52 lines
1.2 KiB
Groff
52 lines
1.2 KiB
Groff
|
.TH sslsniff 8 "2016-08-16" "USER COMMANDS"
|
||
|
|
.SH NAME
|
||
|
|
sslsniff \- Print data passed to OpenSSL, GnuTLS or NSS. Uses Linux eBPF/bcc.
|
||
|
|
.SH SYNOPSIS
|
||
|
|
.B sslsniff [-h] [-p PID] [-c COMM] [-o] [-g] [-n] [-d]
|
||
|
|
.SH DESCRIPTION
|
||
|
|
sslsniff prints data sent to write/send and read/recv functions of
|
||
|
|
OpenSSL, GnuTLS and NSS, allowing us to read plain text content before
|
||
|
|
encryption (when writing) and after decryption (when reading).
|
||
|
|
|
||
|
|
This works reading the second parameter of both functions (*buf).
|
||
|
|
|
||
|
|
Since this uses BPF, only the root user can use this tool.
|
||
|
|
.SH REQUIREMENTS
|
||
|
|
CONFIG_BPF and bcc.
|
||
|
|
.SH EXAMPLES
|
||
|
|
.TP
|
||
|
|
Print all calls to SSL write/send and read/recv system-wide:
|
||
|
|
#
|
||
|
|
.B sslsniff
|
||
|
|
.SH FIELDS
|
||
|
|
.TP
|
||
|
|
FUNC
|
||
|
|
Which function is being called (write/send or read/recv)
|
||
|
|
.TP
|
||
|
|
TIME
|
||
|
|
Time of the command, in seconds.
|
||
|
|
.TP
|
||
|
|
COMM
|
||
|
|
Entered command.
|
||
|
|
.TP
|
||
|
|
PID
|
||
|
|
Process ID calling SSL.
|
||
|
|
.TP
|
||
|
|
LEN
|
||
|
|
Bytes written or read by SSL functions.
|
||
|
|
.SH SOURCE
|
||
|
|
This is from bcc.
|
||
|
|
.IP
|
||
|
|
https://github.com/iovisor/bcc
|
||
|
|
.PP
|
||
|
|
Also look in the bcc distribution for a companion _examples.txt file containing
|
||
|
|
example usage, output, and commentary for this tool.
|
||
|
|
.SH OS
|
||
|
|
Linux
|
||
|
|
.SH STABILITY
|
||
|
|
Unstable - in development.
|
||
|
|
.SH AUTHORS
|
||
|
|
Adrian Lopez and Mark Drayton
|
||
|
|
.SH SEE ALSO
|
||
|
|
trace(8)
|