Decrypt KLAP data from PCAP files (#1041)

Allows for decryption of pcap files capturing klap communication with devices.
2025-10-12 18:38:03 +00:00 · 2024-07-15 07:18:43 -05:00
parent a2b7daa069
commit 7e9b1687d0
3 changed files with 335 additions and 0 deletions
--- a/devtools/README.md
+++ b/devtools/README.md
@@ -99,3 +99,30 @@ id
 New parser, parsing 100000 messages took 0.6339647499989951 seconds
 Old parser, parsing 100000 messages took 9.473990250000497 seconds
 ```
+
+
+## parse_pcap_klap
+
+* A tool to allow KLAP data to be exported, in JSON, from a PCAP file of encrypted requests.
+
+* NOTE: must install pyshark (`pip install pyshark`).
+* pyshark requires Wireshark or tshark to be installed on windows and tshark to be installed
+on linux (`apt get tshark`)
+
+```shell
+Usage: parse_pcap_klap.py [OPTIONS]
+
+  Export KLAP data in JSON format from a PCAP file.
+
+Options:
+  --host TEXT            the IP of the smart device as it appears in the pcap
+                         file.  [required]
+  --username TEXT        Username/email address to authenticate to device.
+                         [required]
+  --password TEXT        Password to use to authenticate to device.
+                         [required]
+  --pcap-file-path TEXT  The path to the pcap file to parse.  [required]
+  -o, --output TEXT      The name of the output file, relative to the current
+                         directory.
+  --help                 Show this message and exit.
+```