Metadata-Version: 2.1
Name: pcap_blur
Version: 1.0.2
Summary: Pcap Blur is a command line tool that anonymizes network traffic.
Home-page: https://github.com/rafaelsilva81/pcap-blur
Author: Rafael Galdino da Silva
Author-email: rafaelgaldinosilva81@gmail.com
License: MIT
Classifier: Development Status :: 5 - Production/Stable
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Topic :: Security
Classifier: Topic :: Security :: Cryptography
Classifier: Topic :: System :: Networking
Classifier: Topic :: Utilities
Requires-Python: >=3.10
Description-Content-Type: text/markdown
License-File: LICENSE.MD
Requires-Dist: altgraph==0.17.4
Requires-Dist: annotated-types==0.6.0
Requires-Dist: anyio==4.3.0
Requires-Dist: appdirs==1.4.4
Requires-Dist: certifi==2024.2.2
Requires-Dist: cffi==1.16.0
Requires-Dist: click==8.1.7
Requires-Dist: colorama==0.4.6
Requires-Dist: cryptography==42.0.7
Requires-Dist: dnspython==2.6.1
Requires-Dist: email_validator==2.1.1
Requires-Dist: fastapi==0.111.0
Requires-Dist: fastapi-cli==0.0.3
Requires-Dist: h11==0.14.0
Requires-Dist: httpcore==1.0.5
Requires-Dist: httptools==0.6.1
Requires-Dist: httpx==0.27.0
Requires-Dist: idna==3.7
Requires-Dist: Jinja2==3.1.4
Requires-Dist: line_profiler==4.1.3
Requires-Dist: lxml==5.2.1
Requires-Dist: markdown-it-py==3.0.0
Requires-Dist: MarkupSafe==2.1.5
Requires-Dist: mdurl==0.1.2
Requires-Dist: memory-profiler==0.61.0
Requires-Dist: orjson==3.10.3
Requires-Dist: packaging==24.0
Requires-Dist: pefile==2023.2.7
Requires-Dist: picologging==0.9.3
Requires-Dist: psutil==5.9.8
Requires-Dist: py-spy==0.3.14
Requires-Dist: pycparser==2.22
Requires-Dist: pycryptodome==3.20.0
Requires-Dist: pydantic==2.7.1
Requires-Dist: pydantic_core==2.18.2
Requires-Dist: Pygments==2.18.0
Requires-Dist: pyinstaller==6.5.0
Requires-Dist: pyinstaller-hooks-contrib==2024.3
Requires-Dist: python-dotenv==1.0.1
Requires-Dist: python-multipart==0.0.9
Requires-Dist: pytz==2024.1
Requires-Dist: pywin32-ctypes==0.2.2
Requires-Dist: PyYAML==6.0.1
Requires-Dist: rich==13.7.1
Requires-Dist: scapy==2.5.0
Requires-Dist: setuptools==69.2.0
Requires-Dist: shellingham==1.5.4
Requires-Dist: sniffio==1.3.1
Requires-Dist: starlette==0.37.2
Requires-Dist: termcolor==2.4.0
Requires-Dist: typer==0.12.3
Requires-Dist: typing_extensions==4.11.0
Requires-Dist: tzdata==2024.1
Requires-Dist: tzlocal==5.2
Requires-Dist: ujson==5.9.0
Requires-Dist: uvicorn==0.29.0
Requires-Dist: watchfiles==0.21.0
Requires-Dist: websockets==12.0
Requires-Dist: yacryptopan==1.0.1

# Pcap_Blur

`pcap_blur` is a command line tool for anonymizing network traffic captured in `.pcap` or `.pcapng` files in a simple yet secure way. The main purpose of this tool is to allow anyone to anonymize their own network traffic for research, testing, or educational purposes. The main focus of `pcap_blur` is on anonymization of Internet traffic under the TCP/IP stack.

## Installation

### Windows

1. Download and install [Python 3.10 or later](https://www.python.org/downloads/windows/) and [pip](https://pypi.org/project/pip/)

2. Download and install the latest version of [Npcap](https://nmap.org/npcap/)

> It is advised to turn **off** the `Winpcap compatibility mode` option during installation

3. Install `pcap_blur` using `pip`:

```bash
pip install pcap_blur
```

### Linux

1. Install [Python 3.10 or later](https://www.python.org/downloads/) and [pip](https://pypi.org/project/pip/)

2. Install [libpcap](https://www.tcpdump.org/)

For Debian based distributions:

```bash
sudo apt install libpcap-dev
```

For Fedora/Red Hat based distributions:

```bash
sudo yum install libpcap-devel
```

3. Install `pcap_blur` using `pip`:

```bash
pip install pcap_blur
```

## Usage

The main usage of `pcap_blur` is to anonymize a .pcap file. To do this, you can use the following command:

```bash
pcap_blur path/to/file.pcap
```

By default, the output file will be named `file_anonymized.pcap` and together with the log file will be saved in a folder named `output`. You can change the output folder and filename by using the `--outDir` and `--outName` options, respectively.

```bash
pcap_blur path/to/file.pcap --outDir /new_output_folder --outName new_name.pcap
```

You can also use the `--batch` option to anonymize multiple
capture files in a folder.

```bash
pcap_blur --batch /path/to/folder
```

Using this option, an `output` folder will be created in the specified folder and the anonymized files will be saved in it. All the logs will be saved individually under the `output/logs` folder. You can change the output folder by using the `--outDir` option.

```bash
pcap_blur --batch /path/to/folder --outDir /new_output_folder
```

You can use the `--validate` option to validate the anonymization of a .pcap file. This option will compare the original and anonymized files and search if any of the original information is found in the anonymized packets.

```bash
pcap_blur --validate path/to/original_file.pcap path/to/anonymized_file.pcap
```

Below is a table with all the command line options available for `pcap_blur`:

| Option                                                   | Description                                                                                       | Default                                                        |
| -------------------------------------------------------- | ------------------------------------------------------------------------------------------------- | -------------------------------------------------------------- |
| `path`                                                   | Path to the capture file to be anonymized.                                                        | None                                                           |
| `--batch`                                                | Specify a folder for batch anonymization.                                                         | None                                                           |
| `--outDir ${directory}`                                  | Set the output directory for the anonymized capture file(s).                                      | `output` or `${original_folder}/output` if used with `--batch` |
| `--outName ${filename}`                                  | Set the filename of the anonymized capture file. Can only be used with single file anonymization. | `${original_filename}.anon.pcap`                               |
| `--version`                                              | Show the version of the tool.                                                                     | None                                                           |
| `--validate ${original_filename} ${anonymized_filename}` | Validate the anonymization of a capture file.                                                     | None                                                           |

## Anonymization Policy

`pcap_blur` uses an anonymization policy defined by the original author (me) for a final project at the Federal University of Ceará (UFC), which is based on the following principles:

- Focus on anonymizing Internet traffic under the TCP/IP stack.
- Anonymization that provides a good balance between privacy and usability.
- Anonymization that is simple and easy to understand.

Below is a table of the fields that are anonymized and the anonymization method used:

| Field            | Anonymization Method                  |
| ---------------- | ------------------------------------- |
| MAC Adresses     | Double permutation                    |
| IP Adresses      | Prefix-preserving pseudorandomization |
| Port Numbers     | Permutation                           |
| Timestamps       | Precision degradation                 |
| Application Data | Black marker                          |

You can find more information about the anonymization policy and other edge-case scenarios on the final paper (link to be added).

## Building from source

If you wish to use `pcap_blur` from source instead of using the pre-built binary or if you want to modify the source code before running it, you can follow these steps:

1. Install [Python 3.10 or later](https://www.python.org/downloads/)

2. Clone the repository:

```bash
git clone https://github.com/rafaelsilva81/pcap_blur.git
```

3. (Optionally) Initialize a virtual environment with [venv](https://docs.python.org/3/library/venv.html):

4. Install the dependencies:

```bash
pip install -r requirements.txt
```

5. Run the tool by executing the `main.py` script:

```bash
python main.py --version
```

## License

This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details

## Contributing

Contributions are welcome! Please file an issue or submit a pull request. For major changes, please open an issue first to discuss what you would like to change.

## Acknowledgments

- [Scapy](https://scapy.net/) - A powerful and flexible packet manipulation library for Python.
- [YaCryptoPan](https://github.com/yacryptopan/yacryptopan) - A Python library for CrpyoPAn, a cryptographic anonymization algorithm.
- [Netresec Publicly available PCAP files](https://netresec.com/?page=public-pcap-files) - A collection of publically available PCAP files for testing and research purposes.
