eCapture v0.7.3

What's Changed

• makefile: Optimize the feature list for the Android version by @cfc4n in #457
• user: support event processor by @cfc4n in #462
• chore: remove refs to deprecated io/ioutil by @testwill in #465
• user: fix concurrent map read and map write #467 by @cfc4n in #468
• utils: support openssl 3.1.0-3.1.4 and 3.0.9-3.0.12 by @cfc4n in #469
• user: imporve dynamic link library path loading logic on aarch64 ubuntu by @cfc4n in #470
• user: imporve #463, impact on the performance of the tested program by @cfc4n in #471
• kern: support openssl 3.2.x , change ssl_st to ssl_connection_st by @cfc4n in #472

New Contributors

• @testwill made their first contribution in #465

Full Changelog: v0.7.2...v0.7.3

eCapture v0.7.2

What's Changed

• user: improve pcapng writer, flush every 2s. by @cfc4n in #455
• builder: add debian package build script. by @cfc4n in #456

Full Changelog: v0.7.1...v0.7.2

eCapture v0.7.1

What's Changed

• cli: reduce mapsize to 1024 * PAGESIZE. by @cfc4n in #440
• Add optimization in openssl detection logic to consume less memory by @h0x0er in #438
• cli: fix nss module panic by @mannkafai in #444
• build(deps): bump golang.org/x/crypto from 0.14.0 to 0.17.0 by @dependabot in #448
• pkg: support android on docker(redroid). by @cfc4n in #453

New Contributors

• @mannkafai made their first contribution in #444

Full Changelog: v0.7.0...v0.7.1

eCapture v0.7.0

🚀 Breaking Changes

• Split nss/gnutls/openssl into three separate submodules. Corresponding to the ./ecapture nss, ./ecapture gnutls, ecapture tls commands.
• Support keylog mode, equivalent to the functionality of the SSLKEYLOGFILE environment variable. Captures SSL/TLS communication keys directly without the need for changes in the target process.
• Refactor the mode parameters supported by the openssl(aka tls) module using the -mparameter, with values text, pcap,keylog.
  • pcap mode: Set with -m pcap or -m pcapng parameters. When using this mode, it is necessary to specify --pcapfile and -i parameters. The default value for the --pcapfile parameter is ecapture_openssl.pcapng.
  • keylog mode: Set with -m keylog or -m key parameters. When using this mode, it is necessary to specify --keylogfile, defaulting to ecapture_masterkey.log.
  • text mode: Default mode when -m parameter is unspecified. Outputs all plaintext packets in text form. (As of v0.7.0, no longer captures communication keys, please use keylog mode instead.)
• Refactor the mode parameters supported by the gotls module, similar to the openssl module, without further details.
• Optimize the memory size of eBPF Map, specify with the --mapsize parameter, defaulting to 5120 KB.
• Remove the -w parameter, use --pcapfile parameter instead.
• Change log-addr parameter to logaddr, with unchanged functionality.

Thanks to the genius idea from @blaisewang.

---

• 将nss/gnutls/openssl拆分为独立的三个子模块。分别对应./ecapture nss、./ecapture gnutls、ecapture tls三个子命令。
• 支持keylog模式，等同于SSLKEYLOGFILE环境变量的功能，无需目标进程改动，直接捕获SSL/TLS通信密钥。
• 重构openssl(aka tls)模块支持的模式参数，使用-m参数指定，分别为text,pcap,keylog三个值。
  • pcap模式：-m pcap或-m pcapng参数来设定。当使用本模式时，必需指定--pcapfile、-i这两个参数才能使用。 其中--pcapfile参数的默认值为ecapture_openssl.pcapng。
  • keylog模式：-m keylog或-m key参数来设定。当使用本模式时，必需指定--keylogfile，默认为ecapture_masterkey.log。
  • text模式：-m参数不指定时，默认为本模式。将以文本形式输出所有的明文数据包。（自v0.7.0起，不再捕获通讯密钥，请使用keylog模式代替）
• 重构gotls模块支持的模式参数，与openssl模块一样，不再赘述。
• 优化eBPF Map的内存大小，使用--mapsize参数指定，默认为5120 KB。
• 移除-w参数，请使用--pcapfile参数代替。
• 更改log-addr参数为logaddr，功能含义不变。

感谢 @blaisewang 的天才思路。

What's Changed

• ignore connect symbol cant found. by @cfc4n in #431
• Add support for stripped go binaries by @h0x0er in #426
• splitting gnutls/nss module from tls module lists. by @cfc4n in #434
• user: custom mapSize flag. improve memory usage #433 . by @cfc4n in #435
• add the model flag to distinguish the captured modes, support keylog captured. by @cfc4n in #436

Full Changelog: v0.6.6...v0.7.0

eCapture v0.6.6

What's Changed

• add ubunutu23.04 aarch64 clang-15 into init_env.sh by @BiteFoo in #413
• Decode kernel time to user time by @h0x0er in #418
• Fix : openssl event output invalid with hex mode by @cfc4n in #421
• user : Set the connect hook as an optional parameter. by @cfc4n in #423

New Contributors

• @BiteFoo made their first contribution in #413
• @h0x0er made their first contribution in #418

Full Changelog: v0.6.5...v0.6.6

eCapture v0.6.5

What's Changed

• supports all ports when target_port is set to 0. by @cfc4n in #409
• support for the boringssl library on Android 12\13\14. by @cfc4n in #410
• update golang version to 1.21 from 1.18 by @cfc4n in #412
• 支持所有端口的网络数据捕获(target_port为0时) by @cfc4n in #409
• 在Android 12\13\14上，支持borlingssl类库的明文捕获 by @cfc4n in #410
• 更新Golang类库到1.21，cilium/ebpf类库到0.12.3 by @cfc4n in #412

Full Changelog: v0.6.4...v0.6.5

eCapture v0.6.4

What's Changed

• bugfix: Hook the ssl_set_fd function to get FD. by @cfc4n in #399
• build(deps): bump golang.org/x/net from 0.7.0 to 0.17.0 by @dependabot in #402
• refactor : Shared Object (so) path load logic by @cfc4n in #401
• improve: add missing eBPF maps parameters. by @cfc4n in #405

Full Changelog: v0.6.3...v0.6.4

eCapture v0.6.3

What's Changed

• fix : out of silice range. by @cfc4n in #398

Full Changelog: v0.6.2...v0.6.3

eCapture v0.6.2

What's Changed

• openssl module: add some prompts when the kernel is less than 5.2 by @cfc4n in #387
• refactor: removal of deprecated flag support. by @cfc4n in #388
• Revert ip address by @cfc4n in #391
• fix : OpenSSL's file descriptor is always 0 by @cfc4n in #393

Full Changelog: v0.6.1...v0.6.2

eCapture v0.6.1

What's Changed

• fix #378 , error: use of undeclared identifier 'KBUILD_MODNAME' by @cfc4n in #379
• feat:add openssl 1.1.1u and 3.0.9 by @cfc4n in #380

Full Changelog: v0.6.0...v0.6.1