Home | History | Annotate | Download | only in tools 
      1 Demonstrations of sslsniff.py
      2 
      3 
      4 This tool traces the write/send and read/recv functions of OpenSSL,
      5 GnuTLS and NSS.  Data passed to this functions is printed as plain
      6 text.  Useful, for example, to sniff HTTP before encrypted with SSL.
      7 
      8 
      9 Output of tool executing in other shell "curl https://example.com"
     10 
     11 % sudo python sslsniff.py
     12 FUNC         TIME(s)            COMM             PID    LEN   
     13 WRITE/SEND   0.000000000        curl             12915  75    
     14 ----- DATA -----
     15 GET / HTTP/1.1
     16 Host: example.com
     17 User-Agent: curl/7.50.1
     18 Accept: */*
     19 
     20 
     21 ----- END DATA -----
     22 
     23 READ/RECV    0.127144585        curl             12915  333   
     24 ----- DATA -----
     25 HTTP/1.1 200 OK
     26 Cache-Control: max-age=604800
     27 Content-Type: text/html
     28 Date: Tue, 16 Aug 2016 15:42:12 GMT
     29 Etag: "359670651+gzip+ident"
     30 Expires: Tue, 23 Aug 2016 15:42:12 GMT
     31 Last-Modified: Fri, 09 Aug 2013 23:54:35 GMT
     32 Server: ECS (iad/18CB)
     33 Vary: Accept-Encoding
     34 X-Cache: HIT
     35 x-ec-custom-error: 1
     36 Content-Length: 1270
     37 
     38 
     39 ----- END DATA -----
     40 
     41 READ/RECV    0.129967972        curl             12915  1270  
     42 ----- DATA -----
     43 <!doctype html>
     44 <html>
     45 <head>
     46     <title>Example Domain</title>
     47 
     48     <meta charset="utf-8" />
     49     <meta http-equiv="Content-type" content="text/html; charset=utf-8" />
     50     <meta name="viewport" content="width=device-width, initial-scale=1" />
     51     <style type="text/css">
     52     body {
     53         background-color: #f0f0f2;
     54         margin: 0;
     55         padding: 0;
     56         font-family: "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif;
     57         
     58     }
     59     div {
     60         w
     61 ----- END DATA (TRUNCATED, 798 bytes lost) -----
     62 
     63 
     64 
     65 
     66 USAGE message:
     67 
     68 usage: sslsniff.py [-h] [-p PID] [-c COMM] [-o] [-g] [-n] [-d]
     69 
     70 Sniff SSL data
     71 
     72 optional arguments:
     73   -h, --help            show this help message and exit
     74   -p PID, --pid PID     sniff this PID only.
     75   -c COMM, --comm COMM  sniff only commands matching string.
     76   -o, --no-openssl      do not show OpenSSL calls.
     77   -g, --no-gnutls       do not show GnuTLS calls.
     78   -n, --no-nss          do not show NSS calls.
     79   -d, --debug           debug mode.
     80 
     81 examples:
     82     ./sslsniff              # sniff OpenSSL and GnuTLS functions
     83     ./sslsniff -p 181       # sniff PID 181 only
     84     ./sslsniff -c curl      # sniff curl command only
     85     ./sslsniff --no-openssl # don't show OpenSSL calls
     86     ./sslsniff --no-gnutls  # don't show GnuTLS calls
     87     ./sslsniff --no-nss     # don't show NSS calls
     88