diff options
Diffstat (limited to 'security/nss/cmd/ssltap/ssltap-manual.html')
-rw-r--r-- | security/nss/cmd/ssltap/ssltap-manual.html | 202 |
1 files changed, 0 insertions, 202 deletions
diff --git a/security/nss/cmd/ssltap/ssltap-manual.html b/security/nss/cmd/ssltap/ssltap-manual.html deleted file mode 100644 index f49bf7282..000000000 --- a/security/nss/cmd/ssltap/ssltap-manual.html +++ /dev/null @@ -1,202 +0,0 @@ -<HTML>
-<!-- ***** BEGIN LICENSE BLOCK ***** - - Version: MPL 1.1/GPL 2.0/LGPL 2.1 - - - - The contents of this file are subject to the Mozilla Public License Version - - 1.1 (the "License"); you may not use this file except in compliance with - - the License. You may obtain a copy of the License at - - http://www.mozilla.org/MPL/ - - - - Software distributed under the License is distributed on an "AS IS" basis, - - WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - - for the specific language governing rights and limitations under the - - License. - - - - The Original Code is the Netscape security libraries. - - - - The Initial Developer of the Original Code is - - Netscape Communications Corporation. - - Portions created by the Initial Developer are Copyright (C) 1994-2000 - - the Initial Developer. All Rights Reserved. - - - - Contributor(s): - - - - Alternatively, the contents of this file may be used under the terms of - - either the GNU General Public License Version 2 or later (the "GPL"), or - - the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - - in which case the provisions of the GPL or the LGPL are applicable instead - - of those above. If you wish to allow use of your version of this file only - - under the terms of either the GPL or the LGPL, and not to allow others to - - use your version of this file under the terms of the MPL, indicate your - - decision by deleting the provisions above and replace them with the notice - - and other provisions required by the GPL or the LGPL. If you do not delete - - the provisions above, a recipient may use your version of this file under - - the terms of any one of the MPL, the GPL or the LGPL. - - - - ***** END LICENSE BLOCK ***** --> -<HEAD>
- <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
- <META NAME="GENERATOR" CONTENT="Mozilla/4.05 [en] (WinNT; U) [Netscape]">
- <META NAME="Author" CONTENT="Steve Parkinson">
- <TITLE>SSLTap - manual</TITLE>
-</HEAD>
-<BODY>
-
-<H1>
-SSLTap Manual page</H1>
-
-<H3>
-Summary</H3>
-A command-line proxy which is SSL-aware. It snoops on TCP connections,
-and displays the data going by, including SSL records and handshaking
-if the connection is SSL.
-<H3>
-Synopsis</H3>
-<TT>ssltap [-vhfsxl] [-p port] hostname:port</TT>
-
-<P><TT> -v [prints version string]</TT>
-<BR><TT> -h [outputs hex instead
-of ASCII]</TT>
-<BR><TT> -f [turn on Fancy HTML
-coloring]</TT>
-<BR><TT> -s [turn on SSL decoding]</TT>
-<BR><TT> -x [turn on extra SSL
-hex dumps]</TT>
-<BR><TT> -p port [specify rendezvous port (default 1924)]</TT>
-<BR><TT> -l [loop - continue
-to wait for more connections]</TT>
-<H3>
-Description</H3>
-SSLTap opens a socket on a rendezvous port, and waits for an incoming connection
-(client side). Once this connection arrives, SSLTap makes another connection
-to hostname:port (server side). It passes any data sent by the client to
-the server, and vice versa. However, SSLTap will also display the data
-to the console. It can do this for plain HTTP connections, or any TCP protocol.
-However, SSLTap can also work with SSL streams, as detailed below.
-
-<P>Let's assume your development machine is called 'intercept'. The simplest
-usage of SSLTap is to run the command <TT>'ssltap www.netscape.com:80'</TT>
-on intercept. The program will wait for an incoming connection on port
-1924. Next you would want to go to your browser, and enter the URL http://intercept:1924.
-The page retrieved by the browser will actually be gotten from the server
-at www.netscape.com, but will go via SSLTap.
-
-<P>Data sent from the client to the server is surrounded by a '--> [ ]'
-symbol, and data sent from the server to the client, a '<---[
-]' symbol.
-
-<P>You'll notice that the page retrieved with this example looks incomplete.
-This is because SSLTap by default closes down after the first connection
-is complete, so the browser is not able to load images. To make the SSLTap
-continue to accept connections, switch on looping mode with the -l option.
-
-<P>You can change the default rendezvous port to something else with the
--p option.
-
-<P>The remaining options change the way the output is produced.
-
-<P>The -f option prints 'fancy' output - in colored HTML. Data sent from
-the client to the server is in blue. The server's reply is in red. This
-is designed so you can load the output up into a browser. When used with
-looping mode, the different connections are separated with horizontal lines.
-
-<P>-x will turn on HEX printing. Instead of being output as ascii, the
-data is shown as Hex, like this:
-<UL><TT><-- [</TT>
-<BR><TT> 0: 56 d5 16 3e a1 6b b1 4a 8f 67 c4 d7
-21 2f 6f dd | V..>.k.J.g..!/o.</TT>
-<BR><TT> 10: bb 22 c4 75 8c f4 ce 28 16 a6 20 aa
-fb 9a 59 a1 | .".u...(.. ...Y.</TT>
-<BR><TT> 20: 51 91 14 d2 fc 9f a7 ea 4d 9c f7 3a
-9d 83 62 4a | Q.......M..:..bJ</TT>
-<BR><TT>]</TT>
-<BR> </UL>
-
-<H4>
-SSL Parse mode</H4>
-The following options deal with SSL connections.
-<UL>-s will turn on SSL parsing. (SSLTap doesn't automatically detect SSL
-sessions.)
-<BR>-x will turn on extra SSL hexdumps. Mostly, if SSL can decode the data,
-it doesn't display the hex.</UL>
-The following SSL3 Data structures are parsed: Handshake, ClientHello,
-ServerHello, CertificateChain, Certificate. In addition, SSL2 ClientHello,
-ServerHello, ClientMasterKey are also partly parsed. NO DECRYPTION IS PERFORMED
-ON THE DATA. SSLTAP CANNOT DECRYPT the data.
-
-<P>If a certificate chain is detected, DER-encoded certificates will be
-saved into files in the current directory called 'cert.0x' where x is the
-sequence number of the certificate.
-<BR>
-<H3>
-Operation Hints</H3>
-Often, you'll find that the server certificate does not get transferred,
-or other parts of the handshake do not happen. This is because the browser
-is taking advantage of session-id-reuse (using the handshake results from
-a previous session). If you restart the browser, it'll clear the session
-id cache.
-
-<P>If you run the ssltap on a different machine that the ssl server you're
-trying to connect to, the browser will complain that the host name you're
-trying to connect to is different to the certificate, but it will still
-let you connect, after showing you a dialog.
-<H3>
-Bugs</H3>
-Please contact <A HREF="mailto:ssltap-support@netscape.com">ssltap-support@netscape.com</A>
-for bug reports.
-<H3>
-History</H3>
-2.1 - First public release (March 1998)
-<BR>
-<H3>
-Other</H3>
-For reference, here is a table of some well-known port numbers:
-<BR>
-<TABLE BORDER=2 >
-<TR>
-<TD>HTTP</TD>
-
-<TD>80</TD>
-</TR>
-
-<TR>
-<TD>SMTP</TD>
-
-<TD>25</TD>
-</TR>
-
-<TR>
-<TD>HTTPS</TD>
-
-<TD>443</TD>
-</TR>
-
-<TR>
-<TD>FTP</TD>
-
-<TD>21</TD>
-</TR>
-
-<TR>
-<TD>IMAPS</TD>
-
-<TD>993</TD>
-</TR>
-
-<TR>
-<TD>NNTP</TD>
-
-<TD>119</TD>
-</TR>
-
-<TR>
-<TD>NNTPS</TD>
-
-<TD>563</TD>
-</TR>
-</TABLE>
-
-
-<P>
-</BODY>
-</HTML>
|