ecapture
draft-ietf-opsawg-pcap
ecapture | draft-ietf-opsawg-pcap | |
---|---|---|
9 | 1 | |
8,204 | 254 | |
1.8% | 0.8% | |
9.2 | 7.9 | |
4 days ago | about 15 hours ago | |
C | XSLT | |
Apache License 2.0 | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ecapture
- Capture SSL/TLS text content without CA cert using eBPF. supports Linux/Android x86_64/Aarch64.
-
eCapture: capture HTTPS traffic without CA certificates on Android/Linux using Golang.
The answer is YES. eCapture for Android can help you capture HTTPS packets on Android without the trivial settings. and also support Linux Kernel.
-
Go based eBPF projects
eCapture : Capture SSL/TLS text content without CA certificate Using eBPF
-
Kubeshark: The API Traffic Viewer for Kubernetes
One option is to use ebpf uprobes to dump the key material or plaintext (https://github.com/ehids/ecapture ). Should be easy for c-like TLS libraries probably less useful for JIT languages.
-
Can eBPF be used to measure and trace http 502 504
Other standalone project it https://github.com/ehids/ecapture which might be helpful
- ecapture: capture SSL/TLS text content without CA cert using eBPF.
- Ecapture: Capture and Decode TLS with eBPF
- Capture SSL/TLS text content without CA cert by eBPF
draft-ietf-opsawg-pcap
-
eCapture: capture HTTPS traffic without CA certificates on Android/Linux using Golang.
eCapture implements the feature of saving a pcapng file by eBPF TC, and supports TLS Master Secret Key capturing by eBPF Uprobe. Also, gopacket's DSB feature is supported, based on Decryption Secrets Block (DSB)
What are some alternatives?
ssldump - ssldump - (de-facto repository gathering patches around the cyberspace)
gopacket - Provides packet processing capabilities for Go
sslsplit - Transparent SSL/TLS interception
merecat - Small and made-easy HTTP/HTTPS server based on Jef Poskanzer's thttpd
wolfssl - The wolfSSL library is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud. wolfSSL supports up to TLS 1.3!
golang-tls - Simple Golang HTTPS/TLS Examples
ssl-handshake - A command-line tool for testing SSL/TLS handshake latency, written in Go.
pixie - Instant Kubernetes-Native Application Observability
bcc - BCC - Tools for BPF-based Linux IO analysis, networking, monitoring, and more
certmagic - Automatic HTTPS for any Go program: fully-managed TLS certificate issuance and renewal
libs - libsinsp, libscap, the kernel module driver, and the eBPF driver sources
kubeshark - The API traffic analyzer for Kubernetes providing real-time K8s protocol-level visibility, capturing and monitoring all traffic and payloads going in, out and across containers, pods, nodes and clusters. Inspired by Wireshark, purposely built for Kubernetes