sslsniff_example.txt - Android社区 - https://www.androidos.net.cn/

Demonstrations of sslsniff.py


This tool traces the write/send and read/recv functions of OpenSSL,
GnuTLS and NSS.  Data passed to this functions is printed as plain
text.  Useful, for example, to sniff HTTP before encrypted with SSL.


Output of tool executing in other shell "curl https://example.com"

% sudo python sslsniff.py
FUNC         TIME(s)            COMM             PID    LEN   
WRITE/SEND   0.000000000        curl             12915  75    
----- DATA -----
GET / HTTP/1.1
Host: example.com
User-Agent: curl/7.50.1
Accept: */*


----- END DATA -----

READ/RECV    0.127144585        curl             12915  333   
----- DATA -----
HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: text/html
Date: Tue, 16 Aug 2016 15:42:12 GMT
Etag: "359670651+gzip+ident"
Expires: Tue, 23 Aug 2016 15:42:12 GMT
Last-Modified: Fri, 09 Aug 2013 23:54:35 GMT
Server: ECS (iad/18CB)
Vary: Accept-Encoding
X-Cache: HIT
x-ec-custom-error: 1
Content-Length: 1270


----- END DATA -----

READ/RECV    0.129967972        curl             12915  1270  
----- DATA -----
<!doctype html>
<html>
<head>
    <title>Example Domain</title>

    <meta charset="utf-8" />
    <meta http-equiv="Content-type" content="text/html; charset=utf-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1" />
    <style type="text/css">
    body {
        background-color: #f0f0f2;
        margin: 0;
        padding: 0;
        font-family: "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif;
        
    }
    div {
        w
----- END DATA (TRUNCATED, 798 bytes lost) -----




USAGE message:

usage: sslsniff.py [-h] [-p PID] [-c COMM] [-o] [-g] [-n] [-d]

Sniff SSL data

optional arguments:
  -h, --help            show this help message and exit
  -p PID, --pid PID     sniff this PID only.
  -c COMM, --comm COMM  sniff only commands matching string.
  -o, --no-openssl      do not show OpenSSL calls.
  -g, --no-gnutls       do not show GnuTLS calls.
  -n, --no-nss          do not show NSS calls.
  -d, --debug           debug mode.

examples:
    ./sslsniff              # sniff OpenSSL and GnuTLS functions
    ./sslsniff -p 181       # sniff PID 181 only
    ./sslsniff -c curl      # sniff curl command only
    ./sslsniff --no-openssl # don't show OpenSSL calls
    ./sslsniff --no-gnutls  # don't show GnuTLS calls
    ./sslsniff --no-nss     # don't show NSS calls