Library + CLI-Tool to measure the TTFB (time to first byte) of HTTP requests. Additionally, this crate measures the times of DNS lookup, TCP connect and TLS handshake.


TTFB: CLI + Lib to Measure the TTFB of HTTP/1.1 Requests

Similar to the network tab in Google Chrome or Mozilla Firefox, this crate helps you find the timings for:

  • DNS lookup (if domain is specified, i.e. no IP is given)
  • TCP connection start
  • TLS handshake (if https/TLS is used)
  • Initial GET-Request
  • TTFB (Time To First Byte)

It builds upon the crates trust-dns-resolver for modern and secure DNS resolving of domains and native-tls for handling TLS v1.2/1.3.

Cross Platform

CLI + lib work on Linux, MacOS, and Windows.

Usage Binary/CLI tool

Install with cargo install ttfb. It takes one argument and passes it to the library. The string you pass here as first argument is the same as for the library function.

Additionally, the CLI takes a -k/--insecure option.
Example: $ ttfb -k

Usage Library

The library exposes the function ttfb(url: String). The string can be for example:

  • (defaults to http://)
  • (defaults to http://)
  • (defaults to http://)

Example Output

If you installed the CLI and invoke it like $ ttfb, the output will look like:

TTFB for (by [email protected])
PROPERTY        REL TIME (ms)   ABS TIME (ms)
DNS Lookup    :         0.755           0.755  (probably cached)
TCP connect   :        35.484          36.239
TLS Handshake :        36.363          72.603
HTTP GET Req  :         0.011          72.614
HTTP Resp TTFB:        76.432         149.046

Rust version

This crate was developed and tested with rustc-nightly 1.55 and rustc-stable 1.53. It should work with older versions too, because I don't use special features in the code. Maybe the other libraries could block older compilers, I'm not sure.

You might also like...
Flexible DNS hijacking and proxy tool.

kungfu Flexible DNS hijacking and proxy tool. Features Flexible rules e.g. glob pattern domain, static routes, response CIDR Host file include /etc/ho

Automatic HTTPS certificates for, via Let's Encrypt and ACME tls-alpn-01 challenges

trillium-acme helps you serve HTTPS with Trillium using automatic certificates, via Let’s Encrypt and ACME tls-alpn-01 challenges. To use trillium-acm

Userspace libpcap-based tool to mirror your dns traffic

DNS traffic mirroring tool (dns-mirror) Description Userspace libpcap-based tool. dns-mirror sniffs dns packets on the given interface and proxies it

Dns subdomain finding tool, based off of the c application of the same name

dnsmap-rs Tool for brute-forcing/scanning for existing subdomains in a domain. Based on dnsmap c application that is packaged in kali linux. Can query

Passive TCP/IP fingerprinting tool

This tool analyzes first stage of TCP handshake (SYN) and recognize operating system of client Build To build sp0ky, you need to install Rust git clon

Final Project for
Final Project for "Computer Networking Security": A Layer-3 VPN implementation over TLS

Final Project for "Computer Networking Security": A Layer-3 VPN implementation over TLS

SOCKS5 implement library, with some useful utilities such as dns-query, socks5-server, dns2socks, udp-client, etc.

socks5-impl Fundamental abstractions and async read / write functions for SOCKS5 protocol and Relatively low-level asynchronized SOCKS5 server impleme

JSON-RPC endpoint proxy that dumps requests/responses for debugging
JSON-RPC endpoint proxy that dumps requests/responses for debugging

json_rpc_snoop How to build Ensure you have cargo installed and in your PATH (the easiest way is to visit make This will create t

Acts as an IRC server and a nostr client. Connect with your IRC client using your nostr private key as the password.

nostr-irc Acts as an IRC server and a nostr client. Connect with your IRC client using your nostr private key as the password. Experimental code, use

  • [Bug] ttfb doesnt allow

    [Bug] ttfb doesnt allow

    ttfb -k ""
    Invalid URL! https can only be used when a domain name is given. IP addresses don't work.

    This isn't true, any valid SSL cert that contains IP addresses in the Subject Alternative Name fields are considered secure (see image and website as an example as to why this isn't true)


    opened by 12932 2
  • Fix typo

    Fix typo

    When trying ttfb it produces ERROR: Can't establish HTTP/1.1-Connection! failed to fill whole buffer instead of the expected output.

    opened by Byron 1
  • also add content download time (requires http/1.1 header parsing)

    also add content download time (requires http/1.1 header parsing)

    will be more complicated, because it needs HTTP header parsing.. content encoding could be chunked for example..

    I need to know the contents length, because the "read_to_end" (EOF) doesn't work well. Some servers even do not send the EOF (program gets stuck)

    opened by phip1611 0
Philipp Schuster
Hello, I'm Philipp. I'm studying computer science at TU Dresden and I love coding. I'm especially interested in operating systems and low-level code.
Philipp Schuster
A tcp over http2 + tls proxy

mtunnel A tcp over http2 + tls proxy. Usage 1. get certificates, by following steps. 2. make your config client config: { "local_addr": "

cssivision 9 Sep 5, 2022
Obtain (wildcard) certificates from let's encrypt using dns-01 without the need for API access to your DNS provider.

Agnos Presentation Agnos is a single-binary program allowing you to easily obtain certificates (including wildcards) from Let's Encrypt using DNS-01 c

Arthur Carcano 246 Dec 20, 2022
DNS Server written in Rust for fun, see

DNS Fun Ever wondered how you can write a DNS server in Rust? No? Well, too bad, I'm telling you anyways. But don't worry, this is going to be a fun o

Patrick Elsen 26 Jan 13, 2023
GeoIP lookup server over HTTP.

geoip-http | geoip-http is a fast GeoIP lookup service in Rust, using the Axum web framework. It provides one possible server for tzupdate. Features F

Chris Down 4 Jun 3, 2023
Signing HTTP requests without heavy SDKs

reqsign   Signing API requests without effort. Most API is simple. But they could be complicated when they are hidden from complex abstraction. reqsig

Xuanwo 34 Dec 16, 2022
📡Proxy HTTP/1.1 requests over a sensitive point-to-point link

ptproxy Motivation What's this? Why do I need this? What's a sensitive network link? What's wrong with a VPN? What's wrong with HTTP[S]? What's wrong

Alba Mendez 5 Jul 26, 2023
A remote shell, TCP tunnel and HTTP proxy for Replit.

Autobahn A remote shell, TCP tunnel and HTTP proxy for Replit. Hybrid SSH/HTTP server for Replit. Based on leon332157/replish. Autobahn runs a WebSock

Patrick Winters 12 Sep 24, 2022
Tunnel TCP traffic through SOCKS5 or HTTP using a TUN interface.

tun2proxy Tunnel TCP traffic through SOCKS5 or HTTP on Linux. Authentication not yet supported. Error handling incomplete and too restrictive. Build C

B. Blechschmidt 34 Nov 29, 2022
A TCP proxy using HTTP - Reach SSH behind a Nginx reverse proxy

?? TCP over HTTP ?? The Questions ?? What does it do? You can proxy TCP traffic over HTTP. A basic setup would be: [Your TCP target] <--TCP-- [Exit No

Julian 185 Dec 15, 2022
RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust. 🦀

Information: RDE1 is an old personal project (end 2022) that I didn't continue development on. It's part of a list of projects that helped me to learn

Quentin Texier (g0h4n) 32 Oct 6, 2023