11 Repos
Hooks into library functions to intercept and decrypt TLS-encrypted network traffic for recording and analysis.
Distinct from Message Decryption: Distinct from Message Decryption: focuses on intercepting and decrypting live network traffic streams rather than processing individual application messages.
Explore 11 awesome GitHub repositories matching security & cryptography · Traffic Decryption. Refine with filters or upvote what's useful.
Keploy is an automated testing platform that leverages kernel-level traffic interception to generate and maintain regression test suites for microservices. By capturing live network traffic and system calls via eBPF, the platform automatically creates deterministic test cases and mocks external dependencies without requiring manual code instrumentation. This approach allows developers to validate application behavior and API contracts by replaying production-like traffic in isolated environments. The platform distinguishes itself through its use of machine learning to perform test maintenance
Captures TLS-encrypted network data by hooking into library functions to ensure visibility into secure communication channels during the recording process.
Ecapture is a suite of specialized auditing tools designed to capture plaintext database queries, log executed shell commands, forward packet captures, and decrypt TLS traffic. The system extracts plaintext content from encrypted communications and TLS master secrets without requiring CA certificates. It further monitors data interactions by capturing SQL queries from database instances and recording commands from shell environments for host-level auditing. The toolset includes capabilities for network traffic analysis, exporting captured data to pcapng files, and forwarding events to extern
Hooks into library functions to intercept and decrypt TLS-encrypted network traffic for plaintext analysis.
Proxypin is a cross-platform HTTP and HTTPS proxy debugger designed to capture, inspect, and modify network traffic. It functions as a man-in-the-middle interceptor, allowing developers to analyze application data flows and validate network communication during development and testing. The tool distinguishes itself through its focus on mobile and remote device integration, utilizing QR-code-based configuration synchronization to simplify the setup of proxy settings and security certificates. It includes an event-driven scripting engine that enables programmatic manipulation of requests and re
Provides real-time decryption of TLS-encrypted network traffic to enable inspection of secure data payloads during development.
Mizu is a suite of tools for capturing, indexing, and visualizing cloud-native network traffic and decrypted payloads for cluster-wide diagnostics. It provides Kubernetes network observability by using eBPF to index and visualize layer 4 and layer 7 traffic with full cluster context, allowing for the mapping of workload dependencies and the diagnosis of network failures. The project distinguishes itself by using kernel-level hooks to decrypt TLS traffic in plain text without requiring private keys. It further integrates a standardized context protocol to expose indexed network telemetry to AI
Intercepts and decrypts live TLS-encrypted network traffic using kernel-level hooks without requiring private keys.
airgeddon is a bash-based wireless network audit suite and security toolkit for Linux. It serves as a framework for testing wireless vulnerabilities and verifying network configurations across various encryption standards, including WPA, WEP, and WPS. The project functions as an orchestration layer that integrates a collection of third-party wireless security tools. It features a modular approach to attack vectorization, coordinating tasks such as evil twin simulations with captive portals, WPA handshake interception, and the execution of WPS vulnerability tests. Its capabilities cover a bro
Enables offline decryption of captured wireless handshakes for both personal and enterprise network configurations.
Proxyman is a cross-platform HTTP debugging proxy that captures, inspects, and modifies HTTP, HTTPS, and WebSocket traffic. It functions as a man-in-the-middle proxy, decrypting SSL/TLS traffic to allow real-time inspection and modification of encrypted requests and responses. The tool is designed for debugging web and mobile applications, with capabilities for API mocking and simulation, scriptable traffic modification, and team collaboration on network logs. What distinguishes Proxyman is its deep integration with mobile and cross-platform development workflows. It provides automated certif
Specifies which apps, domains, or wildcard patterns should have their traffic decrypted.
Kyanos is a diagnostic toolset for network analysis that uses eBPF to measure packet latency and trace traffic from the network card to the application. It functions as a kernel latency profiler and network performance monitor, providing capabilities to map external dependencies and capture network traffic. The project is distinguished by its ability to perform automatic SSL traffic decryption, converting encrypted requests and responses into plaintext for analysis. It further isolates bottlenecks by attributing latency across multiple stages, specifically tracing the time packets spend withi
Intercepts network traffic and presents request and response content in plaintext via automatic decryption.
AdguardFilters is a collection of curated adblock filter lists, content blocking rulesets, and DNS blocklists. Its primary purpose is to provide the rules necessary to identify and remove advertisements, tracking scripts, and intrusive elements across web browsers and applications. The project includes specialized rules for cosmetic filtering to hide layout gaps and a malware domain database to block phishing and spyware destinations. It provides distinct filtering sets for different regions and purposes, such as social media blocking. The repository covers broad capability areas including m
Decrypts encrypted traffic using a local root certificate to filter content before re-encrypting it.
PCAPdroid is an Android network traffic analyzer and packet capture tool that operates without requiring root access. It functions as a VPN-based firewall and network controller, capable of recording traffic in PCAPng format and blocking connections to specific domains or malicious hosts. The project distinguishes itself through a proxy-based system for decrypting TLS traffic and routing device network traffic through SOCKS5 proxies or the Tor network. It further allows for the modification of live HTTP requests and responses via custom scripts. Its capabilities cover application connection
Decrypts HTTPS traffic by acting as a man-in-the-middle with a custom certificate authority.
Shadowrocket is a proxy client application for mobile devices that functions as a multi-protocol proxy manager and a rule-based traffic router. It acts as a programmable network gateway, utilizing a virtual network interface to route system-level traffic through secure tunnels. The project distinguishes itself through a programmable environment that executes JavaScript scripts and modules to automate DNS resolution and handle complex network request logic. It further provides an HTTPS traffic inspector capable of decrypting encrypted traffic using custom certificates to modify headers and rew
Intercepts and decrypts TLS-encrypted HTTPS traffic using custom root certificates for analysis and modification.
This project is a wireless network security toolkit designed for monitoring wireless traffic and exploiting vulnerabilities in network authentication protocols. It provides a suite of tools for scanning networks, capturing authentication handshakes, and testing the security of wireless access points. The toolkit includes a password wordlist generator to create custom lists for offline key recovery and a handshake cracker to recover encrypted keys using brute-force methods. It also features a vulnerability scanner specifically for testing the security of the Wireless Protected Setup pin system
Performs offline decryption of WPA/WPA2 handshakes using wordlists and brute-force methods.