1Demonstrations of sslsniff.py 2 3 4This tool traces the write/send and read/recv functions of OpenSSL, 5GnuTLS and NSS. Data passed to this functions is printed as plain 6text. Useful, for example, to sniff HTTP before encrypted with SSL. 7 8 9Output of tool executing in other shell "curl https://example.com" 10 11% sudo python sslsniff.py 12FUNC TIME(s) COMM PID LEN 13WRITE/SEND 0.000000000 curl 12915 75 14----- DATA ----- 15GET / HTTP/1.1 16Host: example.com 17User-Agent: curl/7.50.1 18Accept: */* 19 20 21----- END DATA ----- 22 23READ/RECV 0.127144585 curl 12915 333 24----- DATA ----- 25HTTP/1.1 200 OK 26Cache-Control: max-age=604800 27Content-Type: text/html 28Date: Tue, 16 Aug 2016 15:42:12 GMT 29Etag: "359670651+gzip+ident" 30Expires: Tue, 23 Aug 2016 15:42:12 GMT 31Last-Modified: Fri, 09 Aug 2013 23:54:35 GMT 32Server: ECS (iad/18CB) 33Vary: Accept-Encoding 34X-Cache: HIT 35x-ec-custom-error: 1 36Content-Length: 1270 37 38 39----- END DATA ----- 40 41READ/RECV 0.129967972 curl 12915 1270 42----- DATA ----- 43<!doctype html> 44<html> 45<head> 46 <title>Example Domain</title> 47 48 <meta charset="utf-8" /> 49 <meta http-equiv="Content-type" content="text/html; charset=utf-8" /> 50 <meta name="viewport" content="width=device-width, initial-scale=1" /> 51 <style type="text/css"> 52 body { 53 background-color: #f0f0f2; 54 margin: 0; 55 padding: 0; 56 font-family: "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif; 57 58 } 59 div { 60 w 61----- END DATA (TRUNCATED, 798 bytes lost) ----- 62 63 64 65 66USAGE message: 67 68usage: sslsniff.py [-h] [-p PID] [-c COMM] [-o] [-g] [-n] [-d] 69 70Sniff SSL data 71 72optional arguments: 73 -h, --help show this help message and exit 74 -p PID, --pid PID sniff this PID only. 75 -c COMM, --comm COMM sniff only commands matching string. 76 -o, --no-openssl do not show OpenSSL calls. 77 -g, --no-gnutls do not show GnuTLS calls. 78 -n, --no-nss do not show NSS calls. 79 -d, --debug debug mode. 80 81examples: 82 ./sslsniff # sniff OpenSSL and GnuTLS functions 83 ./sslsniff -p 181 # sniff PID 181 only 84 ./sslsniff -c curl # sniff curl command only 85 ./sslsniff --no-openssl # don't show OpenSSL calls 86 ./sslsniff --no-gnutls # don't show GnuTLS calls 87 ./sslsniff --no-nss # don't show NSS calls 88