Comments (2)
cfc4n
commented on June 1, 2024
I used the Android Studio emulator, and it seems to be running fine.
emu64a:/data/local/tmp # ./ecapture tls -p 6310 -m pcap -w 111.pcapng
2024/04/14 03:39:17 Your environment is like a container. We won't be able to detect the BTF configuration.
tls_2024/04/14 03:39:17 ECAPTURE :: ecapture Version : androidgki_aarch64:0.7.6-20240330-f1930dc:[CORE]
tls_2024/04/14 03:39:17 ECAPTURE :: Pid Info : 19764
tls_2024/04/14 03:39:17 ECAPTURE :: Kernel Info : 5.15.41
tls_2024/04/14 03:39:17 EBPFProbeOPENSSL module initialization
tls_2024/04/14 03:39:17 ECAPTURE :: Module.Run()
tls_2024/04/14 03:39:17 EBPFProbeOPENSSL Pcapng MODEL
tls_2024/04/14 03:39:17 EBPFProbeOPENSSL OpenSSL/BoringSSL version found, ro.build.version.release=13
tls_2024/04/14 03:39:17 EBPFProbeOPENSSL HOOK type: 2, binrayPath: /apex/com.android.conscrypt/lib64/libssl.so
tls_2024/04/14 03:39:17 EBPFProbeOPENSSL PcapFilter:
tls_2024/04/14 03:39:17 EBPFProbeOPENSSL Ifname: wlan0, Ifindex: 16
tls_2024/04/14 03:39:17 EBPFProbeOPENSSL Hook masterKey function: [SSL_in_init]
tls_2024/04/14 03:39:17 EBPFProbeOPENSSL target PID:6310
tls_2024/04/14 03:39:17 EBPFProbeOPENSSL target all users.
tls_2024/04/14 03:39:17 EBPFProbeOPENSSL BPF bytecode filename:user/bytecode/boringssl_a_13_kern.o
tls_2024/04/14 03:39:17 EBPFProbeOPENSSL saving pcapng file: /data/local/tmp/111.pcapng
tls_2024/04/14 03:39:17 EBPFProbeOPENSSL perfEventReader created. mapSize:4 MB
tls_2024/04/14 03:39:17 EBPFProbeOPENSSL perfEventReader created. mapSize:4 MB
tls_2024/04/14 03:39:17 EBPFProbeOPENSSL module started successfully.
tls_2024/04/14 03:39:17 ECAPTURE :: start 1 modules
tls_2024/04/14 03:39:19 EBPFProbeOPENSSL save pcapng success, count:1401
tls_2024/04/14 03:39:21 EBPFProbeOPENSSL TLS1_2_VERSION: save CLIENT_RANDOM 1b10c325e39102d4f61cdce3fc53d72f0edac451653678ec7bdead64c3d7c391 to file success, 176 bytes
tls_2024/04/14 03:39:21 EBPFProbeOPENSSL TLS1_2_VERSION: save CLIENT_RANDOM aada68773b012ddaba702e1fdfc61e099b1a18df0aaae71da286503143af41a3 to file success, 176 bytes
tls_2024/04/14 03:39:23 EBPFProbeOPENSSL save pcapng success, count:415
tls_2024/04/14 03:39:25 EBPFProbeOPENSSL save pcapng success, count:4
tls_2024/04/14 03:39:43 EBPFProbeOPENSSL save pcapng success, count:1
tls_2024/04/14 03:39:45 EBPFProbeOPENSSL save pcapng success, count:1
^Ctls_2024/04/14 03:39:55 EBPFProbeOPENSSL close.
tls_2024/04/14 03:39:55 EBPFProbeOPENSSL save 1822 packets into pcapng file.
tls_2024/04/14 03:39:55 EBPFProbeOPENSSL close
emu64a:/data/local/tmp # ps -ef|grep coolapk
u0_a172 6310 372 13 06:06:12 ? 00:43:49 com.coolapk.market
u0_a172 6336 6310 1 06:06:12 ? 00:02:44 com.coolapk.market
u0_a172 7055 372 0 06:06:23 ? 00:01:27 com.coolapk.market:xg_vip_service
u0_a172 7081 7055 0 06:06:23 ? 00:01:16 com.coolapk.market:xg_vip_service
root 19807 7708 3 11:40:00 pts/0 00:00:00 grep coolapk
emu64a:/data/local/tmp #from ecapture.
cfc4n
commented on June 1, 2024
There is a possibility that the TLS handshake and key exchange are completed before eCapture runs, so eCapture cannot capture the key.
Make sure eCapture is running before the program, like start ecapture first, without specifying the PID parameter, then start the process.
from ecapture.
Related Issues (20)
- ecapture 0.7.6依旧无法抓取docker pull的完全URL HOT 8
- gotls: hook dockerd fail HOT 1
- gojue/ebpfmanager dependency with an AGPL license HOT 3
- In v0.7.6, the gotls module works exceptionally in pie mode on x64 platform. HOT 3
- module run failed, [skip it]. error:EBPFProbeOPENSSL couldn't find asset open user/bytecode: file does not exist HOT 5
- SSL_in_before hook点在openssl 1.0.2k的系统上找不到符号表 HOT 4
- 执行时报Permission denied HOT 4
- 数据抓不全的问题 HOT 8
- 获取https request response header+ body HOT 5
- BoringSSL is not supported on linux HOT 4
- Keylog capture not working with OpenSSL 1.1.0 HOT 3
- support updated versions of OpenSSL such as 1.1.1u, v, w, etc.
- masterKey被多次写入pcapng文件中 HOT 3
- load bpf failed on kernel 4.18.0
- android version compilation has failed. HOT 1
- gotls shared object not supported HOT 11
- FTL module run failed, skip it. error="couldn't init manager xxx error:program probe_entry_SSL_read HOT 3
- unsupported arch library HOT 2
- ecapture cannot work on linux with boringssl HOT 9
- panic on pixel 6 pro(android13) HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ecapture.