/tls-decryption

Decrypt TLS traffic from a pcap file

Primary LanguagePythonMIT LicenseMIT

tls-decryption

Decrypt TLS traffic from a pcap file

Requirements

  • Wireshark
  • TLS 1.2 or 1.3 capture file
  • Key log file

Usage

usage: decrypt.py [-h] PCAP KEYLOGFILE

positional arguments:
  PCAP        PCAP path
  KEYLOGFILE  KEYLOGFILE path

options:
  -h, --help  show this help message and exit

Examples

TLS 1.2

$ ./decrypt.py data/tls2/dump.pcapng data/tls2/premaster.txt
dsb-pcap saved to: data/tls2/dsb-dump.pcapng

Files: dump.pcapng, premaster.txt

TLS 1.3

$ ./decrypt.py data/tls3/tls3.cryptohack.org.pcapng data/tls3/keylogfile.txt
dsb-pcap saved to: data/tls3/dsb-tls3.cryptohack.org.pcapng

Files: tls3.cryptohack.org.pcapng, keylogfile.txt

Resources

Wireshark: TLS Decryption

NSS Key Log Format