Skip to content

eCapture v0.7.0
Compare
Choose a tag to compare
@github-actions github-actions released this 02 Dec 16:53
· 218 commits to master since this release
v0.7.0
2fbdf3f
This commit was signed with the committer’s verified signature.
cfc4n CFC4N
GPG key ID: 9E230A4A9C871244
Learn about vigilant mode.

🚀 Breaking Changes

  • Split nss/gnutls/openssl into three separate submodules. Corresponding to the ./ecapture nss, ./ecapture gnutls, ecapture tls commands.
  • Support keylog mode, equivalent to the functionality of the SSLKEYLOGFILE environment variable. Captures SSL/TLS communication keys directly without the need for changes in the target process.
  • Refactor the mode parameters supported by the openssl(aka tls) module using the -mparameter, with values text, pcap,keylog.
    • pcap mode: Set with -m pcap or -m pcapng parameters. When using this mode, it is necessary to specify --pcapfile and -i parameters. The default value for the --pcapfile parameter is ecapture_openssl.pcapng.
    • keylog mode: Set with -m keylog or -m key parameters. When using this mode, it is necessary to specify --keylogfile, defaulting to ecapture_masterkey.log.
    • text mode: Default mode when -m parameter is unspecified. Outputs all plaintext packets in text form. (As of v0.7.0, no longer captures communication keys, please use keylog mode instead.)
  • Refactor the mode parameters supported by the gotls module, similar to the openssl module, without further details.
  • Optimize the memory size of eBPF Map, specify with the --mapsize parameter, defaulting to 5120 KB.
  • Remove the -w parameter, use --pcapfile parameter instead.
  • Change log-addr parameter to logaddr, with unchanged functionality.

Thanks to the genius idea from @blaisewang.

  • 将nss/gnutls/openssl拆分为独立的三个子模块。分别对应./ecapture nss./ecapture gnutlsecapture tls三个子命令。
  • 支持keylog模式,等同于SSLKEYLOGFILE环境变量的功能,无需目标进程改动,直接捕获SSL/TLS通信密钥。
  • 重构openssl(aka tls)模块支持的模式参数,使用-m参数指定,分别为text,pcap,keylog三个值。
    • pcap模式:-m pcap-m pcapng参数来设定。当使用本模式时,必需指定--pcapfile-i这两个参数才能使用。 其中--pcapfile参数的默认值为ecapture_openssl.pcapng
    • keylog模式:-m keylog-m key参数来设定。当使用本模式时,必需指定--keylogfile,默认为ecapture_masterkey.log
    • text模式:-m参数不指定时,默认为本模式。将以文本形式输出所有的明文数据包。(自v0.7.0起,不再捕获通讯密钥,请使用keylog模式代替)
  • 重构gotls模块支持的模式参数,与openssl模块一样,不再赘述。
  • 优化eBPF Map的内存大小,使用--mapsize参数指定,默认为5120 KB。
  • 移除-w参数,请使用--pcapfile参数代替。
  • 更改log-addr参数为logaddr,功能含义不变。

感谢 @blaisewang 的天才思路。

What's Changed

  • ignore connect symbol cant found. by @cfc4n in #431
  • Add support for stripped go binaries by @h0x0er in #426
  • splitting gnutls/nss module from tls module lists. by @cfc4n in #434
  • user: custom mapSize flag. improve memory usage #433 . by @cfc4n in #435
  • add the model flag to distinguish the captured modes, support keylog captured. by @cfc4n in #436

Full Changelog: v0.6.6...v0.7.0

Contributors

cfc4n, blaisewang, and h0x0er
Assets 8
Loading