update webseite

docs/index.md

@@ -1,8 +1,10 @@
 ---
 layout: default
-title: Welcome to friTap
+title: friTap - DECRYPTING TLS TRAFFIC ON THE FLY
 ---
 
+![friTap Logo](https://raw.githubusercontent.com/fkie-cad/friTap/main/assets/logo.png)
+
 # Welcome to friTap
 
 friTap is a powerful tool designed to assist researchers in analyzing network traffic encapsulated in SSL/TLS. With its ability to automate key extraction, friTap is especially valuable when dealing with malware analysis or investigating privacy issues in applications. By simplifying the process of decrypting and inspecting encrypted traffic, friTap empowers researchers to uncover critical insights with ease.
@@ -14,10 +16,34 @@ For more details, explore the [OSDFCon webinar slides](https://github.com/fkie-c
 Inspired by [SSL_Logger](https://github.com/google/ssl_logger), friTap supports all major platforms, including Linux, Windows, and Android, with plans to expand to additional platforms and libraries in future releases.
 
 ## Key Features
-- Extracting SSL/TLS key material
-- Generate PCAP files containing only decrypted TLS traffic
+
+The main features of friTap are:
+
+- TLS key extraction in real time
+- Decryption of TLS payload as PCAP in real time
 - Integration with Python
 - Support for custom Frida scripts
+- Support of most common SSL libraries (OpenSSL, BoringSSL, NSS, GnuTLS, etc.)
+
+
+## Motivation
+
+More and more malware leverages TLS encryption to hide its communications and to exfiltrate data to its command server, effectively bypassing traditional detection platforms. Therefore, obtaining decrypted network traffic becomes crucial for digital forensics investigations. Current techniques such as SSL pinning may render established analysis approaches like MitM proxies useless. In many cases, the time-consuming process of reverse engineering the application of interest remains the only option to obtain the keys for decrypting the network traffic.
+
+
+## Concept
+
+friTap is a framework to solve these issues by intercepting the generation of encryption keys used by TLS for the purpose of decrypting the traffic an application sends.
+
+![friTap Workflow](https://raw.githubusercontent.com/fkie-cad/friTap/main/assets/fritap_workflow.png)
+
+Whenever an application decides to create a TLS connection it usually utilizes its appropriate TLS library. This TLS library then creates the TLS socket (TLS handshake x   ). When the TLS handshake is finished the TLS stream is established. 
+
+At this point the application uses the TLS write functions from the used TLS library to write its plaintext to the TLS stream where it gets encapsulated. In addition, the application utilizes the TLS read function from the used TLS library to process the decrypted TLS payload.
+
+friTap identifies the TLS library used and creates the appropriate hooks so that all plaintext is saved into a PCAP. Likewise, the plaintext can be output directly on the command line. Besides the possibility of saving the plaintext of TLS payload into a PCAP, friTap also enables the extraction of the TLS encryption keys. 
+
+
 
 ## Resources
 - [GitHub Repository](https://github.com/fkie-cad/friTap)