1Demonstrations of sslsniff.py
2
3
4This tool traces the write/send and read/recv functions of OpenSSL,
5GnuTLS and NSS.  Data passed to this functions is printed as plain
6text.  Useful, for example, to sniff HTTP before encrypted with SSL.
7
8
9Output of tool executing in other shell "curl https://example.com"
10
11% sudo python sslsniff.py
12FUNC         TIME(s)            COMM             PID    LEN
13WRITE/SEND   0.000000000        curl             12915  75
14----- DATA -----
15GET / HTTP/1.1
16Host: example.com
17User-Agent: curl/7.50.1
18Accept: */*
19
20
21----- END DATA -----
22
23READ/RECV    0.127144585        curl             12915  333
24----- DATA -----
25HTTP/1.1 200 OK
26Cache-Control: max-age=604800
27Content-Type: text/html
28Date: Tue, 16 Aug 2016 15:42:12 GMT
29Etag: "359670651+gzip+ident"
30Expires: Tue, 23 Aug 2016 15:42:12 GMT
31Last-Modified: Fri, 09 Aug 2013 23:54:35 GMT
32Server: ECS (iad/18CB)
33Vary: Accept-Encoding
34X-Cache: HIT
35x-ec-custom-error: 1
36Content-Length: 1270
37
38
39----- END DATA -----
40
41READ/RECV    0.129967972        curl             12915  1270
42----- DATA -----
43<!doctype html>
44<html>
45<head>
46    <title>Example Domain</title>
47
48    <meta charset="utf-8" />
49    <meta http-equiv="Content-type" content="text/html; charset=utf-8" />
50    <meta name="viewport" content="width=device-width, initial-scale=1" />
51    <style type="text/css">
52    body {
53        background-color: #f0f0f2;
54        margin: 0;
55        padding: 0;
56        font-family: "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif;
57
58    }
59    div {
60        w
61----- END DATA (TRUNCATED, 798 bytes lost) -----
62
63
64
65
66USAGE message:
67
68usage: sslsniff.py [-h] [-p PID] [-c COMM] [-o] [-g] [-n] [-d]
69
70Sniff SSL data
71
72optional arguments:
73  -h, --help            show this help message and exit
74  -p PID, --pid PID     sniff this PID only.
75  -c COMM, --comm COMM  sniff only commands matching string.
76  -o, --no-openssl      do not show OpenSSL calls.
77  -g, --no-gnutls       do not show GnuTLS calls.
78  -n, --no-nss          do not show NSS calls.
79  -d, --debug           debug mode.
80
81examples:
82    ./sslsniff              # sniff OpenSSL and GnuTLS functions
83    ./sslsniff -p 181       # sniff PID 181 only
84    ./sslsniff -c curl      # sniff curl command only
85    ./sslsniff --no-openssl # don't show OpenSSL calls
86    ./sslsniff --no-gnutls  # don't show GnuTLS calls
87    ./sslsniff --no-nss     # don't show NSS calls
88