Ubuntu Manpage: sslsniff - Print data passed to OpenSSL. Uses Linux eBPF/bcc.

Provided by: bpfcc-tools_0.5.0-5ubuntu1_all

NAME

       sslsniff - Print data passed to OpenSSL. Uses Linux eBPF/bcc.

SYNOPSIS

       sslsniff

DESCRIPTION

       sslsniff prints data sent to SSL_write and SSL_read OpenSSL functions, allowing us to read
       plain text content before encryption (when writing) and after decryption (when reading).

       This works reading the second parameter of both functions (*buf).

       Since this uses BPF, only the root user can use this tool.

REQUIREMENTS

       CONFIG_BPF and bcc.

EXAMPLES

       Print all calls to SSL_write and SSL_read system-wide:
              # sslsniff

FIELDS

       FUNC   Which function is being called (SSL_write or SSL_read)

       TIME   Time of the command, in seconds.

       COMM   Entered command.

       PID    Process ID calling OpenSSL.

       LEN    Bytes written or read by OpenSSL functions.

SOURCE

       This is from bcc.

              https://github.com/iovisor/bcc

       Also look in the bcc distribution for a companion _examples.txt  file  containing  example
       usage, output, and commentary for this tool.

OS

       Linux

STABILITY

       Unstable - in development.

AUTHORS

       Adrian Lopez and Mark Drayton

NAME

SYNOPSIS

DESCRIPTION

REQUIREMENTS

EXAMPLES

FIELDS

SOURCE

OS

STABILITY

AUTHORS

SEE ALSO