CFC4N
你可以自己编译一个DEBUG版本的,再查看一下系统的日志。 ```shell # 编译 DEBUG=1 ANDROID=1 make nocore # 查看ebpf 调试日志 echo 1 > /sys/kernel/tracing/tracing_on cat /sys/kernel/tracing/trace_pipe ```
Long time no response, closed
HTTP request header都看到了,已经是非加密的内容了。 只是http层面被zip压缩了。 你可以使用`pcapng`模式。 还有,贴日志信息时,最好补个文本的,有时候图片加载不了。
我本地做了测试,无法重现这个问题。是哪里不对吗? ```shell 2024-09-28T01:30:15Z INF AppName="eCapture(旁观者)" 2024-09-28T01:30:15Z INF HomePage=https://ecapture.cc 2024-09-28T01:30:15Z INF Repository=https://github.com/gojue/ecapture 2024-09-28T01:30:15Z INF Author="CFC4N " 2024-09-28T01:30:15Z INF Description="Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels...
Public clouds rarely provide 20.10 images, and I can't quickly build an environment. Can you provide an SSH account? If yes, please send it to my email. > 📧 :...
Does it happen on ubuntu 20.04?
Sorry, the error cannot be reproduced according to the above steps, and other errors were reported. ```shell wget https://localhost --2025-03-21 23:30:29-- https://localhost/ Resolving localhost (localhost)... 127.0.0.1 Connecting to localhost (localhost)|127.0.0.1|:443......
> I tried to configure the correct SSL certificate, but it still failed. The SSL certificate configuration for apache2 is too complicated, and I don't have enough energy to support...
感谢分析,@SunJal 你认为在apache的场景里,最合适的HOOK函数是哪个?
我今天看了OpenSSL的代码,发现`SSL_get_verify_result`函数并不是一个通用的,被调用的函数。 而且这函数跟TLS连接是否建立完成,并没有特别强的关系。我认为这个HOOK这个函数,并不能完美解决这个issue