{"id":16779759,"url":"https://github.com/petermosmans/tls-protocol-analyzer","last_synced_at":"2025-04-10T20:52:42.549Z","repository":{"id":75895497,"uuid":"43136967","full_name":"PeterMosmans/tls-protocol-analyzer","owner":"PeterMosmans","description":"Passive SSL/TLS protocol analyzer, to show information about SSL/TLS handshakes, ciphers, extensions and connections","archived":false,"fork":false,"pushed_at":"2018-10-12T02:44:35.000Z","size":40,"stargazers_count":12,"open_issues_count":2,"forks_count":7,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-03-24T18:21:32.813Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/PeterMosmans.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2015-09-25T11:44:44.000Z","updated_at":"2023-04-12T02:03:23.000Z","dependencies_parsed_at":"2023-07-12T00:16:18.160Z","dependency_job_id":null,"html_url":"https://github.com/PeterMosmans/tls-protocol-analyzer","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PeterMosmans%2Ftls-protocol-analyzer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PeterMosmans%2Ftls-protocol-analyzer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PeterMosmans%2Ftls-protocol-analyzer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PeterMosmans%2Ftls-protocol-analyzer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/PeterMosmans","download_url":"https://codeload.github.com/PeterMosmans/tls-protocol-analyzer/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248297011,"owners_count":21080309,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-13T07:32:09.984Z","updated_at":"2025-04-10T20:52:42.533Z","avatar_url":"https://github.com/PeterMosmans.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SSL/TLS Protocol Analyzer\nPassively listens on interface and shows information about SSL/TLS connections.\nYes, scapy does something similar (and much, much more), but you'll need several dependencies. Getting scapy to run on Windows for example can be quite a hassle.\nThis script 'only' depends on dpkt, and pypcap if you want to sniff live traffic.\n\nPlease note that you need correct permissions to sniff traffic (root or Administrator privileges).\n\n\nDependencies\n------------\n+ dpkt\n+ pypcap\n\nOptional (to show IP addresses per interface):\n+ netifaces\n\n\nInstallation\n------------\n```pip install -r requirements.txt```\nNote that this also installs netifaces\n\n\nUsage\n----\n```\n./tpa.py\n```\nListens on default interface eth0 and shows information about SSL/TLS handshakes. Currently only the Client Hello parser is implemented, so that's the information that will be displayed.\n\n```\n./tpa.py -i eth3\n```\n\nListens on interface eth3\n\nWhen running on Linux environments (including Cygwin, MSYS and MSYS2 under Windows), you can specify the standard name (e.g. `eth1`) for the interface.\nWhen running native on Windows you need to specify the extremely unfriendly looking device name, e.g. `\\\\DEVICE\\NPF_{C0FFEE-15-G00D}`\nNote that you can retrieve a list of these device names using the `--list-interfaces` option\n\n```\n./tpa.py -r PCAPFILE\n```\nReads a pcap file and displays information about SSL/TLS connections.\n\n```\n./tpa.py --list-interfaces\n```\nLists all available interfaces with their IP addresses \n\nExample output\n--------------\n```\n[+] Client Hello detected (172.1.2.3:31337 --\u003e 192.30.252.131:443)\n[*] Ciphers:\n    0xc02b - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\n    0xc02f - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\n    0xc00a - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA\n    0xc009 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA\n    0xc013 - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA\n    0xc014 - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA\n    0x33   - TLS_DHE_RSA_WITH_AES_128_CBC_SHA\n    0x39   - TLS_DHE_RSA_WITH_AES_256_CBC_SHA\n    0x2f   - TLS_RSA_WITH_AES_128_CBC_SHA\n    0x35   - TLS_RSA_WITH_AES_256_CBC_SHA\n    0xa    - TLS_RSA_WITH_3DES_EDE_CBC_SHA\n[*] Compression methods:\n         0 - null\n[*] Extensions:\n         0 - server_name (Length: 15)\n             github.com (Type host name)\n     65281 - renegotiation_info (Length: 1)\n        10 - supported_groups (Length: 8)\n        11 - ec_point_formats (Length: 2)\n        35 - SessionTicket TLS (Length: 0)\n     13172 - next_protocol_negotiation (Length: 0)\n        16 - application_layer_protocol_negotiation (Length: 23)\n             h2\n             spdy/3.1\n             http/1.1\n         5 - status_request (Length: 5)\n        13 - signature_algorithms (Length: 22)\n\n```\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpetermosmans%2Ftls-protocol-analyzer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpetermosmans%2Ftls-protocol-analyzer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpetermosmans%2Ftls-protocol-analyzer/lists"}