diff options
author | Birunthan Mohanathas <birunthan@mohanathas.com> | 2014-06-24 18:52:13 -0700 |
---|---|---|
committer | Birunthan Mohanathas <birunthan@mohanathas.com> | 2014-06-24 18:52:13 -0700 |
commit | b622199c3866f9a1f0206054ade6ac2a25425265 (patch) | |
tree | fe9890a0a9cd06a066261bfc8d5148b0d737f71d /cmd/ssltap | |
parent | 6f966a165459db56ef0fcb32c1c1cd9190e73a5a (diff) | |
download | nss-hg-b622199c3866f9a1f0206054ade6ac2a25425265.tar.gz |
Bug 1016240: Exterminate CR+LF line endings in NSS. r=wtc.
Diffstat (limited to 'cmd/ssltap')
-rw-r--r-- | cmd/ssltap/ssltap-manual.html | 340 |
1 files changed, 170 insertions, 170 deletions
diff --git a/cmd/ssltap/ssltap-manual.html b/cmd/ssltap/ssltap-manual.html index 59412351d..619c93f8c 100644 --- a/cmd/ssltap/ssltap-manual.html +++ b/cmd/ssltap/ssltap-manual.html @@ -1,170 +1,170 @@ -<HTML>
-<!-- This Source Code Form is subject to the terms of the Mozilla Public
- - License, v. 2.0. If a copy of the MPL was not distributed with this
- - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
-<HEAD>
- <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
- <META NAME="GENERATOR" CONTENT="Mozilla/4.05 [en] (WinNT; U) [Netscape]">
- <META NAME="Author" CONTENT="Steve Parkinson">
- <TITLE>SSLTap - manual</TITLE>
-</HEAD>
-<BODY>
-
-<H1>
-SSLTap Manual page</H1>
-
-<H3>
-Summary</H3>
-A command-line proxy which is SSL-aware. It snoops on TCP connections,
-and displays the data going by, including SSL records and handshaking
-if the connection is SSL.
-<H3>
-Synopsis</H3>
-<TT>ssltap [-vhfsxl] [-p port] hostname:port</TT>
-
-<P><TT> -v [prints version string]</TT>
-<BR><TT> -h [outputs hex instead
-of ASCII]</TT>
-<BR><TT> -f [turn on Fancy HTML
-coloring]</TT>
-<BR><TT> -s [turn on SSL decoding]</TT>
-<BR><TT> -x [turn on extra SSL
-hex dumps]</TT>
-<BR><TT> -p port [specify rendezvous port (default 1924)]</TT>
-<BR><TT> -l [loop - continue
-to wait for more connections]</TT>
-<H3>
-Description</H3>
-SSLTap opens a socket on a rendezvous port, and waits for an incoming connection
-(client side). Once this connection arrives, SSLTap makes another connection
-to hostname:port (server side). It passes any data sent by the client to
-the server, and vice versa. However, SSLTap will also display the data
-to the console. It can do this for plain HTTP connections, or any TCP protocol.
-However, SSLTap can also work with SSL streams, as detailed below.
-
-<P>Let's assume your development machine is called 'intercept'. The simplest
-usage of SSLTap is to run the command <TT>'ssltap www.netscape.com:80'</TT>
-on intercept. The program will wait for an incoming connection on port
-1924. Next you would want to go to your browser, and enter the URL http://intercept:1924.
-The page retrieved by the browser will actually be gotten from the server
-at www.netscape.com, but will go via SSLTap.
-
-<P>Data sent from the client to the server is surrounded by a '--> [ ]'
-symbol, and data sent from the server to the client, a '<---[
-]' symbol.
-
-<P>You'll notice that the page retrieved with this example looks incomplete.
-This is because SSLTap by default closes down after the first connection
-is complete, so the browser is not able to load images. To make the SSLTap
-continue to accept connections, switch on looping mode with the -l option.
-
-<P>You can change the default rendezvous port to something else with the
--p option.
-
-<P>The remaining options change the way the output is produced.
-
-<P>The -f option prints 'fancy' output - in colored HTML. Data sent from
-the client to the server is in blue. The server's reply is in red. This
-is designed so you can load the output up into a browser. When used with
-looping mode, the different connections are separated with horizontal lines.
-
-<P>-x will turn on HEX printing. Instead of being output as ascii, the
-data is shown as Hex, like this:
-<UL><TT><-- [</TT>
-<BR><TT> 0: 56 d5 16 3e a1 6b b1 4a 8f 67 c4 d7
-21 2f 6f dd | V..>.k.J.g..!/o.</TT>
-<BR><TT> 10: bb 22 c4 75 8c f4 ce 28 16 a6 20 aa
-fb 9a 59 a1 | .".u...(.. ...Y.</TT>
-<BR><TT> 20: 51 91 14 d2 fc 9f a7 ea 4d 9c f7 3a
-9d 83 62 4a | Q.......M..:..bJ</TT>
-<BR><TT>]</TT>
-<BR> </UL>
-
-<H4>
-SSL Parse mode</H4>
-The following options deal with SSL connections.
-<UL>-s will turn on SSL parsing. (SSLTap doesn't automatically detect SSL
-sessions.)
-<BR>-x will turn on extra SSL hexdumps. Mostly, if SSL can decode the data,
-it doesn't display the hex.</UL>
-The following SSL3 Data structures are parsed: Handshake, ClientHello,
-ServerHello, CertificateChain, Certificate. In addition, SSL2 ClientHello,
-ServerHello, ClientMasterKey are also partly parsed. NO DECRYPTION IS PERFORMED
-ON THE DATA. SSLTAP CANNOT DECRYPT the data.
-
-<P>If a certificate chain is detected, DER-encoded certificates will be
-saved into files in the current directory called 'cert.0x' where x is the
-sequence number of the certificate.
-<BR>
-<H3>
-Operation Hints</H3>
-Often, you'll find that the server certificate does not get transferred,
-or other parts of the handshake do not happen. This is because the browser
-is taking advantage of session-id-reuse (using the handshake results from
-a previous session). If you restart the browser, it'll clear the session
-id cache.
-
-<P>If you run the ssltap on a different machine that the ssl server you're
-trying to connect to, the browser will complain that the host name you're
-trying to connect to is different to the certificate, but it will still
-let you connect, after showing you a dialog.
-<H3>
-Bugs</H3>
-Please contact <A HREF="mailto:ssltap-support@netscape.com">ssltap-support@netscape.com</A>
-for bug reports.
-<H3>
-History</H3>
-2.1 - First public release (March 1998)
-<BR>
-<H3>
-Other</H3>
-For reference, here is a table of some well-known port numbers:
-<BR>
-<TABLE BORDER=2 >
-<TR>
-<TD>HTTP</TD>
-
-<TD>80</TD>
-</TR>
-
-<TR>
-<TD>SMTP</TD>
-
-<TD>25</TD>
-</TR>
-
-<TR>
-<TD>HTTPS</TD>
-
-<TD>443</TD>
-</TR>
-
-<TR>
-<TD>FTP</TD>
-
-<TD>21</TD>
-</TR>
-
-<TR>
-<TD>IMAPS</TD>
-
-<TD>993</TD>
-</TR>
-
-<TR>
-<TD>NNTP</TD>
-
-<TD>119</TD>
-</TR>
-
-<TR>
-<TD>NNTPS</TD>
-
-<TD>563</TD>
-</TR>
-</TABLE>
-
-
-<P>
-</BODY>
-</HTML>
+<HTML> +<!-- This Source Code Form is subject to the terms of the Mozilla Public + - License, v. 2.0. If a copy of the MPL was not distributed with this + - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> +<HEAD> + <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"> + <META NAME="GENERATOR" CONTENT="Mozilla/4.05 [en] (WinNT; U) [Netscape]"> + <META NAME="Author" CONTENT="Steve Parkinson"> + <TITLE>SSLTap - manual</TITLE> +</HEAD> +<BODY> + +<H1> +SSLTap Manual page</H1> + +<H3> +Summary</H3> +A command-line proxy which is SSL-aware. It snoops on TCP connections, +and displays the data going by, including SSL records and handshaking +if the connection is SSL. +<H3> +Synopsis</H3> +<TT>ssltap [-vhfsxl] [-p port] hostname:port</TT> + +<P><TT> -v [prints version string]</TT> +<BR><TT> -h [outputs hex instead +of ASCII]</TT> +<BR><TT> -f [turn on Fancy HTML +coloring]</TT> +<BR><TT> -s [turn on SSL decoding]</TT> +<BR><TT> -x [turn on extra SSL +hex dumps]</TT> +<BR><TT> -p port [specify rendezvous port (default 1924)]</TT> +<BR><TT> -l [loop - continue +to wait for more connections]</TT> +<H3> +Description</H3> +SSLTap opens a socket on a rendezvous port, and waits for an incoming connection +(client side). Once this connection arrives, SSLTap makes another connection +to hostname:port (server side). It passes any data sent by the client to +the server, and vice versa. However, SSLTap will also display the data +to the console. It can do this for plain HTTP connections, or any TCP protocol. +However, SSLTap can also work with SSL streams, as detailed below. + +<P>Let's assume your development machine is called 'intercept'. The simplest +usage of SSLTap is to run the command <TT>'ssltap www.netscape.com:80'</TT> +on intercept. The program will wait for an incoming connection on port +1924. Next you would want to go to your browser, and enter the URL http://intercept:1924. +The page retrieved by the browser will actually be gotten from the server +at www.netscape.com, but will go via SSLTap. + +<P>Data sent from the client to the server is surrounded by a '--> [ ]' +symbol, and data sent from the server to the client, a '<---[ +]' symbol. + +<P>You'll notice that the page retrieved with this example looks incomplete. +This is because SSLTap by default closes down after the first connection +is complete, so the browser is not able to load images. To make the SSLTap +continue to accept connections, switch on looping mode with the -l option. + +<P>You can change the default rendezvous port to something else with the +-p option. + +<P>The remaining options change the way the output is produced. + +<P>The -f option prints 'fancy' output - in colored HTML. Data sent from +the client to the server is in blue. The server's reply is in red. This +is designed so you can load the output up into a browser. When used with +looping mode, the different connections are separated with horizontal lines. + +<P>-x will turn on HEX printing. Instead of being output as ascii, the +data is shown as Hex, like this: +<UL><TT><-- [</TT> +<BR><TT> 0: 56 d5 16 3e a1 6b b1 4a 8f 67 c4 d7 +21 2f 6f dd | V..>.k.J.g..!/o.</TT> +<BR><TT> 10: bb 22 c4 75 8c f4 ce 28 16 a6 20 aa +fb 9a 59 a1 | .".u...(.. ...Y.</TT> +<BR><TT> 20: 51 91 14 d2 fc 9f a7 ea 4d 9c f7 3a +9d 83 62 4a | Q.......M..:..bJ</TT> +<BR><TT>]</TT> +<BR> </UL> + +<H4> +SSL Parse mode</H4> +The following options deal with SSL connections. +<UL>-s will turn on SSL parsing. (SSLTap doesn't automatically detect SSL +sessions.) +<BR>-x will turn on extra SSL hexdumps. Mostly, if SSL can decode the data, +it doesn't display the hex.</UL> +The following SSL3 Data structures are parsed: Handshake, ClientHello, +ServerHello, CertificateChain, Certificate. In addition, SSL2 ClientHello, +ServerHello, ClientMasterKey are also partly parsed. NO DECRYPTION IS PERFORMED +ON THE DATA. SSLTAP CANNOT DECRYPT the data. + +<P>If a certificate chain is detected, DER-encoded certificates will be +saved into files in the current directory called 'cert.0x' where x is the +sequence number of the certificate. +<BR> +<H3> +Operation Hints</H3> +Often, you'll find that the server certificate does not get transferred, +or other parts of the handshake do not happen. This is because the browser +is taking advantage of session-id-reuse (using the handshake results from +a previous session). If you restart the browser, it'll clear the session +id cache. + +<P>If you run the ssltap on a different machine that the ssl server you're +trying to connect to, the browser will complain that the host name you're +trying to connect to is different to the certificate, but it will still +let you connect, after showing you a dialog. +<H3> +Bugs</H3> +Please contact <A HREF="mailto:ssltap-support@netscape.com">ssltap-support@netscape.com</A> +for bug reports. +<H3> +History</H3> +2.1 - First public release (March 1998) +<BR> +<H3> +Other</H3> +For reference, here is a table of some well-known port numbers: +<BR> +<TABLE BORDER=2 > +<TR> +<TD>HTTP</TD> + +<TD>80</TD> +</TR> + +<TR> +<TD>SMTP</TD> + +<TD>25</TD> +</TR> + +<TR> +<TD>HTTPS</TD> + +<TD>443</TD> +</TR> + +<TR> +<TD>FTP</TD> + +<TD>21</TD> +</TR> + +<TR> +<TD>IMAPS</TD> + +<TD>993</TD> +</TR> + +<TR> +<TD>NNTP</TD> + +<TD>119</TD> +</TR> + +<TR> +<TD>NNTPS</TD> + +<TD>563</TD> +</TR> +</TABLE> + + +<P> +</BODY> +</HTML> |