Skip to content
/ tls-protocol-analyzer Public
forked from PeterMosmans/tls-protocol-analyzer

Passive SSL/TLS protocol analyzer, to show information about SSL/TLS handshakes, ciphers, extensions and connections

License

GPL-3.0 license
0 stars 7 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

morristech/tls-protocol-analyzer

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

33 Commits

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

constants.py

constants.py

 
 

requirements.txt

requirements.txt

 
 

tpa.py

tpa.py

 
 

Repository files navigation

SSL/TLS Protocol Analyzer

Passively listens on interface and shows information about SSL/TLS connections. Yes, scapy does something similar (and much, much more), but you'll need several dependencies. Getting scapy to run on Windows for example can be quite a hassle. This script 'only' depends on dpkt, and pypcap if you want to sniff live traffic.

Please note that you need correct permissions to sniff traffic (root or Administrator privileges).

Dependencies

  • dpkt
  • pypcap

Optional (to show IP addresses per interface):

  • netifaces

Installation

pip install -r requirements.txt Note that this also installs netifaces

Usage

./tpa.py

Listens on default interface eth0 and shows information about SSL/TLS handshakes. Currently only the Client Hello parser is implemented, so that's the information that will be displayed.

./tpa.py -i eth3

Listens on interface eth3

When running on Linux environments (including Cygwin, MSYS and MSYS2 under Windows), you can specify the standard name (e.g. eth1) for the interface. When running native on Windows you need to specify the extremely unfriendly looking device name, e.g. \\DEVICE\NPF_{C0FFEE-15-G00D} Note that you can retrieve a list of these device names using the --list-interfaces option

./tpa.py -r PCAPFILE

Reads a pcap file and displays information about SSL/TLS connections.

./tpa.py --list-interfaces

Lists all available interfaces with their IP addresses

Example output

[+] Client Hello detected (172.1.2.3:31337 --> 192.30.252.131:443)
[*] Ciphers:
    0xc02b - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    0xc02f - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    0xc00a - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
    0xc009 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
    0xc013 - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
    0xc014 - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
    0x33   - TLS_DHE_RSA_WITH_AES_128_CBC_SHA
    0x39   - TLS_DHE_RSA_WITH_AES_256_CBC_SHA
    0x2f   - TLS_RSA_WITH_AES_128_CBC_SHA
    0x35   - TLS_RSA_WITH_AES_256_CBC_SHA
    0xa    - TLS_RSA_WITH_3DES_EDE_CBC_SHA
[*] Compression methods:
         0 - null
[*] Extensions:
         0 - server_name (Length: 15)
             github.com (Type host name)
     65281 - renegotiation_info (Length: 1)
        10 - supported_groups (Length: 8)
        11 - ec_point_formats (Length: 2)
        35 - SessionTicket TLS (Length: 0)
     13172 - next_protocol_negotiation (Length: 0)
        16 - application_layer_protocol_negotiation (Length: 23)
             h2
             spdy/3.1
             http/1.1
         5 - status_request (Length: 5)
        13 - signature_algorithms (Length: 22)

About

Passive SSL/TLS protocol analyzer, to show information about SSL/TLS handshakes, ciphers, extensions and connections

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%