├── tls_analyzer.py
└── README.md


/tls_analyzer.py:
--------------------------------------------------------------------------------
 1 | import scapy.all as scapy
 2 | 
 3 | def analyze_ssl_tls_traffic(interface):
 4 |     try:
 5 |         print(f"Iniciando el análisis de tráfico SSL/TLS en la interfaz {interface}...")
 6 |         # Filtra paquetes SSL/TLS
 7 |         packets = scapy.sniff(iface=interface, filter="port 443 or port 8443", count=10)
 8 |         
 9 |         for packet in packets:
10 |             if packet.haslayer(scapy.TCP) and packet.haslayer(scapy.TLS):
11 |                 src_ip = packet[scapy.IP].src
12 |                 src_port = packet[scapy.TCP].sport
13 |                 dst_ip = packet[scapy.IP].dst
14 |                 dst_port = packet[scapy.TCP].dport
15 |                 
16 |                 print(f"Paquete SSL/TLS detectado: {src_ip}:{src_port} -> {dst_ip}:{dst_port}")
17 |                 # Aquí puedes agregar más análisis o registro de datos según tus necesidades
18 |                 
19 |     except KeyboardInterrupt:
20 |         print("Análisis de tráfico SSL/TLS detenido por el usuario.")
21 |     except Exception as e:
22 |         print(f"Error: {str(e)}")
23 | 
24 | if __name__ == "__main__":
25 |     interface = input("Ingrese el nombre de la interfaz de red a monitorear (por ejemplo, eth0): ")
26 |     analyze_ssl_tls_traffic(interface)
27 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # TLS-Traffic-Analyzer
 2 | 
 3 | Software utility designed to monitor and analyze network traffic secured with the Transport Layer Security (TLS) protocol. Project for educational purposes only 
 4 | 
 5 | 
 6 | This little project  is a software utility designed to monitor and analyze network traffic secured with the Transport Layer Security (TLS) protocol. TLS is commonly employed to encrypt sensitive data during transmission, often used for secure web browsing, email communication, and more.
 7 | 
 8 | The script itself functions by actively listening to network traffic on a specified network interface. It filters and identifies packets that utilize TLS encryption, often associated with HTTPS (secure web browsing) and other secure protocols. For each detected TLS packet, it extracts essential details, such as the source and destination IP addresses and port numbers. These details are then presented to the user for analysis.
 9 | 
10 | In essence, this script serves as a valuable tool for network administrators and security professionals. It enables them to gain insights into the encrypted traffic passing through a network, helping to identify potentially malicious or suspicious activity, monitor for security breaches, and maintain the overall security and integrity of network communications."
11 | 
12 | 
13 | To install and run the "TLS Traffic Analyzer" script, you'll need to follow these steps:
14 | 
15 | Installation:
16 | 
17 | Install Python: Ensure you have Python 3 installed on your system. You can download Python from the official Python website (https://www.python.org/downloads/) and follow the installation instructions for your specific operating system.
18 | Install Required Libraries: Open a terminal or command prompt and install the required library, scapy, which is used for packet capture and analysis. You can install it using pip:
19 | Copy code
20 | pip install scapy
21 | Running the Script:
22 | 
23 | Download the Script: If you haven't already, download the script to your computer or create a new Python file and copy the script code into it.
24 | Execute the Script:
25 | Open a terminal or command prompt.
26 | Navigate to the directory where the script is located using the cd command.
27 | Run the script using the following command:
28 | Copy code
29 | python script_name.py
30 | Replace script_name.py with the actual name of your Python script.
31 | Input Interface: The script will prompt you to input the name of the network interface that you want to monitor. Enter the name of the network interface (e.g., eth0 or wlan0) and press Enter.
32 | Monitoring: The script will start monitoring network traffic on the specified interface. It will capture and display information about SSL/TLS packets as they are detected.
33 | Analysis: As SSL/TLS packets are captured, the script will display details such as source and destination IP addresses and port numbers.
34 | Exiting: To stop the script and exit the monitoring process, you can press Ctrl+C in the terminal.
35 | Please note that to use this script effectively, you may need administrative or superuser privileges on your system to capture network packets. Also, ensure that you have the necessary permissions to access the network interface you want to monitor.
36 | 
37 | Always use this script responsibly and within legal and ethical boundaries, as monitoring network traffic may be subject to privacy and security regulations in your jurisdiction.
38 | 
39 | Happy hacking!
40 | 
41 | @blindma1den 
42 | 
43 | 
44 | 


--------------------------------------------------------------------------------