Skip to content

SebastienWae/sslsnoop

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
src
src
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
build.rs
build.rs
 
 

Repository files navigation

sslsnoop

sslsnoop is a program that intercepts SSL content using eBPF to trace SSL libraries. It can be used to monitor SSL traffic of a specific process or all processes on the system.

Features

  • Support OpenSSL
  • Support GNUTLS
  • Handle statically linked libraries
  • Filter by PID
  • Filter by process name

How It Works

Using eBPF uprobes, sslsnoop can intercept SSL content before it is encrypted and sent or after it is received and decrypted. For example by attaching to the SSL_write function of OpenSSL, sslsnoop can access data before it is encrypted and sent.

Setup and Usage

Prerequisites

Installation

git clone https://github.com/sebastienwae/sslsnoop.git
cd sslsnoop
cargo build --release

Usage

sudo ./target/release/sslsnoop

About

Intercept SSL content using eBPF

Topics

ssl ebpf libbpf

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Languages