| .TH sslsniff 8 "2016-08-16" "USER COMMANDS" |
| .SH NAME |
| sslsniff \- Print data passed to OpenSSL, GnuTLS or NSS. Uses Linux eBPF/bcc. |
| .SH SYNOPSIS |
| .B sslsniff [-h] [-p PID] [-c COMM] [-o] [-g] [-n] [-d] |
| .SH DESCRIPTION |
| sslsniff prints data sent to write/send and read/recv functions of |
| OpenSSL, GnuTLS and NSS, allowing us to read plain text content before |
| encryption (when writing) and after decryption (when reading). |
| |
| This works reading the second parameter of both functions (*buf). |
| |
| Since this uses BPF, only the root user can use this tool. |
| .SH REQUIREMENTS |
| CONFIG_BPF and bcc. |
| .SH EXAMPLES |
| .TP |
| Print all calls to SSL write/send and read/recv system-wide: |
| # |
| .B sslsniff |
| .SH FIELDS |
| .TP |
| FUNC |
| Which function is being called (write/send or read/recv) |
| .TP |
| TIME |
| Time of the command, in seconds. |
| .TP |
| COMM |
| Entered command. |
| .TP |
| PID |
| Process ID calling SSL. |
| .TP |
| LEN |
| Bytes written or read by SSL functions. |
| .SH SOURCE |
| This is from bcc. |
| .IP |
| https://github.com/iovisor/bcc |
| .PP |
| Also look in the bcc distribution for a companion _examples.txt file containing |
| example usage, output, and commentary for this tool. |
| .SH OS |
| Linux |
| .SH STABILITY |
| Unstable - in development. |
| .SH AUTHORS |
| Adrian Lopez and Mark Drayton |
| .SH SEE ALSO |
| trace(8) |