You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
88 lines
2.3 KiB
88 lines
2.3 KiB
Demonstrations of sslsniff.py
|
|
|
|
|
|
This tool traces the write/send and read/recv functions of OpenSSL,
|
|
GnuTLS and NSS. Data passed to this functions is printed as plain
|
|
text. Useful, for example, to sniff HTTP before encrypted with SSL.
|
|
|
|
|
|
Output of tool executing in other shell "curl https://example.com"
|
|
|
|
% sudo python sslsniff.py
|
|
FUNC TIME(s) COMM PID LEN
|
|
WRITE/SEND 0.000000000 curl 12915 75
|
|
----- DATA -----
|
|
GET / HTTP/1.1
|
|
Host: example.com
|
|
User-Agent: curl/7.50.1
|
|
Accept: */*
|
|
|
|
|
|
----- END DATA -----
|
|
|
|
READ/RECV 0.127144585 curl 12915 333
|
|
----- DATA -----
|
|
HTTP/1.1 200 OK
|
|
Cache-Control: max-age=604800
|
|
Content-Type: text/html
|
|
Date: Tue, 16 Aug 2016 15:42:12 GMT
|
|
Etag: "359670651+gzip+ident"
|
|
Expires: Tue, 23 Aug 2016 15:42:12 GMT
|
|
Last-Modified: Fri, 09 Aug 2013 23:54:35 GMT
|
|
Server: ECS (iad/18CB)
|
|
Vary: Accept-Encoding
|
|
X-Cache: HIT
|
|
x-ec-custom-error: 1
|
|
Content-Length: 1270
|
|
|
|
|
|
----- END DATA -----
|
|
|
|
READ/RECV 0.129967972 curl 12915 1270
|
|
----- DATA -----
|
|
<!doctype html>
|
|
<html>
|
|
<head>
|
|
<title>Example Domain</title>
|
|
|
|
<meta charset="utf-8" />
|
|
<meta http-equiv="Content-type" content="text/html; charset=utf-8" />
|
|
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
|
<style type="text/css">
|
|
body {
|
|
background-color: #f0f0f2;
|
|
margin: 0;
|
|
padding: 0;
|
|
font-family: "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif;
|
|
|
|
}
|
|
div {
|
|
w
|
|
----- END DATA (TRUNCATED, 798 bytes lost) -----
|
|
|
|
|
|
|
|
|
|
USAGE message:
|
|
|
|
usage: sslsniff.py [-h] [-p PID] [-c COMM] [-o] [-g] [-n] [-d]
|
|
|
|
Sniff SSL data
|
|
|
|
optional arguments:
|
|
-h, --help show this help message and exit
|
|
-p PID, --pid PID sniff this PID only.
|
|
-c COMM, --comm COMM sniff only commands matching string.
|
|
-o, --no-openssl do not show OpenSSL calls.
|
|
-g, --no-gnutls do not show GnuTLS calls.
|
|
-n, --no-nss do not show NSS calls.
|
|
-d, --debug debug mode.
|
|
|
|
examples:
|
|
./sslsniff # sniff OpenSSL and GnuTLS functions
|
|
./sslsniff -p 181 # sniff PID 181 only
|
|
./sslsniff -c curl # sniff curl command only
|
|
./sslsniff --no-openssl # don't show OpenSSL calls
|
|
./sslsniff --no-gnutls # don't show GnuTLS calls
|
|
./sslsniff --no-nss # don't show NSS calls
|