Do you have a need to analyze SSL traffic? Beginning with the wolfSSL 1.5.0 release, we have provided a build option allowing the wolfSSL embedded SSL library to be built with SSL Sniffer functionality. This means that you can collect SSL traffic packets and with the correct key file, are able to decrypt them as well. This could be useful for several reasons, including:
– Analyzing Network Problems
– Detecting network misuse by internal and external users
– Monitoring network usage and data in motion
– Debugging client/server communications
To enable sniffer support, build wolfSSL with the –enable-sniffer option on *nix or use the vcproj files on Windows. You will need to have pcap installed on *nix or WinPcap on Windows. There are five main sniffer functions which can be found in sniffer.h. They are listed below with a short description of each:
ssl_SetPrivateKey – Sets the private key for a specific server and port.
ssl_DecodePacket – Passes in a TCP/IP packet for decoding.
ssl_Trace – Enables / Disables debug tracing to the traceFile.
ssl_InitSniffer – Initialize the overall sniffer.
ssl_FreeSniffer – Free the overall sniffer.
To look at wolfSSL`s sniffer support and see a complete example, please see the “snifftest” app in the “ssSniffer/sslSnifferTest” folder from the wolfSSL download.
Keep in mind that because the encryption keys are setup in the SSL Handshake, the handshake needs to be decoded by the sniffer in order for future application data to be decoded. For example, if you are using “snifftest” with the wolfSSL example echoserver and echoclient, the snifftest application must be started before the handshake begins between the server and client.
If you have questions or would like more information, please contact email@example.com.