libs
libsinsp, libscap, the kernel module driver, and the eBPF driver sources (by falcosecurity)
ecapture
Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64. (by gojue)
libs | ecapture | |
---|---|---|
1 | 9 | |
203 | 8,230 | |
1.5% | 2.1% | |
9.9 | 9.2 | |
7 days ago | 7 days ago | |
C | C | |
Apache License 2.0 | Apache License 2.0 |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
libs
Posts with mentions or reviews of libs.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-05-11.
-
Getting started developing Falco
falcosecurity/libs, containing both the kernel module and the eBPF probe, and also libscap and libsinsp.
ecapture
Posts with mentions or reviews of ecapture.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-02-18.
- Capture SSL/TLS text content without CA cert using eBPF. supports Linux/Android x86_64/Aarch64.
-
eCapture: capture HTTPS traffic without CA certificates on Android/Linux using Golang.
The answer is YES. eCapture for Android can help you capture HTTPS packets on Android without the trivial settings. and also support Linux Kernel.
-
Go based eBPF projects
eCapture : Capture SSL/TLS text content without CA certificate Using eBPF
-
Kubeshark: The API Traffic Viewer for Kubernetes
One option is to use ebpf uprobes to dump the key material or plaintext (https://github.com/ehids/ecapture ). Should be easy for c-like TLS libraries probably less useful for JIT languages.
-
Can eBPF be used to measure and trace http 502 504
Other standalone project it https://github.com/ehids/ecapture which might be helpful
- ecapture: capture SSL/TLS text content without CA cert using eBPF.
- Ecapture: Capture and Decode TLS with eBPF
- Capture SSL/TLS text content without CA cert by eBPF
What are some alternatives?
When comparing libs and ecapture you can also consider the following projects:
TripleCross - A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
ssldump - ssldump - (de-facto repository gathering patches around the cyberspace)