The SSL-trace tool is a sample application that comes with the 1.0.3 release of the
DSSL library. DSSL is an open-source library for decrypting SSL traffic and is provided
by SSL-Tech. The provided sample
ssltrace dumps decrypted chunks to the standard output. For the WebTap
application to reassemble the chunks into HTTP streams, additional information about
each decrypted chunk is needed (specifically: to what connection does the chunk belong).
Therefore I created a small modifed version of the
ssltrace tool that
additionaly dumps out client address, port and server address and port to standard
The DSSL sources of release 1.0.3, including the modified
application are provided here:
I will outline the process of building the
ssltrace tool in the following.
In order to build
ssltrace, you need to get the above sources and have a
development environment installed (that is c-compiler, libc-headers, etc.).
Most important you need to have the libpcap and openssl libraries as
well as their headers available on your systems.
- Preparing your environment
ssltracerelies on the packet-capture library libpcap you need to have this available on your systems. As you are going to compile tcpick we also need to have the library's header files available.
For the same reason, you also need to have openssl and its headers on your system, as the DSSL library uses openssl for decryption and key-handling. On Debian or Ubuntu systems, these libraries can quickly by installed using
sudo apt-get install libpcap0.7 libpcap0.7-dev libssl0.9.7 libssl-dev
This will install the libraries (libpcap0.7, libssl0.9.7) as well as the header files (libpcap0.7-dev, libssl-dev).
- Getting the Source
The source of DSSL are available from SSL-Tech. For getting
ssltraceto work with DSSL you need the modified sources available at
wget http://www.jwall.org/web/tap/dssl-1.0.3-chris.tar.gzAlternatively, you may simply use the original sources and apply the ssltrace-patch:
- Configuring and Compiling DSSL and SSL-Trace
Compiling the DSSL library is straigt forwared. Just run the provided
configureskript and compile the library and the tools using
./configure make make install # optionalAs for the last
make install: this is optional, though recommended. You don't need to install
ssltraceright now. For trying out the WebTap you may simply start
ssltracefrom its source-directory.
Running ssltrace & WebTap
After you successfully built, you can start auditing SSL encrypted streams by starting
ssltrace and piping its output to the WebTap monitoras shown in the following
line (all in one line):
ssltrace -i eth0 -ip <server-ip> -port 443 -key /path/to/server.key | \ java -jar org.jwall.web.tap-0.4.8.jar -o /path/to/log-directory -type ssl
Note that for decrypting an SSL stream you need to have the server's private key
available. Also note the
-t ssl option given to the WebTap above, which
selects the WebTap's SSLTrace input handler to be used for parsing.
Windows: As there is a Windows version of the DSSL library available at SSL-Tech, auditing https-streams should also be possible on Windows systems. However, in lack of a development environment for Windows I cannot prove/test/provide a Windows binary.