NAME

       sslsniff - Print data passed to OpenSSL. Uses Linux eBPF/bcc.

SYNOPSIS

       sslsniff

DESCRIPTION

       sslsniff  prints  data  sent  to SSL_write and SSL_read OpenSSL functions, allowing us to read plain text
       content before encryption (when writing) and after decryption (when reading).

       This works reading the second parameter of both functions (*buf).

       Since this uses BPF, only the root user can use this tool.

REQUIREMENTS

       CONFIG_BPF and bcc.

EXAMPLES

       Print all calls to SSL_write and SSL_read system-wide:
              # sslsniff

FIELDS

       FUNC   Which function is being called (SSL_write or SSL_read)

       TIME   Time of the command, in seconds.

       COMM   Entered command.

       PID    Process ID calling OpenSSL.

       LEN    Bytes written or read by OpenSSL functions.

SOURCE

       This is from bcc.

              https://github.com/iovisor/bcc

       Also look in the bcc distribution for a companion _examples.txt file containing  example  usage,  output,
       and commentary for this tool.

OS

       Linux

STABILITY

       Unstable - in development.

AUTHORS

       Adrian Lopez and Mark Drayton

SEE ALSO

       trace(8)

USER COMMANDS                                      2016-08-16                                        sslsniff(8)