As you could have already guessed from the name, jssltrace is a tool, which intercepts and traces the ssl traffic between a client and a server. Of course before it do it't job, it decrypts the traffic, so the user can see the "plain-text" contents of the conversation. It can be very useful if you have a ssl-using client/server software, which refuses to work and you need to look into the communication of both parts in order to find out what is missing.
Before you read this, please make youself familiar with ssl basics.
Jssltrace acts as the famous man in the middle - it sits between the client and the server, intercepts their traffic, decrypts it, and prints it to a text file, so you are able to see the decrypted content. Here is an example of how it works:
Let's assume, you would like to intercerpt the communication between your web browser and a webserver which uses ssl. Let's say the DNS name of the server is www.yourserver.com.
The first thing is, of course, to configure and start the jssl trace, so that it now listens on the port 443 (ssl port) ready to accept requests from your browser and forward the data to www.yourserver.com and back. After having done it, start jssltrace.
Now manipulate your computer so that when the webbrowser asks for the ip address of www.yourserver.com it will get not it's real address but 127.0.0.1, that is, your own computer. The best way to do it is to put the corresponding entry into the hosts.txt file on your computer. This way, when your call up the URL https://www.yourserver.com in your browser, the browser will connect to jssltrace instead of the original server. Unfortunately, if you try it just now, your browser will show you an error page saying that the server you have called up, uses an invalid certificate. This is absolutely correct too, jssl trace does indeed use an invalid certificate or rather a certificate signed by a certificate authority (CA in ssl parlance), which is unknown to your browser. So the last step is to take the CA's certificate used by jssltrace and install it in your browser so that the browser accepts it as a valid CA. Which CA you use is free configurable with jssltrace, but usually you will use the one from the security folder in the jssltrace's installation directory (ca_certificate.crt). After you have installed the certificate, the browser will accept all server certificates signed by this CA as valid.
That was all you had to do. Call the URL https://www.yourserver.com again, and this time the browser will not complain. Browse a bit and then look into the traces directory, which is, again, free configurable configurable with jssltrace but usually will be the trc folder in the jssltrace's installation directory. You wil find there some .txt files (one for every ssl connection between your browser and www.yourserver.com via jssltrace), which will contain the encrypted ssl data.
The last section and the Installation and configuration contain between them enough infos to get jssltrace up and running. But if you would like to know how jssltrace achieves it's "magic", here follows the detailed explanation, based on the example from the last section:
Let's assume, you have followed the instructions from the the last section, jssltrace is waiting for the connection from your browser and you are just about to invoke the start url https://www.yourserver.com. After you have invoked it, following things happen (stylized decription):
There are, apart from the basic functionality described above, additional features, which can be useful in some usage scenarios. Here follows the list, which will be updated with every new version of JSSLTrace.
Wiki: Home
Wiki: client_authentication
Wiki: configuration
Wiki: http_proxy
Wiki: plain_tcp
Wiki: web_console