tools/sslsniff_example.txt - platform/external/bcc - Gitiles

 Demonstrations of sslsniff.py


 This tool traces the write/send and read/recv functions of OpenSSL,
 GnuTLS and NSS.  Data passed to this functions is printed as plain
 text.  Useful, for example, to sniff HTTP before encrypted with SSL.


 Output of tool executing in other shell "curl https://example.com"

 % sudo python sslsniff.py
 FUNC         TIME(s)            COMM             PID    LEN
 WRITE/SEND   0.000000000        curl             12915  75
 ----- DATA -----
 GET / HTTP/1.1
 Host: example.com
 User-Agent: curl/7.50.1
 Accept: */*


 ----- END DATA -----

 READ/RECV    0.127144585        curl             12915  333
 ----- DATA -----
 HTTP/1.1 200 OK
 Cache-Control: max-age=604800
 Content-Type: text/html
 Date: Tue, 16 Aug 2016 15:42:12 GMT
 Etag: "359670651+gzip+ident"
 Expires: Tue, 23 Aug 2016 15:42:12 GMT
 Last-Modified: Fri, 09 Aug 2013 23:54:35 GMT
 Server: ECS (iad/18CB)
 Vary: Accept-Encoding
 X-Cache: HIT
 x-ec-custom-error: 1
 Content-Length: 1270


 ----- END DATA -----

 READ/RECV    0.129967972        curl             12915  1270
 ----- DATA -----
 <!doctype html>
 <html>
 <head>
     <title>Example Domain</title>

     <meta charset="utf-8" />
     <meta http-equiv="Content-type" content="text/html; charset=utf-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1" />
     <style type="text/css">
     body {
         background-color: #f0f0f2;
         margin: 0;
         padding: 0;
         font-family: "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif;

     }
     div {
         w
 ----- END DATA (TRUNCATED, 798 bytes lost) -----


 USAGE message:

 usage: sslsniff.py [-h] [-p PID] [-c COMM] [-o] [-g] [-n] [-d]

 Sniff SSL data

 optional arguments:
   -h, --help            show this help message and exit
   -p PID, --pid PID     sniff this PID only.
   -c COMM, --comm COMM  sniff only commands matching string.
   -o, --no-openssl      do not show OpenSSL calls.
   -g, --no-gnutls       do not show GnuTLS calls.
   -n, --no-nss          do not show NSS calls.
   -d, --debug           debug mode.

 examples:
     ./sslsniff              # sniff OpenSSL and GnuTLS functions
     ./sslsniff -p 181       # sniff PID 181 only
     ./sslsniff -c curl      # sniff curl command only
     ./sslsniff --no-openssl # don't show OpenSSL calls
     ./sslsniff --no-gnutls  # don't show GnuTLS calls
     ./sslsniff --no-nss     # don't show NSS calls
	Demonstrations of sslsniff.py


	This tool traces the write/send and read/recv functions of OpenSSL,
	GnuTLS and NSS. Data passed to this functions is printed as plain
	text. Useful, for example, to sniff HTTP before encrypted with SSL.


	Output of tool executing in other shell "curl https://example.com"

	% sudo python sslsniff.py
	FUNC TIME(s) COMM PID LEN
	WRITE/SEND 0.000000000 curl 12915 75
	----- DATA -----
	GET / HTTP/1.1
	Host: example.com
	User-Agent: curl/7.50.1
	Accept: /


	----- END DATA -----

	READ/RECV 0.127144585 curl 12915 333
	----- DATA -----
	HTTP/1.1 200 OK
	Cache-Control: max-age=604800
	Content-Type: text/html
	Date: Tue, 16 Aug 2016 15:42:12 GMT
	Etag: "359670651+gzip+ident"
	Expires: Tue, 23 Aug 2016 15:42:12 GMT
	Last-Modified: Fri, 09 Aug 2013 23:54:35 GMT
	Server: ECS (iad/18CB)
	Vary: Accept-Encoding
	X-Cache: HIT
	x-ec-custom-error: 1
	Content-Length: 1270


	----- END DATA -----

	READ/RECV 0.129967972 curl 12915 1270
	----- DATA -----
	<!doctype html>
	<html>
	<head>
	<title>Example Domain</title>

	<meta charset="utf-8" />
	<meta http-equiv="Content-type" content="text/html; charset=utf-8" />
	<meta name="viewport" content="width=device-width, initial-scale=1" />
	<style type="text/css">
	body {
	background-color: #f0f0f2;
	margin: 0;
	padding: 0;
	font-family: "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif;

	}
	div {
	w
	----- END DATA (TRUNCATED, 798 bytes lost) -----




	USAGE message:

	usage: sslsniff.py [-h] [-p PID] [-c COMM] [-o] [-g] [-n] [-d]

	Sniff SSL data

	optional arguments:
	-h, --help show this help message and exit
	-p PID, --pid PID sniff this PID only.
	-c COMM, --comm COMM sniff only commands matching string.
	-o, --no-openssl do not show OpenSSL calls.
	-g, --no-gnutls do not show GnuTLS calls.
	-n, --no-nss do not show NSS calls.
	-d, --debug debug mode.

	examples:
	./sslsniff # sniff OpenSSL and GnuTLS functions
	./sslsniff -p 181 # sniff PID 181 only
	./sslsniff -c curl # sniff curl command only
	./sslsniff --no-openssl # don't show OpenSSL calls
	./sslsniff --no-gnutls # don't show GnuTLS calls
	./sslsniff --no-nss # don't show NSS calls