Hi, I'm learning how to use bcc tools and to have a goal I was trying to read HTTP data before it gets encrypted, so, locally, I can read https traffic (actually, anything using openssl).
I have modified some examples found on the web and done this: https://gist.github.com/adrianlzt/260253376bbcd75265cf47332eda496e It works well for outgoing data, showing the request, but incoming data just shows the first line: % sudo python sniff_openssl.py TIME(s) COMM PID WRITE: 0.000000000 curl 27088 4 GET / HTTP/1.1 Host: google.es User-Agent: curl/7.50.1 Accept: */* READ: 0.041576303 curl 27088 4 C=US; O=Google Inc; CN=Google Internet Authority G2 I was trying to uderstant that happens behind bpf_probe_read function, but it goes deep in the kernel. Any idea? Thanks! Adrian P.S.: my real goal is try to decipher http2 requests, but I think is easy to begin with http1.1/SSL first.
_______________________________________________ iovisor-dev mailing list iovisor-dev@lists.iovisor.org https://lists.iovisor.org/mailman/listinfo/iovisor-dev