You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
52 lines
1.2 KiB
52 lines
1.2 KiB
.TH sslsniff 8 "2016-08-16" "USER COMMANDS"
|
|
.SH NAME
|
|
sslsniff \- Print data passed to OpenSSL, GnuTLS or NSS. Uses Linux eBPF/bcc.
|
|
.SH SYNOPSIS
|
|
.B sslsniff [-h] [-p PID] [-c COMM] [-o] [-g] [-n] [-d]
|
|
.SH DESCRIPTION
|
|
sslsniff prints data sent to write/send and read/recv functions of
|
|
OpenSSL, GnuTLS and NSS, allowing us to read plain text content before
|
|
encryption (when writing) and after decryption (when reading).
|
|
|
|
This works reading the second parameter of both functions (*buf).
|
|
|
|
Since this uses BPF, only the root user can use this tool.
|
|
.SH REQUIREMENTS
|
|
CONFIG_BPF and bcc.
|
|
.SH EXAMPLES
|
|
.TP
|
|
Print all calls to SSL write/send and read/recv system-wide:
|
|
#
|
|
.B sslsniff
|
|
.SH FIELDS
|
|
.TP
|
|
FUNC
|
|
Which function is being called (write/send or read/recv)
|
|
.TP
|
|
TIME
|
|
Time of the command, in seconds.
|
|
.TP
|
|
COMM
|
|
Entered command.
|
|
.TP
|
|
PID
|
|
Process ID calling SSL.
|
|
.TP
|
|
LEN
|
|
Bytes written or read by SSL functions.
|
|
.SH SOURCE
|
|
This is from bcc.
|
|
.IP
|
|
https://github.com/iovisor/bcc
|
|
.PP
|
|
Also look in the bcc distribution for a companion _examples.txt file containing
|
|
example usage, output, and commentary for this tool.
|
|
.SH OS
|
|
Linux
|
|
.SH STABILITY
|
|
Unstable - in development.
|
|
.SH AUTHORS
|
|
Adrian Lopez and Mark Drayton
|
|
.SH SEE ALSO
|
|
trace(8)
|