alessandrod / Snuffy
Snuffy is a simple command line tool to inspect SSL/TLS data.
Stars: ✭ 236
Programming Languages
rust
11053 projects
Projects that are alternatives of or similar to Snuffy
openssl-ca
Shell scripts to manage a private Certificate Authority using OpenSSL
Stars: ✭ 38 (-83.9%)
Mutual labels: tls, ssl, openssl
Pyopenssl
A Python wrapper around the OpenSSL library
Stars: ✭ 701 (+197.03%)
Mutual labels: ssl, tls, openssl
Search Guard Ssl
Elasticsearch SSL for free. Supports native Open SSL.
Stars: ✭ 159 (-32.63%)
Mutual labels: ssl, tls, openssl
Mutual Tls Ssl
🔐 Tutorial of setting up Security for your API with one way authentication with TLS/SSL and mutual mutual authentication for a java based web server and a client with both Spring Boot. Different clients are provided such as Apache HttpClient, OkHttp, Spring RestTemplate, Spring WebFlux WebClient Jetty and Netty, the old and the new JDK HttpClient, the old and the new Jersey Client, Google HttpClient, Unirest, Retrofit, Feign, Methanol, vertx, Scala client Finagle, Featherbed, Dispatch Reboot, AsyncHttpClient, Sttp, Akka, Requests Scala, Http4s Blaze, Kotlin client Fuel, http4k, Kohttp and ktor. Also other server examples are available such as jersey with grizzly. Also gRPC examples are included
Stars: ✭ 163 (-30.93%)
Mutual labels: ssl, tls, openssl
openssl-RPM-Builder
Build latest OpenSSL binary
Stars: ✭ 46 (-80.51%)
Mutual labels: tls, ssl, openssl
Testssl.sh
Testing TLS/SSL encryption anywhere on any port
Stars: ✭ 5,676 (+2305.08%)
Mutual labels: ssl, tls, openssl
qsslcaudit
test SSL/TLS clients how secure they are
Stars: ✭ 22 (-90.68%)
Mutual labels: tls, ssl, openssl
Ssl Checker
Python script that collects SSL/TLS information from hosts
Stars: ✭ 94 (-60.17%)
Mutual labels: ssl, tls, openssl
Wolfssl
wolfSSL (formerly CyaSSL) is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud. wolfSSL supports up to TLS 1.3!
Stars: ✭ 1,098 (+365.25%)
Mutual labels: ssl, tls, openssl
Tls Channel
A Java library that implements a ByteChannel interface over SSLEngine, enabling easy-to-use (socket-like) TLS for Java applications.
Stars: ✭ 113 (-52.12%)
Mutual labels: ssl, tls, openssl
Cert
Cert is the Go tool to get TLS certificate information.
Stars: ✭ 166 (-29.66%)
Mutual labels: ssl, tls
Cryptcheck
Verify some SSL/TLS website or XMPP implementation
Stars: ✭ 158 (-33.05%)
Mutual labels: tls, openssl
Https Ssl Cert Check Zabbix
Script to check validity and expiration of TLS/SSL certificate on site. May be used with Zabbix or standalone.
Stars: ✭ 162 (-31.36%)
Mutual labels: ssl, tls
snuffy
Snuffy is a simple command line tool to inspect SSL/TLS connections. It currently supports OpenSSL and NSS.
For background info see the blog post https://confused.ai/posts/intercepting-zoom-tls-encryption-bpf-uprobes.
Installation
In order to use snuffy you need to install the headers for the running kernel and LLVM 10.
To install them on ubuntu run:
sudo apt-get -y install build-essential zlib1g-dev \
llvm-10-dev libclang-10-dev linux-headers-$(uname -r)
On fedora run:
yum install clang llvm llvm-devel zlib-devel kernel-devel
export LLVM_SYS_100_PREFIX=/usr
Finally install snuffy itself running:
cargo install --git https://github.com/alessandrod/snuffy snuffy
NOTE: if you installed rust in your home directory, the binary will be placed in $HOME/.cargo/bin/snuffy. If you use sudo to run snuffy, you'll have to use the full path.
Usage
Snuffy uses the bpf() syscall, so you need to run it as root or a user with CAP_SYS_ADMIN privileges.
With programs that link to OpenSSL or NSS dynamically
To instruments commands that link to OpenSSL or NSS dynamically, run:
# snuffy --hex-dump --command [COMMAND]
For example to instrument curl:
# snuffy --hex-dump --command /usr/bin/curl # then in another terminal run: curl --http1.1 https://www.google.com
[6:05:19] Connected to 127.0.0.53:53
[6:05:19] Resolved www.google.com to 216.58.199.68
[6:05:19] Connected to www.google.com:443 (216.58.199.68:443)
[6:05:19] Write 78 bytes to www.google.com:443 (216.58.199.68:443)
[6:05:19] |47455420 2f204854 54502f31 2e310d0a| GET / HTTP/1.1.. 00000000
[6:05:19] |486f7374 3a207777 772e676f 6f676c65| Host: www.google 00000010
[6:05:19] |2e636f6d 0d0a5573 65722d41 67656e74| .com..User-Agent 00000020
[6:05:19] |3a206375 726c2f37 2e36352e 330d0a41| : curl/7.65.3..A 00000030
[6:05:19] |63636570 743a202a 2f2a0d0a 0d0a| ccept: */*.... 00000040
[6:05:19] 0000004e
[6:05:19] Read 1396 bytes from www.google.com:443 (216.58.199.68:443)
[6:05:19] |48545450 2f312e31 20323030 204f4b0d| HTTP/1.1 200 OK. 00000000
[6:05:19] |0a446174 653a2046 72692c20 30342053| .Date: Fri, 04 S 00000010
[6:05:19] |65702032 30323020 30363a32 303a3033| ep 2020 06:20:03 00000020
[6:05:19] |20474d54 0d0a4578 70697265 733a202d| GMT..Expires: - 00000030
[6:05:19] |310d0a43 61636865 2d436f6e 74726f6c| 1..Cache-Control 00000040
[6:05:19] |3a207072 69766174 652c206d 61782d61| : private, max-a 00000050
If you omit the --command option, snuffy will intercept all the programs that use OpenSSL or NSS.
NOTE: Firefox links to NSS dynamically, but ships its own libssl3.so and libnspr4.so. To instrument firefox, you have to provide a config file pointing to those libraries, eg:
[nss]
libssl3="/usr/lib/firefox/libssl3.so"
libnspr4="/usr/lib/firefox/libnspr4.so"
With programs that link to OpenSSL or NSS statically
If you want to instrument a program that links statically to OpenSSL or NSS and the symbols have been stripped, you need to provide a configuration file containing the .text section offsets of the TLS functions.
For example for OpenSSL put this in config.toml:
[openssl]
SSL_set_fd = 0xBADDCAFE
SSL_read = 0xBAAAAAAD
SSL_write = 0xDECAFBAD
And for NSS:
[nss]
SSL_SetURL = 0xBADDCAFE
PR_Recv = 0xBAAAAAAD
PR_Send = 0xDECAFBAD
(The offsets above are just examples, you need to provide working ones.)
Then run:
# snuffy --hex-dump --command COMMAND --config config.toml
For example assuming zoom-config.toml contains valid OpenSSL offsets for the zoom client:
# snuffy --hex-dump --command /opt/zoom/zoom --config zoom-config.toml # then start zoom
[4:56:18] Connected to 127.0.0.53:53
[4:56:18] Resolved us04web.zoom.us to 3.235.69.6
[4:56:18] Connected to us04web.zoom.us:443 (3.235.69.6:443)
[4:56:19] Write 571 bytes to us04web.zoom.us:443 (3.235.69.6:443)
[4:56:19] |504f5354 202f7265 6c656173 656e6f74| POST /releasenot 00000000
[4:56:19] |65732048 5454502f 312e310d 0a486f73| es HTTP/1.1..Hos 00000010
[4:56:19] |743a2075 73303477 65622e7a 6f6f6d2e| t: us04web.zoom. 00000020
[4:56:19] |75730d0a 55736572 2d416765 6e743a20| us..User-Agent: 00000030
[4:56:19] |4d6f7a69 6c6c612f 352e3020 285a4f4f| Mozilla/5.0 (ZOO 00000040
[4:56:19] |4d2e4c69 6e757820 5562756e 74752031| M.Linux Ubuntu 1 00000050
...
[4:56:19] Read 3088 bytes from us04web.zoom.us:443 (3.235.69.6:443)
[4:56:19] |48545450 2f312e31 20323030 200d0a44| HTTP/1.1 200 ..D 00000000
[4:56:19] |6174653a 20467269 2c203034 20536570| ate: Fri, 04 Sep 00000010
[4:56:19] |20323032 30203035 3a31313a 30352047| 2020 05:11:05 G 00000020
[4:56:19] |4d540d0a 436f6e74 656e742d 54797065| MT..Content-Type 00000030
[4:56:19] |3a206170 706c6963 6174696f 6e2f782d| : application/x- 00000040
[4:56:19] |70726f74 6f627566 3b636861 72736574| protobuf;charset 00000050
...
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].