In order to solve the problem of auditing the data protected by Secure Sockets Layer/Transport Layer Security (SSL/TLS) protocol on the Internet, a plaintext gathering method for network data protected by SSL/TLS protocol based on the principles of man-in-the-middle was proposed. A data gatherer was connected between the server and the client in series, which was able to get the encryption key by modifying handshake messages during SSL/TLS handshake, so as to decrypt the secure data and then gather its plaintext. Compared with the existing gathering method based on the principles of proxy server, the proposed method has a shorter transmission delay, a larger SSL throughput and a smaller memory occupation. Compared with the existing gathering method in which the gatherer possesses the server's private key, the proposed method has a wider application scope, and also has the advantage of being unaffected by packet losses on the Internet. The experimental results show that the proposed method has a decrease in transmission delay of about 27.5% and an increase in SSL throughput of about 10.4% compared with the method based on the principles of proxy server. The experimental results also show that the SSL throughput of the proposed method approaches the ideal maximum value.