# cs-parse-traffic.py
> Decrypt and parse Cobalt Strike beacon network traffic using extracted keys

**Category:** [[categories/explore-network-interactions-monitoring|Explore Network Interactions > Monitoring]] | **Tier:** Rich (FOR610)
**Docs:** [https://docs.remnux.org/discover-the-tools/explore+network+interactions/monitoring](https://docs.remnux.org/discover-the-tools/explore+network+interactions/monitoring)

## Usage
```bash
cs-parse-traffic.py -f <capture.pcap> -k <keys_file>
```

## Workflows
- [[workflows/cobalt-strike-workflow|Cobalt Strike Analysis]] — Step 5: Traffic Decryption

## Related Tools
- [[tools/burp-suite-community-edition|Burp Suite Community Edition]] — Investigate website interactions using this web proxy.
- [[tools/mitmproxy|mitmproxy]] — Interactive HTTPS proxy for intercepting, inspecting, and mo
- [[tools/network-miner-free-edition|Network Miner Free Edition]] — Examine network traffic and carve PCAP capture files.
- [[tools/ngrep|ngrep]] — Search network traffic for patterns — like grep for packets
- [[tools/polarproxy|polarproxy]] — Transparent TLS proxy that decrypts traffic and saves it as 

#cobalt-strike #traffic #decryption