-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathsni_finder.py
41 lines (30 loc) · 1.15 KB
/
sni_finder.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
import pyshark
from prettytable import PrettyTable
import argparse
def extract_tls_sni(packet):
try:
tls_layer = packet.tls
sni = tls_layer.handshake_extensions_server_name
return sni
except AttributeError:
return None
def main(pcap_file):
capture = pyshark.FileCapture(pcap_file)
table = PrettyTable()
table.field_names = ["Source IP", "Source Port", "Destination IP", "Destination Port", "TLS SNI"]
for packet in capture:
if 'IP' in packet and 'TCP' in packet and 'TLS' in packet:
sni = extract_tls_sni(packet)
if sni is not None:
src_ip = packet.ip.src
dst_ip = packet.ip.dst
src_port = packet.tcp.srcport
dst_port = packet.tcp.dstport
table.add_row([src_ip, src_port, dst_ip, dst_port, sni])
capture.close()
print(table)
if __name__ == "__main__":
parser = argparse.ArgumentParser(description='Extract TLS SNI field from a PCAP file.')
parser.add_argument('pcap_file', type=str, help='The path to the PCAP file to analyze.')
args = parser.parse_args()
main(args.pcap_file)