Download
ssl_logger is a Python-based tool that decrypts and logs a target process’s SSL/TLS traffic on Linux and macOS. It attaches to a running process by name or PID and hooks SSL_read and SSL_write calls to capture plaintext data flowing through encrypted connections. Output can be streamed to the console with verbose metadata or written to a PCAP file for later analysis in standard tooling. The utility is powered by dynamic instrumentation using the Frida framework, allowing it to intercept function calls without recompiling or modifying the target binary. Typical workflows include debugging custom clients, validating protocol implementations, or inspecting troubleshooting traces when only an encrypted channel is available. While focused on libssl-based traffic, the project outlines future enhancements for broader TLS library coverage and process-launch capture flows.
Features
- Decrypts SSL/TLS traffic from a chosen process via name or PID
- Hooks SSL_read and SSL_write to capture plaintext payloads and endpoints
- Optional PCAP output for integration with packet analysis tools
- Verbose mode showing session identifiers and bi-directional flow metadata
- Frida-based dynamic instrumentation with no target recompilation required
- Command-line interface suitable for scripting and repeatable workflows
Project Samples
