1sslsniff(8)                 System Manager's Manual                sslsniff(8)
2
3
4

NAME

6       sslsniff  -  Print  data  passed  to OpenSSL, GnuTLS or NSS. Uses Linux
7       eBPF/bcc.
8

SYNOPSIS

10       sslsniff [-h] [-p PID] [-c COMM] [-o] [-g] [-n] [-d]
11

DESCRIPTION

13       sslsniff prints data sent to  write/send  and  read/recv  functions  of
14       OpenSSL,  GnuTLS and NSS, allowing us to read plain text content before
15       encryption (when writing) and after decryption (when reading).
16
17       This works reading the second parameter of both functions (*buf).
18
19       Since this uses BPF, only the root user can use this tool.
20

REQUIREMENTS

22       CONFIG_BPF and bcc.
23

EXAMPLES

25       Print all calls to SSL write/send and read/recv system-wide:
26              # sslsniff
27

FIELDS

29       FUNC   Which function is being called (write/send or read/recv)
30
31       TIME   Time of the command, in seconds.
32
33       COMM   Entered command.
34
35       PID    Process ID calling SSL.
36
37       LEN    Bytes written or read by SSL functions.
38

SOURCE

40       This is from bcc.
41
42              https://github.com/iovisor/bcc
43
44       Also look in the bcc distribution for a  companion  _examples.txt  file
45       containing example usage, output, and commentary for this tool.
46

OS

48       Linux
49

STABILITY

51       Unstable - in development.
52

AUTHORS

54       Adrian Lopez and Mark Drayton
55

SEE ALSO

57       trace(8)
58
59
60
61USER COMMANDS                     2016-08-16                       sslsniff(8)
Impressum