blob: 8973e00857132028f6385b670da55f0bf22df12f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
|
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<refentry>
<refentryinfo>
<date>August 2010</date>
<refentrytitle>ssltap</refentrytitle>
<manvolnum>1</manvolnum>
</refentryinfo>
<refnamediv>
<refname>ssltap</refname>
<refpurpose>Export and import keys and certificate to or from a PKCS #12 file and the NSS database</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>ssltap</command>
<arg>[-vhfsxl] [-p <replaceable>port</replaceable>] <replaceable>hostname:port</replaceable></arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsection id="description">
<title>Description</title>
<para><command>ssltap</command> is an SSL-aware command-line proxy. It watches TCP connections and displays the data going by. If a connection is SSL, the data display includes interpreted SSL records and handshaking</para>
</refsection>
<refsection id="options">
<title>Options</title>
<variablelist>
<varlistentry>
<term>-v </term>
<listitem><para>Print a version string for the tool.</para></listitem>
</varlistentry>
<varlistentry>
<term>-h </term>
<listitem><para>
Turn on hex/ASCII printing. Instead of outputting raw data, the command interprets each record as a numbered line of hex values, followed by the same data as ASCII characters. The two parts are separated by a vertical bar. Nonprinting characters are replaced by dots.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-f </term>
<listitem><para>
Turn on fancy printing. Output is printed in colored HTML. Data sent from the client to the server is in blue; the server's reply is in red. When used with looping mode, the different connections are separated with horizontal lines. You can use this option to upload the output into a browser.
</para></listitem>
</varlistentry>
<varlistentry><term>-s </term>
<listitem>
<para>
Turn on SSL parsing and decoding. The tool does not automatically detect SSL sessions. If you are intercepting an SSL connection, use this option so that the tool can detect and decode SSL structures.
</para>
<para>
If the tool detects a certificate chain, it saves the DER-encoded certificates into files in the current directory. The files are named cert.0x, where x is the sequence number of the certificate.
</para>
<para>
If the -s option is used with -h, two separate parts are printed for each record: the plain hex/ASCII output, and the parsed SSL output.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-x </term>
<listitem>
<para>
Turn on hex/ASCII printing of undecoded data inside parsed SSL records. Used only with the -s option.
This option uses the same output format as the -h option.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-l prefix</term>
<listitem>
<para>
Turn on looping; that is, continue to accept connections rather than stopping after the first connection is complete.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-p port</term>
<listitem>
<para>Change the default rendezvous port (1924) to another port.</para>
<para>The following are well-known port numbers:</para>
</listitem>
</varlistentry>
</variablelist>
</refsection>
</refentry>
|
