blob: 8c51722651d225f6df5e776c90384e8bbe095953 [file] [log] [blame]
Demonstrations of
This tool traces the write/send and read/recv functions of OpenSSL,
GnuTLS and NSS. Data passed to this functions is printed as plain
text. Useful, for example, to sniff HTTP before encrypted with SSL.
Output of tool executing in other shell "curl"
% sudo python
WRITE/SEND 0.000000000 curl 12915 75
----- DATA -----
GET / HTTP/1.1
User-Agent: curl/7.50.1
Accept: */*
----- END DATA -----
READ/RECV 0.127144585 curl 12915 333
----- DATA -----
HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: text/html
Date: Tue, 16 Aug 2016 15:42:12 GMT
Etag: "359670651+gzip+ident"
Expires: Tue, 23 Aug 2016 15:42:12 GMT
Last-Modified: Fri, 09 Aug 2013 23:54:35 GMT
Server: ECS (iad/18CB)
Vary: Accept-Encoding
X-Cache: HIT
x-ec-custom-error: 1
Content-Length: 1270
----- END DATA -----
READ/RECV 0.129967972 curl 12915 1270
----- DATA -----
<!doctype html>
<title>Example Domain</title>
<meta charset="utf-8" />
<meta http-equiv="Content-type" content="text/html; charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<style type="text/css">
body {
background-color: #f0f0f2;
margin: 0;
padding: 0;
font-family: "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif;
div {
----- END DATA (TRUNCATED, 798 bytes lost) -----
USAGE message:
usage: [-h] [-p PID] [-c COMM] [-o] [-g] [-n] [-d]
Sniff SSL data
optional arguments:
-h, --help show this help message and exit
-p PID, --pid PID sniff this PID only.
-c COMM, --comm COMM sniff only commands matching string.
-o, --no-openssl do not show OpenSSL calls.
-g, --no-gnutls do not show GnuTLS calls.
-n, --no-nss do not show NSS calls.
-d, --debug debug mode.
./sslsniff # sniff OpenSSL and GnuTLS functions
./sslsniff -p 181 # sniff PID 181 only
./sslsniff -c curl # sniff curl command only
./sslsniff --no-openssl # don't show OpenSSL calls
./sslsniff --no-gnutls # don't show GnuTLS calls
./sslsniff --no-nss # don't show NSS calls