Decrypt TLS traffic from a pcap file
- Wireshark
- TLS 1.2 or 1.3 capture file
- Key log file
usage: decrypt.py [-h] PCAP KEYLOGFILE
positional arguments:
PCAP PCAP path
KEYLOGFILE KEYLOGFILE path
options:
-h, --help show this help message and exit
TLS 1.2
$ ./decrypt.py data/tls2/dump.pcapng data/tls2/premaster.txt
dsb-pcap saved to: data/tls2/dsb-dump.pcapngFiles: dump.pcapng, premaster.txt
TLS 1.3
$ ./decrypt.py data/tls3/tls3.cryptohack.org.pcapng data/tls3/keylogfile.txt
dsb-pcap saved to: data/tls3/dsb-tls3.cryptohack.org.pcapng