From 36d22d82aa202bb199967e9512281e9a53db42c9 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 21:33:14 +0200 Subject: Adding upstream version 115.7.0esr. Signed-off-by: Daniel Baumann --- security/nss/cmd/ssltap/ssltap-manual.html | 170 +++++++++++++++++++++++++++++ 1 file changed, 170 insertions(+) create mode 100644 security/nss/cmd/ssltap/ssltap-manual.html (limited to 'security/nss/cmd/ssltap/ssltap-manual.html') diff --git a/security/nss/cmd/ssltap/ssltap-manual.html b/security/nss/cmd/ssltap/ssltap-manual.html new file mode 100644 index 0000000000..619c93f8cd --- /dev/null +++ b/security/nss/cmd/ssltap/ssltap-manual.html @@ -0,0 +1,170 @@ + + + + + + + SSLTap - manual + + + +

+SSLTap Manual page

+ +

+Summary

+A command-line proxy which is SSL-aware. It snoops on TCP connections, +and displays the data going by, including SSL records and handshaking +if the connection is SSL. +

+Synopsis

+ssltap [-vhfsxl] [-p port] hostname:port + +

   -v      [prints version string] +
   -h      [outputs hex instead +of ASCII] +
   -f      [turn on Fancy HTML +coloring] +
   -s      [turn on SSL decoding] +
   -x      [turn on extra SSL +hex dumps] +
   -p port [specify rendezvous port (default 1924)] +
   -l      [loop - continue +to wait for more connections] +

+Description

+SSLTap opens a socket on a rendezvous port, and waits for an incoming connection +(client side). Once this connection arrives, SSLTap makes another connection +to hostname:port (server side). It passes any data sent by the client to +the server, and vice versa. However, SSLTap will also display the data +to the console. It can do this for plain HTTP connections, or any TCP protocol. +However, SSLTap can also work with SSL streams, as detailed below. + +

Let's assume your development machine is called 'intercept'. The simplest +usage of SSLTap is to run the command 'ssltap www.netscape.com:80' +on intercept. The program will wait for an incoming connection on port +1924. Next you would want to go to your browser, and enter the URL http://intercept:1924. +The page retrieved by the browser will actually be gotten from the server +at www.netscape.com, but will go via SSLTap. + +

Data sent from the client to the server is surrounded by a '--> [ ]' +symbol, and data sent from the server to the client, a '<---[ +]' symbol. + +

You'll notice that the page retrieved with this example looks incomplete. +This is because SSLTap by default closes down after the first connection +is complete, so the browser is not able to load images. To make the SSLTap +continue to accept connections, switch on looping mode with the -l option. + +

You can change the default rendezvous port to something else with the +-p option. + +

The remaining options change the way the output is produced. + +

The -f option prints 'fancy' output - in colored HTML. Data sent from +the client to the server is in blue. The server's reply is in red. This +is designed so you can load the output up into a browser. When used with +looping mode, the different connections are separated with horizontal lines. + +

-x will turn on HEX printing. Instead of being output as ascii, the +data is shown as Hex, like this: +

<-- [

0: 56 d5 16 3e a1 6b b1 4a 8f 67 c4 d7 +21 2f 6f dd | V..>.k.J.g..!/o.

10: bb 22 c4 75 8c f4 ce 28 16 a6 20 aa +fb 9a 59 a1 | .".u...(.. ...Y.

20: 51 91 14 d2 fc 9f a7 ea 4d 9c f7 3a +9d 83 62 4a | Q.......M..:..bJ

]

+ +

+SSL Parse mode

+The following options deal with SSL connections. +

+The following SSL3 Data structures are parsed: Handshake, ClientHello, +ServerHello, CertificateChain, Certificate. In addition, SSL2 ClientHello, +ServerHello, ClientMasterKey are also partly parsed. NO DECRYPTION IS PERFORMED +ON THE DATA. SSLTAP CANNOT DECRYPT the data. + +

If a certificate chain is detected, DER-encoded certificates will be +saved into files in the current directory called 'cert.0x' where x is the +sequence number of the certificate. +
+

+Operation Hints

+Often, you'll find that the server certificate does not get transferred, +or other parts of the handshake do not happen. This is because the browser +is taking advantage of session-id-reuse (using the handshake results from +a previous session). If you restart the browser, it'll clear the session +id cache. + +

If you run the ssltap on a different machine that the ssl server you're +trying to connect to, the browser will complain that the host name you're +trying to connect to is different to the certificate, but it will still +let you connect, after showing you a dialog. +

+Bugs

+Please contact ssltap-support@netscape.com +for bug reports. +

+History

+2.1 - First public release (March 1998) +
+

+Other

+For reference, here is a table of some well-known port numbers: +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

HTTP	80
SMTP	25
HTTPS	443
FTP	21
IMAPS	993
NNTP	119
NNTPS	563

+ + +

+ + -- cgit v1.2.3