p 8443 -m 443:8081 444:8088```\n\nBy default (when no `m`-parameter is provided) the orignal port will be used.\n\nEnsuring, that only packets with correct checksums are decrypted<br> \n(Warning: Often the checksums are incorrect on linux due to checksum offload)<br>\n```$ tlexport -i in.pcapng -o out.pcapng -c```\n\nThe program also supports old pcap files:<br>\n```$ tlexport -i in.pcapng -o out.pcapng -l -s sslkeylog.log```\n\n## Dependencies\n\nA Python Version of 3.10 or above is required [4]\n\nInstall the python packages:\n- cryptography    [1]\n- dpkt                  [2] \n- scapy [3]\n\n```pip install cryptography dpkt scapy```\n\n## Supported Versions and Algorithms\n\nIn the following we list the supported TLS versions as well as the supported algorithms.\n\n### Versions:\n- Secure Socket Layer 3.0\n- Transport Layer Security 1.0-1.3\n- QUIC\n  \n### Algorithms:\n- Block Ciphers: AES-CBC, Camellia-CBC, 3DES-CBC, IDEA (Untested / no out of the box support by cryptography [#2])\n- AEAD Ciphers: AES-GCM, AES-CCM, AES-CCM-8, CHACHA20-POLY1305\n- Stream Ciphers: RC4\n- Compression: Zlib/Deflate (Untested)\n### soon(tm)\n- D-TLS\n\n## Support\nIf you have any suggestions, questions, or bug reports, please create an issue in the Issue Tracker.\n\n[1]: https://pypi.org/project/cryptography/\n[2]: https://pypi.org/project/dpkt/\n[3]: https://pypi.org/project/scapy/\n[4]: https://www.python.org/\n[Wiresharks]: https://www.wireshark.org/\n[#2]: https://github.com/fkie-cad/TLExport/issues/2\n\n",
    "bugtrack_url": null,
    "license": "GPL v3",
    "summary": "TLExport (TLE) is a tool for decrypting TLS-Traffic and exporting the traffic into unencrypted TCP/UDP traffic",
    "version": "0.9",
    "project_urls": {
        "Homepage": "https://github.com/fkie-cad/TLExport/"
    },
    "split_keywords": [
        "tls",
        " decryption",
        " network forensik",
        " pcap",
        " pcapng"
    ],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "2ea6b03cbaf50e98b7b8fa193b6ae528cfff98f00dbc2eff57c1926bf0947793",
                "md5": "ec3a8c2c39757fcbf24b8408481facc1",
                "sha256": "e6dcd9530abfb23e3bf452b3dbc3ba66b9719f166958a8dce0f79862762e58fe"
            },
            "downloads": -1,
            "filename": "TLExport-0.9-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "ec3a8c2c39757fcbf24b8408481facc1",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": ">=3.10",
            "size": 121042,
            "upload_time": "2024-07-04T09:42:56",
            "upload_time_iso_8601": "2024-07-04T09:42:56.906305Z",
            "url": "https://files.pythonhosted.org/packages/2e/a6/b03cbaf50e98b7b8fa193b6ae528cfff98f00dbc2eff57c1926bf0947793/TLExport-0.9-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "b7115ffad1210e2db213ea2fc4515d2777c6d115f3e59d4c976579c8342ae4e1",
                "md5": "9c401855fe7e061df65abfd011f549f6",
                "sha256": "b106ff83138b4ceb9c77f8f6657bf5ae9577d19c035fdf3e880ad997f3723037"
            },
            "downloads": -1,
            "filename": "tlexport-0.9.tar.gz",
            "has_sig": false,
            "md5_digest": "9c401855fe7e061df65abfd011f549f6",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": ">=3.10",
            "size": 111968,
            "upload_time": "2024-07-04T09:42:58",
            "upload_time_iso_8601": "2024-07-04T09:42:58.755942Z",
            "url": "https://files.pythonhosted.org/packages/b7/11/5ffad1210e2db213ea2fc4515d2777c6d115f3e59d4c976579c8342ae4e1/tlexport-0.9.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2024-07-04 09:42:58",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "fkie-cad",
    "github_project": "TLExport",
    "travis_ci": false,
    "coveralls": false,
    "github_actions": false,
    "requirements": [],
    "lcname": "tlexport"
}
        
Elapsed time: 0.57425s