{"id":31649312,"url":"https://github.com/tks98/snoopy","last_synced_at":"2025-10-07T07:42:14.536Z","repository":{"id":203034530,"uuid":"708255805","full_name":"tks98/snoopy","owner":"tks98","description":"Inspect SSL/TLS traffic using eBPF","archived":false,"fork":false,"pushed_at":"2023-11-04T16:46:50.000Z","size":39,"stargazers_count":13,"open_issues_count":1,"forks_count":2,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-06-21T18:04:27.641Z","etag":null,"topics":["ebpf","golang","ssl","tls","tracing","uprobes"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tks98.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-10-22T01:56:45.000Z","updated_at":"2024-02-22T07:11:35.000Z","dependencies_parsed_at":"2023-10-28T20:23:01.355Z","dependency_job_id":"f1af9b0c-30ad-424a-aa7d-39350e4d0cb6","html_url":"https://github.com/tks98/snoopy","commit_stats":null,"previous_names":["tks98/snoopy"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/tks98/snoopy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tks98%2Fsnoopy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tks98%2Fsnoopy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tks98%2Fsnoopy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tks98%2Fsnoopy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tks98","download_url":"https://codeload.github.com/tks98/snoopy/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tks98%2Fsnoopy/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278740831,"owners_count":26037480,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-07T02:00:06.786Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ebpf","golang","ssl","tls","tracing","uprobes"],"created_at":"2025-10-07T07:42:06.123Z","updated_at":"2025-10-07T07:42:14.529Z","avatar_url":"https://github.com/tks98.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# snoopy\n\n## Overview\n\nSnoopy is a tool for tracing and monitoring SSL/TLS connections in applications that use common SSL libraries. It leverages eBPF uprobes to hook into SSL functions, collecting metadata before encryption/decryption. This enables Snoopy to monitor SSL traffic without decryption.\n\nSnoopy supports inspecting traffic from applications that use OpenSSL (libssl.so) or GnuTLS (libgnutls.so).\n\n\n## Building\nSnoopy relies on [gobpf](https://github.com/iovisor/gobpf/tree/master), which are Go bindings for bcc. You will need to install [libbcc](https://github.com/iovisor/bcc/blob/master/INSTALL.md) for your specific kernel.\n\n```\ngo build -o snoopy\n```\n\n## Usage\n\nSnoopy supports two optional flags, --json and --pid.\n\n```bash\nsudo ./snoopy --json --pid 1337\n```\n\n- `json`: Print TLS information in JSON format.\n- `pid`: Only print TLS information from a specific process.\n\nExample\n\n```bash\nsudo snoopy --json --pid 1716580\n\n{\n    \"function\": \"SSL_READ\",\n    \"process_name\": \"curl\",\n    \"elapsed_time\": 0.022584,\n    \"pid\": 1716580,\n    \"tid\": 1716580,\n    \"message_size\": 1369,\n    \"result\": 0,\n    \"tls_content\": \"106.8,\\\"High\\\":58335.1....\"\n}\n\n```\nThis will print TLS information in JSON format only from process ID 1337.\nNot supplying either flag, Snoopy will visually display all intercepted SSL/TLS traffic from all processes that use the OpenSSL library.\n\n```bash\nsudo snoopy\n\n[ TLS Message Information ]\n+--------------+-----------------+\n| DESCRIPTION  | VALUE           |\n+--------------+-----------------+\n| Timestamp    | 23:26:54.337542 |\n| Function     | SSL_READ        |\n| Process Name | curl            |\n| PID          | 1719190         |\n| TID          | 1719190         |\n| Message Size | 1369 bytes      |\n+--------------+-----------------+\n[ TLS Content ]\nOpen\":0.2,\"High\":0.5,\"ChangePercentFromLastMonth\":...\"}\n...\n[ End of TLS Message ]\n```\n\n## Contributing\n\nFeel free to create issues for bugs and feature requests, or make pull requests to improve the utility.\n\n## License\n\nThis project is licensed under the MIT License.\n\n## References \n* https://www.airplane.dev/blog/decrypting-ssl-at-scale-with-ebpf\n* https://medium.com/@yunwei356/ebpf-practical-tutorial-capturing-ssl-tls-plain-text-using-uprobe-fccb010cfd64\n* https://github.com/eunomia-bpf/bpf-developer-tutorial\n* https://www.datadoghq.com/blog/ebpf-guide/\n* https://blog.px.dev/ebpf-openssl-tracing/\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftks98%2Fsnoopy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftks98%2Fsnoopy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftks98%2Fsnoopy/lists"}