一，工具简介

sslsniff工具可以用来追踪OpenSSL、GnuTLS和NSS的写入/发送和读取/接收函数。传递给这些函数的数据会以纯文本的形式打印出来。也就是用于捕获和分析 SSL/TLS 加密的网络流量。

二，代码示例

#!/usr/bin/env python

from __future__ import print_function
from bcc import BPF
import argparse
import binascii
import textwrap
import os.path

# 参数
examples = """examples:
    ./sslsniff              # sniff OpenSSL and GnuTLS functions
    ./sslsniff -p 181       # sniff PID 181 only
    ./sslsniff -u 1000      # sniff only UID 1000
    ./sslsniff -c curl      # sniff curl command only
    ./sslsniff --no-openssl # don't show OpenSSL calls
    ./sslsniff --no-gnutls  # don't show GnuTLS calls
    ./sslsniff --no-nss     # don't show NSS calls
    ./sslsniff --hexdump    # show data as hex instead of trying to decode it as UTF-8
    ./sslsniff -x           # show process UID and TID
    ./sslsniff -l           # show function latency
    ./sslsniff -l --handshake  # show SSL handshake latency