]>
Commit | Line | Data |
---|---|---|
781c0b1d | 1 | diff -Nur ssldump-0.9b3.org/base/pcap-snoop.c ssldump-0.9b3/base/pcap-snoop.c |
2 | --- ssldump-0.9b3.org/base/pcap-snoop.c 2002-09-09 21:02:58.000000000 +0000 | |
3 | +++ ssldump-0.9b3/base/pcap-snoop.c 2006-05-07 15:28:09.598568500 +0000 | |
4 | @@ -206,7 +206,7 @@ | |
5 | ||
6 | signal(SIGINT,sig_handler); | |
7 | ||
8 | - while((c=getopt(argc,argv,"vr:f:S:Ttai:k:p:nsAxXhHVNdqem:P"))!=EOF){ | |
9 | + while((c=getopt(argc,argv,"vr:f:S:yTtai:k:p:nsAxXhHVNdqem:P"))!=EOF){ | |
10 | switch(c){ | |
11 | case 'v': | |
12 | print_version(); | |
13 | @@ -260,7 +260,7 @@ | |
14 | break; | |
15 | case 'h': | |
16 | usage(); | |
17 | - printf("Do 'man ssldump' for documentation\n"); | |
18 | + printf("Do 'man 1 ssldump' for documentation\n"); | |
19 | exit(1); | |
20 | ||
21 | case '?': | |
22 | diff -Nur ssldump-0.9b3.org/ssl/ssl_analyze.c ssldump-0.9b3/ssl/ssl_analyze.c | |
23 | --- ssldump-0.9b3.org/ssl/ssl_analyze.c 2002-01-21 18:46:13.000000000 +0000 | |
24 | +++ ssldump-0.9b3/ssl/ssl_analyze.c 2006-05-07 15:28:09.594568250 +0000 | |
25 | @@ -133,7 +133,7 @@ | |
26 | SSL_PRINT_DECODE | |
27 | }, | |
28 | { | |
29 | - 0, | |
30 | + 'y', | |
31 | "nroff", | |
32 | SSL_PRINT_NROFF | |
33 | }, | |
34 | diff -Nur ssldump-0.9b3.org/ssl/ssldecode.c ssldump-0.9b3/ssl/ssldecode.c | |
35 | --- ssldump-0.9b3.org/ssl/ssldecode.c 2002-08-17 01:33:17.000000000 +0000 | |
36 | +++ ssldump-0.9b3/ssl/ssldecode.c 2006-05-07 15:28:09.598568500 +0000 | |
37 | @@ -51,6 +51,7 @@ | |
38 | #include <openssl/ssl.h> | |
39 | #include <openssl/hmac.h> | |
40 | #include <openssl/evp.h> | |
41 | +#include <openssl/md5.h> | |
42 | #include <openssl/x509v3.h> | |
43 | #endif | |
44 | #include "ssldecode.h" | |
45 | @@ -131,7 +132,8 @@ | |
46 | ssl_decode_ctx *d=0; | |
47 | int r,_status; | |
48 | ||
49 | - SSLeay_add_all_algorithms(); | |
50 | + SSL_library_init(); | |
51 | + OpenSSL_add_all_algorithms(); | |
52 | if(!(d=(ssl_decode_ctx *)malloc(sizeof(ssl_decode_ctx)))) | |
53 | ABORT(R_NO_MEMORY); | |
54 | if(!(d->ssl_ctx=SSL_CTX_new(SSLv23_server_method()))) | |
55 | diff -Nur ssldump-0.9b3.org/ssldump.1 ssldump-0.9b3/ssldump.1 | |
56 | --- ssldump-0.9b3.org/ssldump.1 2002-08-12 23:46:53.000000000 +0000 | |
57 | +++ ssldump-0.9b3/ssldump.1 2006-05-07 15:28:09.598568500 +0000 | |
58 | @@ -61,12 +61,9 @@ | |
59 | .na | |
60 | .B ssldump | |
61 | [ | |
62 | -.B \-vtaTnsAxXhHVNdq | |
63 | +.B \-vTshVq | |
64 | +.B \-aAdeHnNqTxXvy | |
65 | ] [ | |
66 | -.B \-r | |
67 | -.I dumpfile | |
68 | -] | |
69 | -[ | |
70 | .B \-i | |
71 | .I interface | |
72 | ] | |
73 | @@ -81,6 +78,16 @@ | |
74 | .I password | |
75 | ] | |
76 | [ | |
77 | +.B \-r | |
78 | +.I dumpfile | |
79 | +] | |
80 | +.br | |
81 | +.ti +8 | |
82 | +[ | |
83 | +.B \-S | |
84 | +.RI [\| crypto \||\| d \||\| ht \||\| H \||\| nroff \|] | |
85 | +] | |
86 | +[ | |
87 | .I expression | |
88 | ] | |
89 | .br | |
90 | @@ -125,6 +132,7 @@ | |
91 | You must have read access to | |
92 | .IR /dev/bpf* . | |
93 | .SH OPTIONS | |
94 | +.TP | |
95 | .B \-a | |
96 | Print bare TCP ACKs (useful for observing Nagle behavior) | |
97 | .TP | |
98 | @@ -135,7 +143,7 @@ | |
99 | .B \-d | |
100 | Display the application data traffic. This usually means | |
101 | decrypting it, but when -d is used ssldump will also decode | |
102 | -application data traffic _before_ the SSL session initiates. | |
103 | +application data traffic \fIbefore\fP the SSL session initiates. | |
104 | This allows you to see HTTPS CONNECT behavior as well as | |
105 | SMTP STARTTLS. As a side effect, since ssldump can't tell | |
106 | whether plaintext is traffic before the initiation of an | |
107 | @@ -148,18 +156,9 @@ | |
108 | .B \-e | |
109 | Print absolute timestamps instead of relative timestamps | |
110 | .TP | |
111 | -.B \-r | |
112 | -Read data from \fIfile\fP instead of from the network. | |
113 | -The old -f option still works but is deprecated and will | |
114 | -probably be removed with the next version. | |
115 | .B \-H | |
116 | Print the full SSL packet header. | |
117 | .TP | |
118 | -.B \-k | |
119 | -Use \fIkeyfile\fP as the location of the SSL keyfile (OpenSSL format) | |
120 | -Previous versions of ssldump automatically looked in ./server.pem. | |
121 | -Now you must specify your keyfile every time. | |
122 | -.TP | |
123 | .B \-n | |
124 | Don't try to resolve host names from IP addresses | |
125 | .TP | |
126 | @@ -176,6 +175,12 @@ | |
127 | .B \-q | |
128 | Don't decode any record fields beyond a single summary line. (quiet mode). | |
129 | .TP | |
130 | +.B \-T | |
131 | +Print the TCP headers. | |
132 | +.TP | |
133 | +.B \-v | |
134 | +Display version and copyright information. | |
135 | +.TP | |
136 | .B \-x | |
137 | Print each record in hex, as well as decoding it. | |
138 | .TP | |
139 | @@ -183,13 +188,48 @@ | |
140 | When the -d option is used, binary data is automatically printed | |
141 | in two columns with a hex dump on the left and the printable characters | |
142 | on the right. -X suppresses the display of the printable characters, | |
143 | -thus making it easier to cut and paste the hext data into some other | |
144 | +thus making it easier to cut and paste the hex data into some other | |
145 | program. | |
146 | +.TP | |
147 | .B \-y | |
148 | -Decorate the output for processing with troff. Not very | |
149 | +Decorate the output for processing with nroff/troff. Not very | |
150 | useful for the average user. | |
151 | .TP | |
152 | -.IP "\fI expression\fP" | |
153 | +.BI \-i " interface" | |
154 | +Use \fIinterface\fP as the network interface on which to sniff SSL/TLS | |
155 | +traffic. | |
156 | +.TP | |
157 | +.BI \-k " keyfile" | |
158 | +Use \fIkeyfile\fP as the location of the SSL keyfile (OpenSSL format) | |
159 | +Previous versions of ssldump automatically looked in ./server.pem. | |
160 | +Now you must specify your keyfile every time. | |
161 | +.TP | |
162 | +.BI \-p " password" | |
163 | +Use \fIpassword\fP as the SSL keyfile password. | |
164 | +.TP | |
165 | +.BI \-r " file" | |
166 | +Read data from \fIfile\fP instead of from the network. | |
167 | +The old -f option still works but is deprecated and will | |
168 | +probably be removed with the next version. | |
169 | +.TP | |
170 | +.BI \-S " [ " crypto " | " d " | " ht " | " H " ]" | |
171 | +Specify SSL flags to ssldump. These flags include: | |
172 | +.RS | |
173 | +.TP | |
174 | +.I crypto | |
175 | +Print cryptographic information. | |
176 | +.TP | |
177 | +.I d | |
178 | +Print fields as decoded. | |
179 | +.TP | |
180 | +.I ht | |
181 | +Print the handshake type. | |
182 | +.TP | |
183 | +.I H | |
184 | +Print handshake type and highlights. | |
185 | +.RE | |
186 | +.TP | |
187 | +\fIexpression\fP | |
188 | .RS | |
189 | Selects what packets ssldump will examine. Technically speaking, | |
190 | ssldump supports the full expression syntax from PCAP and tcpdump. | |
191 | @@ -200,7 +240,7 @@ | |
192 | don't result in incomplete TCP streams are listed here. | |
193 | .LP | |
194 | The \fIexpression\fP consists of one or more | |
195 | -.I primitives. | |
196 | +.IR primitives . | |
197 | Primitives usually consist of an | |
198 | .I id | |
199 | (name or number) preceded by one or more qualifiers. There are three | |
200 | @@ -512,5 +552,11 @@ | |
201 | .LP | |
202 | ssldump doesn't implement session caching and therefore can't decrypt | |
203 | resumed sessions. | |
204 | - | |
205 | - | |
206 | +.LP | |
207 | +.SH SEE ALSO | |
208 | +.LP | |
209 | +.BR tcpdump (1) | |
210 | +.LP | |
211 | +.SH AUTHOR | |
212 | +.LP | |
213 | +ssldump was written by Eric Rescorla <ekr@rtfm.com>. |