ecapture icon indicating copy to clipboard operation
ecapture copied to clipboard

Published 20 hours ago verified publisher icon gojue

Can't capture the package of VSCode

Open old-kai opened this issue 5 months ago • 4 comments

Hi there, i want to capture the package of VSCode in Ubuntu 20, I try pldd to find the library:

sudo pldd 140319 |grep -E "tls|ssl|nss|nspr"

the result is:

/lib/x86_64-linux-gnu/libnss3.so
/lib/x86_64-linux-gnu/libnssutil3.so
/lib/x86_64-linux-gnu/libnspr4.so
/lib/x86_64-linux-gnu/nss/libsoftokn3.so
/lib/x86_64-linux-gnu/nss/libfreeblpriv3.so
/lib/x86_64-linux-gnu/nss/libnssckbi.so

then the command as follows:

sudo ./ecapture nss --nspr=/lib/x86_64-linux-gnu/libnspr4.so

2024-09-25T15:30:22+08:00 INF AppName="eCapture(旁观者)"
2024-09-25T15:30:22+08:00 INF HomePage=https://ecapture.cc
2024-09-25T15:30:22+08:00 INF Repository=https://github.com/gojue/ecapture
2024-09-25T15:30:22+08:00 INF Author="CFC4N <[email protected]>"
2024-09-25T15:30:22+08:00 INF Description="Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64."
2024-09-25T15:30:22+08:00 INF Version=linux_amd64:v0.8.6:6.5.0-1025-azure
2024-09-25T15:30:22+08:00 INF Listen=localhost:28256
2024-09-25T15:30:22+08:00 INF eCapture running logs logger=
2024-09-25T15:30:22+08:00 INF the file handler that receives the captured event eventCollector=
2024-09-25T15:30:22+08:00 WRN ========== module starting. ==========
2024-09-25T15:30:22+08:00 INF listen=localhost:28256
2024-09-25T15:30:22+08:00 INF https server starting...You can update the configuration file via the HTTP interface.
2024-09-25T15:30:22+08:00 INF Kernel Info=5.15.163 Pid=152560
2024-09-25T15:30:22+08:00 INF BTF bytecode mode: CORE. btfMode=0
2024-09-25T15:30:22+08:00 INF module initialization. isReload=false moduleName=EBPFProbeNSPR
2024-09-25T15:30:22+08:00 INF Module.Run()
2024-09-25T15:30:22+08:00 INF BPF bytecode file is matched. bpfFileName=user/bytecode/nspr_kern_core.o
2024-09-25T15:30:22+08:00 INF HOOK type:nspr elf ElfType=2 binrayPath=/lib/x86_64-linux-gnu/libnspr4.so
2024-09-25T15:30:22+08:00 INF target all process.
2024-09-25T15:30:22+08:00 INF target all users.
2024-09-25T15:30:22+08:00 INF perfEventReader created mapSize(MB)=4
2024-09-25T15:30:22+08:00 INF module started successfully. isReload=false moduleName=EBPFProbeNSPR

But i can't get any message when i ues VSCode, did i get the wrong library? Or is there any way to help me find the right library or module? Looking forward to your reply, thanks a lot

old-kai avatar Sep 25 '24 07:09 old-kai