Dumps the live traffic of an ssl-encrypted stream with sslsnoop 0.6
Works if scapy doesn’t drop packets. using pcap instead of SOCK_RAW helps a lot now.
Works better on interactive traffic with slow traffic.
Dumps one file by fd in outputs/
Attaching a process is quickier with –addr 0xb788aa98 as provided by abouchet.py
INFO:abouchet:found instance < class ‘ctypes_openssh.session_state’ > @ 0xb788aa98
sudo python finder.py # try ssh, sshd and ssh-agent…
sudo python openssh.py `pgrep ssh`
sudo python openssh.py `pgrep ssh` –server # for sshd
sudo python openssl.py `pgrep ssh-agent` # dump RSA and DSA keys
and go and check outputs/ :