reformat code, add new option to manpage and usage in sslsniff_exampl…

…e.txt

man/man8/sslsniff.8

@@ -2,7 +2,7 @@
 .SH NAME
 sslsniff \- Print data passed to OpenSSL, GnuTLS or NSS. Uses Linux eBPF/bcc.
 .SH SYNOPSIS
-.B sslsniff [-h] [-p PID] [-c COMM] [-o] [-g] [-n] [-d]
+.B sslsniff [-h] [-p PID] [-c COMM] [-o] [-g] [-n] [-d] [--hexdump]
 .SH DESCRIPTION
 sslsniff prints data sent to write/send and read/recv functions of
 OpenSSL, GnuTLS and NSS, allowing us to read plain text content before

tools/sslsniff.py

@@ -46,7 +46,8 @@
                     help='debug mode.')
 parser.add_argument("--ebpf", action="store_true",
                     help=argparse.SUPPRESS)
-parser.add_argument("--hexdump", action="store_true", dest="hexdump", help="show data as hexdump instead of trying to decode it as UTF-8")
+parser.add_argument("--hexdump", action="store_true", dest="hexdump",
+                    help="show data as hexdump instead of trying to decode it as UTF-8")
 args = parser.parse_args()
 
 
@@ -213,9 +214,13 @@ def print_event(cpu, data, size, rw, evt):
                 " bytes lost) " + "-" * 5
 
     fmt = "%-12s %-18.9f %-16s %-6d %-6d\n%s\n%s\n%s\n\n"
+    if args.hexdump:
+        unwrapped_data = binascii.hexlify(event.v0)
+        data = textwrap.fill(unwrapped_data.decode('utf-8', 'replace'),width=32)
+    else:
+        data = event.v0.decode('utf-8', 'replace')
     print(fmt % (rw, time_s, event.comm.decode('utf-8', 'replace'),
-                 event.pid, event.len, s_mark,
-                 textwrap.fill(binascii.hexlify(event.v0).decode('utf-8', 'replace'),width=32) if args.hexdump else event.v0.decode('utf-8', 'replace'), e_mark))
+                 event.pid, event.len, s_mark, data, e_mark))
 
 b["perf_SSL_write"].open_perf_buffer(print_event_write)
 b["perf_SSL_read"].open_perf_buffer(print_event_read)

tools/sslsniff_example.txt

@@ -9,8 +9,8 @@ text.  Useful, for example, to sniff HTTP before encrypted with SSL.
 Output of tool executing in other shell "curl https://example.com"
 
 % sudo python sslsniff.py
-FUNC         TIME(s)            COMM             PID    LEN   
-WRITE/SEND   0.000000000        curl             12915  75    
+FUNC         TIME(s)            COMM             PID    LEN
+WRITE/SEND   0.000000000        curl             12915  75
 ----- DATA -----
 GET / HTTP/1.1
 Host: example.com
@@ -20,7 +20,7 @@ Accept: */*
 
 ----- END DATA -----
 
-READ/RECV    0.127144585        curl             12915  333   
+READ/RECV    0.127144585        curl             12915  333
 ----- DATA -----
 HTTP/1.1 200 OK
 Cache-Control: max-age=604800
@@ -38,7 +38,7 @@ Content-Length: 1270
 
 ----- END DATA -----
 
-READ/RECV    0.129967972        curl             12915  1270  
+READ/RECV    0.129967972        curl             12915  1270
 ----- DATA -----
 <!doctype html>
 <html>
@@ -54,7 +54,7 @@ READ/RECV    0.129967972        curl             12915  1270
         margin: 0;
         padding: 0;
         font-family: "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif;
-        
+
     }
     div {
         w
@@ -65,7 +65,7 @@ READ/RECV    0.129967972        curl             12915  1270
 
 USAGE message:
 
-usage: sslsniff.py [-h] [-p PID] [-c COMM] [-o] [-g] [-n] [-d]
+usage: sslsniff.py [-h] [-p PID] [-c COMM] [-o] [-g] [-n] [-d] [--hexdump]
 
 Sniff SSL data
 
@@ -77,6 +77,8 @@ optional arguments:
   -g, --no-gnutls       do not show GnuTLS calls.
   -n, --no-nss          do not show NSS calls.
   -d, --debug           debug mode.
+  --hexdump             show data as hexdump instead of trying to decode it as
+                        UTF-8
 
 examples:
     ./sslsniff              # sniff OpenSSL and GnuTLS functions
@@ -85,3 +87,4 @@ examples:
     ./sslsniff --no-openssl # don't show OpenSSL calls
     ./sslsniff --no-gnutls  # don't show GnuTLS calls
     ./sslsniff --no-nss     # don't show NSS calls
+    ./sslsniff --hexdump    # show data as hex instead of trying to decode it as UTF-8