blob: c16b57285cec3628bf999eb1f570bc18952ab0f3 [file] [log] [blame]
Demonstrations of sslsniff.py
This tool traces the OpenSSL functions SSL_READ and SSL_WRITE.
Data passed to this functions is printed as plain text.
Useful, for example, to sniff HTTP before encrypted with SSL.
Output of tool executing in other shell "curl https://example.com"
% sudo python sslsniff.py
FUNC TIME(s) COMM PID LEN
SSL_WRITE 0.000000000 curl 12915 75
----- DATA -----
GET / HTTP/1.1
Host: example.com
User-Agent: curl/7.50.1
Accept: */*
----- END DATA -----
SSL_READ 0.127144585 curl 12915 333
----- DATA -----
HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: text/html
Date: Tue, 16 Aug 2016 15:42:12 GMT
Etag: "359670651+gzip+ident"
Expires: Tue, 23 Aug 2016 15:42:12 GMT
Last-Modified: Fri, 09 Aug 2013 23:54:35 GMT
Server: ECS (iad/18CB)
Vary: Accept-Encoding
X-Cache: HIT
x-ec-custom-error: 1
Content-Length: 1270
----- END DATA -----
SSL_READ 0.129967972 curl 12915 1270
----- DATA -----
<!doctype html>
<html>
<head>
<title>Example Domain</title>
<meta charset="utf-8" />
<meta http-equiv="Content-type" content="text/html; charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<style type="text/css">
body {
background-color: #f0f0f2;
margin: 0;
padding: 0;
font-family: "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif;
}
div {
w
----- END DATA (TRUNCATED, 798 bytes lost) -----
USAGE message:
usage: sslsniff.py [-h] [-p PID] [-c COMM] [-o] [-g] [-d]
Sniff SSL data
optional arguments:
-h, --help show this help message and exit
-p PID, --pid PID sniff this PID only.
-c COMM, --comm COMM sniff only commands matching string.
-o, --no-openssl do not show OpenSSL calls.
-g, --no-gnutls do not show GnuTLS calls.
-d, --debug debug mode.
examples:
./sslsniff # sniff OpenSSL and GnuTLS functions
./sslsniff -p 181 # sniff PID 181 only
./sslsniff -c curl # sniff curl command only
./sslsniff --no-openssl # don't show OpenSSL calls
./sslsniff --no-gnutls # don't show GnuTLS calls