一,工具简介
sslsniff工具可以用来追踪OpenSSL、GnuTLS和NSS的写入/发送和读取/接收函数。传递给这些函数的数据会以纯文本的形式打印出来。也就是用于捕获和分析 SSL/TLS 加密的网络流量。
二,代码示例
#!/usr/bin/env python
from __future__ import print_function
from bcc import BPF
import argparse
import binascii
import textwrap
import os.path
# 参数
examples = """examples:
./sslsniff # sniff OpenSSL and GnuTLS functions
./sslsniff -p 181 # sniff PID 181 only
./sslsniff -u 1000 # sniff only UID 1000
./sslsniff -c curl # sniff curl command only
./sslsniff --no-openssl # don't show OpenSSL calls
./sslsniff --no-gnutls # don't show GnuTLS calls
./sslsniff --no-nss # don't show NSS calls
./sslsniff --hexdump # show data as hex instead of trying to decode it as UTF-8
./sslsniff -x # show process UID and TID
./sslsniff -l # show function latency
./sslsniff -l --handshake # show SSL handshake latency