1sslsniff(8) System Manager's Manual sslsniff(8)
2
3
4
6 sslsniff - Print data passed to OpenSSL, GnuTLS or NSS. Uses Linux
7 eBPF/bcc.
8
10 sslsniff [-h] [-p PID] [-c COMM] [-o] [-g] [-n] [-d]
11
13 sslsniff prints data sent to write/send and read/recv functions of
14 OpenSSL, GnuTLS and NSS, allowing us to read plain text content before
15 encryption (when writing) and after decryption (when reading).
16
17 This works reading the second parameter of both functions (*buf).
18
19 Since this uses BPF, only the root user can use this tool.
20
22 CONFIG_BPF and bcc.
23
25 Print all calls to SSL write/send and read/recv system-wide:
26 # sslsniff
27
29 FUNC Which function is being called (write/send or read/recv)
30
31 TIME Time of the command, in seconds.
32
33 COMM Entered command.
34
35 PID Process ID calling SSL.
36
37 LEN Bytes written or read by SSL functions.
38
40 This is from bcc.
41
42 https://github.com/iovisor/bcc
43
44 Also look in the bcc distribution for a companion _examples.txt file
45 containing example usage, output, and commentary for this tool.
46
48 Linux
49
51 Unstable - in development.
52
54 Adrian Lopez and Mark Drayton
55
57 trace(8)
58
59
60
61USER COMMANDS 2016-08-16 sslsniff(8)