{"id":14235606,"url":"https://github.com/alessandrod/snuffy","last_synced_at":"2025-10-18T10:19:09.902Z","repository":{"id":66722613,"uuid":"290320434","full_name":"alessandrod/snuffy","owner":"alessandrod","description":"Snuffy is a simple command line tool to inspect SSL/TLS data.","archived":false,"fork":false,"pushed_at":"2020-10-11T21:00:44.000Z","size":29,"stargazers_count":291,"open_issues_count":2,"forks_count":15,"subscribers_count":7,"default_branch":"master","last_synced_at":"2025-06-13T03:02:44.135Z","etag":null,"topics":["bpf","openssl","rust","ssl","tls","uprobes"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/alessandrod.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-08-25T20:48:34.000Z","updated_at":"2025-02-03T11:16:02.000Z","dependencies_parsed_at":"2023-03-09T21:15:16.736Z","dependency_job_id":null,"html_url":"https://github.com/alessandrod/snuffy","commit_stats":{"total_commits":16,"total_committers":1,"mean_commits":16.0,"dds":0.0,"last_synced_commit":"9294be85c6179cc573fd0e685c86ab68249b0f86"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/alessandrod/snuffy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alessandrod%2Fsnuffy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alessandrod%2Fsnuffy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alessandrod%2Fsnuffy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alessandrod%2Fsnuffy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/alessandrod","download_url":"https://codeload.github.com/alessandrod/snuffy/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alessandrod%2Fsnuffy/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":266507366,"owners_count":23940055,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-22T02:00:09.085Z","response_time":66,"last_error":null,"robots_txt_status":null,"robots_txt_updated_at":null,"robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bpf","openssl","rust","ssl","tls","uprobes"],"created_at":"2024-08-20T21:02:08.725Z","updated_at":"2025-10-18T10:19:09.820Z","avatar_url":"https://github.com/alessandrod.png","language":"Rust","funding_links":[],"categories":["Rust"],"sub_categories":[],"readme":"# snuffy\n\nSnuffy is a simple command line tool to inspect SSL/TLS connections. It currently supports [OpenSSL](https://openssl.org) and [NSS](https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS).\n\nFor background info see the blog post https://confused.ai/posts/intercepting-zoom-tls-encryption-bpf-uprobes.\n\n# Installation\n\nIn order to use snuffy you need to install the headers for the running kernel and LLVM 10.\n\nTo install them on ubuntu run:\n\n```sh\nsudo apt-get -y install build-essential zlib1g-dev \\\n        llvm-10-dev libclang-10-dev linux-headers-$(uname -r)\n```\n\nOn fedora run:\n\n```sh\nyum install clang llvm llvm-devel zlib-devel kernel-devel\nexport LLVM_SYS_100_PREFIX=/usr\n```\n\nFinally install snuffy itself running:\n\n```sh\ncargo install --git https://github.com/alessandrod/snuffy snuffy\n```\n\n**NOTE**: if you installed rust in your home directory, the binary will be placed in `$HOME/.cargo/bin/snuffy`. If you use sudo to run snuffy, you'll have to use the full path.\n\n# Usage\n\nSnuffy uses the `bpf()` syscall, so you need to run it as root or a user with `CAP_SYS_ADMIN` privileges.\n\n## With programs that link to OpenSSL or NSS dynamically\n\nTo instruments commands that link to OpenSSL or NSS dynamically, run:\n\n```\n# snuffy --hex-dump --command [COMMAND]\n```\n\nFor example to instrument curl:\n\n```\n# snuffy --hex-dump --command /usr/bin/curl # then in another terminal run: curl --http1.1 https://www.google.com\n[6:05:19] Connected to 127.0.0.53:53\n[6:05:19] Resolved www.google.com to 216.58.199.68\n[6:05:19] Connected to www.google.com:443 (216.58.199.68:443)\n[6:05:19] Write 78 bytes to www.google.com:443 (216.58.199.68:443)\n[6:05:19] |47455420 2f204854 54502f31 2e310d0a| GET / HTTP/1.1.. 00000000\n[6:05:19] |486f7374 3a207777 772e676f 6f676c65| Host: www.google 00000010\n[6:05:19] |2e636f6d 0d0a5573 65722d41 67656e74| .com..User-Agent 00000020\n[6:05:19] |3a206375 726c2f37 2e36352e 330d0a41| : curl/7.65.3..A 00000030\n[6:05:19] |63636570 743a202a 2f2a0d0a 0d0a|     ccept: */*....   00000040\n[6:05:19]                                                        0000004e\n[6:05:19] Read 1396 bytes from www.google.com:443 (216.58.199.68:443)\n[6:05:19] |48545450 2f312e31 20323030 204f4b0d| HTTP/1.1 200 OK. 00000000\n[6:05:19] |0a446174 653a2046 72692c20 30342053| .Date: Fri, 04 S 00000010\n[6:05:19] |65702032 30323020 30363a32 303a3033| ep 2020 06:20:03 00000020\n[6:05:19] |20474d54 0d0a4578 70697265 733a202d|  GMT..Expires: - 00000030\n[6:05:19] |310d0a43 61636865 2d436f6e 74726f6c| 1..Cache-Control 00000040\n[6:05:19] |3a207072 69766174 652c206d 61782d61| : private, max-a 00000050\n```\n\nIf you omit the `--command` option, snuffy will intercept **all** the programs that use OpenSSL or NSS.\n\n**NOTE**: Firefox links to NSS dynamically, but ships its own `libssl3.so` and `libnspr4.so`. To instrument firefox, you have to provide a config file pointing to those libraries, eg:\n\n```toml\n[nss]\nlibssl3=\"/usr/lib/firefox/libssl3.so\"\nlibnspr4=\"/usr/lib/firefox/libnspr4.so\"\n```\n\n## With programs that link to OpenSSL or NSS statically\n\nIf you want to instrument a program that links statically to OpenSSL or NSS and the symbols have been stripped, you need to provide a configuration file containing the `.text` section offsets of the TLS functions.\n\nFor example for OpenSSL put this in `config.toml`:\n\n```toml\n[openssl]\nSSL_set_fd = 0xBADDCAFE\nSSL_read = 0xBAAAAAAD\nSSL_write = 0xDECAFBAD\n```\n\nAnd for NSS:\n\n```toml\n[nss]\nSSL_SetURL = 0xBADDCAFE\nPR_Recv = 0xBAAAAAAD\nPR_Send = 0xDECAFBAD\n```\n\n(The offsets above are just examples, you need to provide working ones.)\n\nThen run:\n\n```\n# snuffy --hex-dump --command COMMAND --config config.toml\n```\n\nFor example assuming `zoom-config.toml` contains valid OpenSSL offsets for the zoom client:\n\n```\n# snuffy --hex-dump --command /opt/zoom/zoom --config zoom-config.toml # then start zoom\n[4:56:18] Connected to 127.0.0.53:53\n[4:56:18] Resolved us04web.zoom.us to 3.235.69.6\n[4:56:18] Connected to us04web.zoom.us:443 (3.235.69.6:443)\n[4:56:19] Write 571 bytes to us04web.zoom.us:443 (3.235.69.6:443)\n[4:56:19] |504f5354 202f7265 6c656173 656e6f74| POST /releasenot 00000000\n[4:56:19] |65732048 5454502f 312e310d 0a486f73| es HTTP/1.1..Hos 00000010\n[4:56:19] |743a2075 73303477 65622e7a 6f6f6d2e| t: us04web.zoom. 00000020\n[4:56:19] |75730d0a 55736572 2d416765 6e743a20| us..User-Agent:  00000030\n[4:56:19] |4d6f7a69 6c6c612f 352e3020 285a4f4f| Mozilla/5.0 (ZOO 00000040\n[4:56:19] |4d2e4c69 6e757820 5562756e 74752031| M.Linux Ubuntu 1 00000050\n...\n\n[4:56:19] Read 3088 bytes from us04web.zoom.us:443 (3.235.69.6:443)\n[4:56:19] |48545450 2f312e31 20323030 200d0a44| HTTP/1.1 200 ..D 00000000\n[4:56:19] |6174653a 20467269 2c203034 20536570| ate: Fri, 04 Sep 00000010\n[4:56:19] |20323032 30203035 3a31313a 30352047|  2020 05:11:05 G 00000020\n[4:56:19] |4d540d0a 436f6e74 656e742d 54797065| MT..Content-Type 00000030\n[4:56:19] |3a206170 706c6963 6174696f 6e2f782d| : application/x- 00000040\n[4:56:19] |70726f74 6f627566 3b636861 72736574| protobuf;charset 00000050\n...\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falessandrod%2Fsnuffy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Falessandrod%2Fsnuffy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falessandrod%2Fsnuffy/lists"}