forked from iovisor/bcc
-
Notifications
You must be signed in to change notification settings - Fork 1
/
sslsniff.8
51 lines (49 loc) · 1.11 KB
/
sslsniff.8
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
.TH sslsniff 8 "2016-08-16" "USER COMMANDS"
.SH NAME
sslsniff \- Print data passed to OpenSSL. Uses Linux eBPF/bcc.
.SH SYNOPSIS
.B sslsniff
.SH DESCRIPTION
sslsniff prints data sent to SSL_write and SSL_read OpenSSL functions, allowing
us to read plain text content before encryption (when writing) and after
decryption (when reading).
This works reading the second parameter of both functions (*buf).
Since this uses BPF, only the root user can use this tool.
.SH REQUIREMENTS
CONFIG_BPF and bcc.
.SH EXAMPLES
.TP
Print all calls to SSL_write and SSL_read system-wide:
#
.B sslsniff
.SH FIELDS
.TP
FUNC
Which function is being called (SSL_write or SSL_read)
.TP
TIME
Time of the command, in seconds.
.TP
COMM
Entered command.
.TP
PID
Process ID calling OpenSSL.
.TP
LEN
Bytes written or read by OpenSSL functions.
.SH SOURCE
This is from bcc.
.IP
https://github.com/iovisor/bcc
.PP
Also look in the bcc distribution for a companion _examples.txt file containing
example usage, output, and commentary for this tool.
.SH OS
Linux
.SH STABILITY
Unstable - in development.
.SH AUTHORS
Adrian Lopez and Mark Drayton
.SH SEE ALSO
trace(8)