libs vs ecapture

libs

libsinsp, libscap, the kernel module driver, and the eBPF driver sources (by falcosecurity)

Source Code

falcosecurity.github.io

Suggest alternative

Edit details

ecapture

Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64. (by gojue)

Golang Ebpf Tcpdump ssldump HTTPS TLS security-audit network-capture android-https-capture SSL ebpf-go ebpf-tc ebpf-uprobe Android Linux

Source Code

ecapture.cc

Suggest alternative

Edit details

InfluxDB - Power Real-Time Data Analytics at Scale

Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

www.influxdata.com

featured

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com

featured

libs		ecapture
	Project
1	Mentions	9
203	Stars	8,230
1.5%	Growth	2.1%
9.9	Activity	9.2
7 days ago	Latest Commit	7 days ago
C	Language	C
Apache License 2.0	License	Apache License 2.0

The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

libs

Posts with mentions or reviews of libs. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2022-05-11.

Getting started developing Falco
7 projects | dev.to | 11 May 2022

falcosecurity/libs, containing both the kernel module and the eBPF probe, and also libscap and libsinsp.

ecapture

Posts with mentions or reviews of ecapture. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-02-18.

Capture SSL/TLS text content without CA cert using eBPF. supports Linux/Android x86_64/Aarch64.
1 project | /r/blueteamsec | 4 Mar 2023
eCapture: capture HTTPS traffic without CA certificates on Android/Linux using Golang.
4 projects | /r/golang | 18 Feb 2023

The answer is YES. eCapture for Android can help you capture HTTPS packets on Android without the trivial settings. and also support Linux Kernel.
Go based eBPF projects
4 projects | /r/golang | 27 Nov 2022

eCapture : Capture SSL/TLS text content without CA certificate Using eBPF
Kubeshark: The API Traffic Viewer for Kubernetes
2 projects | news.ycombinator.com | 21 Nov 2022

One option is to use ebpf uprobes to dump the key material or plaintext (https://github.com/ehids/ecapture ). Should be easy for c-like TLS libraries probably less useful for JIT languages.
Can eBPF be used to measure and trace http 502 504
1 project | /r/eBPF | 18 Jul 2022

Other standalone project it https://github.com/ehids/ecapture which might be helpful
ecapture: capture SSL/TLS text content without CA cert using eBPF.
2 projects | /r/blueteamsec | 11 Jun 2022
Ecapture: Capture and Decode TLS with eBPF
1 project | news.ycombinator.com | 4 May 2022
Capture SSL/TLS text content without CA cert by eBPF
1 project | news.ycombinator.com | 31 Mar 2022

What are some alternatives?

When comparing libs and ecapture you can also consider the following projects:

TripleCross - A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.

ssldump - ssldump - (de-facto repository gathering patches around the cyberspace)

libs vs TripleCross ecapture vs ssldump

Compare libs vs ecapture and see what are their differences.

libs

ecapture

libs

ecapture

What are some alternatives?