Man pages sections > man8 > sslsniff-bpfcc

sslsniff - Print data passed to OpenSSL. Uses Linux eBPF/bcc.

sslsniff(8) System Manager's Manual sslsniff(8)

NAME

sslsniff - Print data passed to OpenSSL. Uses Linux eBPF/bcc.

SYNOPSIS

sslsniff

DESCRIPTION

sslsniff prints data sent to SSL_write and SSL_read OpenSSL functions, allowing us to read plain text content before encryption (when writing) and after decryption (when reading).
 
This works reading the second parameter of both functions (*buf).
 
Since this uses BPF, only the root user can use this tool.

REQUIREMENTS

CONFIG_BPF and bcc.

EXAMPLES

Print all calls to SSL_write and SSL_read system-wide:
# sslsniff

FIELDS

FUNC
Which function is being called (SSL_write or SSL_read)
TIME
Time of the command, in seconds.
COMM
Entered command.
PID
Process ID calling OpenSSL.
LEN
Bytes written or read by OpenSSL functions.

SOURCE

This is from bcc.
https://github.com/iovisor/bcc
Also look in the bcc distribution for a companion _examples.txt file containing example usage, output, and commentary for this tool.

OS

Linux

STABILITY

Unstable - in development.

AUTHORS

Adrian Lopez and Mark Drayton

SEE ALSO

trace(8)
2016-08-16 USER COMMANDS