eCapture v0.4.7

Breaking Changes

add --ssl_version flag to set the SSL library version
supported ssl libraries version lists:

• openssl 1.1.1* , (1.1.1a - 1.1.1r)
• openssl 3.0.* , (3.0.0 - 3.0.6)
• boringssl 1.1.1

ecapture tls
ecapture tls --hex --pid=3423
ecapture tls -l save.log --pid=3423
ecapture tls --libssl=/lib/x86_64-linux-gnu/libssl.so.1.1
ecapture tls -w save_3_0_5.pcapng --ssl_version="openssl 3.0.5" --libssl=/lib/x86_64-linux-gnu/libssl.so.3 
ecapture tls -w save_android.pcapng -i wlan0 --libssl=/apex/com.android.conscrypt/lib64/libssl.so --ssl_version="boringssl 1.1.1" --port 443

What's Changed

• support all Openssl 1.1.1x version by @cfc4n in #236
• feat: automate openssl offset header file generation by @blaisewang in #241
• feat: unify boringssl-offset.c by @blaisewang in #242
• feat : support openssl 3.0 by @cfc4n in #244
• improving readability... by @cfc4n in #246
• user/module: set --ssl_version flag ToLower(). by @cfc4n in #247

Full Changelog: v0.4.6...v0.4.7

eCapture v0.4.6

What's Changed

• user/module : compatiable Linux kernel less or more than 5.2 by @cfc4n in #238

Full Changelog: v0.4.5...v0.4.6

eCapture v0.4.5

What's Changed

• kern: capture master secrets for tls 1.3 by @cfc4n in #232

Full Changelog: v0.4.4...v0.4.5

eCapture v0.4.4

What's Changed

• docs: add cfc4n as a contributor for infra, test, code by @allcontributors in #196
• docs: add blaisewang as a contributor for code by @allcontributors in #205
• docs: add chriskaliX as a contributor for code by @allcontributors in #206
• docs: add yindex as a contributor for code by @allcontributors in #207
• docs: add xujiajiadexiaokeai as a contributor for code by @allcontributors in #208
• feat: add support TLSv1.3 decryption by @blaisewang in #209
• user/module : hex model output. by @cfc4n in #220
• user/module : use const for SSL masterKey function hook. by @cfc4n in #217
• kern: rodata map not supported on kernel 4.19 or older by @cfc4n in #223
• kern: http2 response packet decode failed. by @cfc4n in #225

New Contributors

• @allcontributors made their first contribution in #196

Full Changelog: v0.4.3...v0.4.4

eCapture v0.4.3

What's Changed

• fix: use cipher id to derive secret by @blaisewang in #192
• kern: get ssl_session in the *SSL_get_session() order . by @cfc4n in #193

Full Changelog: v0.4.2...v0.4.3

Warning

ecapture-v0.4.3-android-aarch64_nocore.tar.gz build on kernel 5.4 .using it means binary compatibility for can't be guaranteed.

eCapture v0.4.2 release (Linux x86_64/aarch64, Android kernel 5.5+).

What's Changed

• refactor user package. by @cfc4n in #183
• pkg/event_processor: DefaultParser init(). by @cfc4n in #186
• Fix: correct ssl_st member offsets by @blaisewang in #184
• Boringssl decrypt failed by @cfc4n in #188

Full Changelog: v0.4.1...v0.4.2

eCapture v0.4.1 release (Linux x86_64/aarch64, Android kernel 5.5+).

What's Changed

• kern : define variable target_port always. by @cfc4n in #157
• workflows : build nocore version for Android default. by @cfc4n in #159
• pkg : Ifname default value. by @cfc4n in #161
• user : skip loopback network interface by @cfc4n in #163
• user : tls models exit gracefully. by @cfc4n in #165
• git: ignore .check* files by @blaisewang in #168
• pkg : fix config file parse failed, when as gzip format. by @cfc4n in #169
• fix gzip read err by @4ft35t in #175
• pkg/util/ebpf : add unit testing for kernel CONFIG reader by @cfc4n in #176
• user : fix incorrect TimeStamp by @cfc4n in #179
• cli/cmd : print version info by @cfc4n in #177
• kern : support boringssl offset for Android 12. by @cfc4n in #181

New Contributors

• @blaisewang made their first contribution in #168
• @4ft35t made their first contribution in #175

Full Changelog: v0.4.0...v0.4.1

eCapture v0.4.0 release (Linux x86_64/aarch64, Android kernel 5.5+).

Note

Support Wireshark to open directly. Do not need to setting up Master Secrets files.

Capture raw packet by Traffic Control eBPF filter. Added Master Secrets information into pcapng
with Decryption Secrets Block (DSB).

Warning

change loggerFile flag as -l from -w , because -w is reserved for Wireshark, and keep same as -w
for tcpdump. use ecapture -h for help.
change master secrets filename from ecapture_masterkey_[pid].log to ecapture_masterkey.log.

What's Changed

• new feature: capture TLS 1.3 master secret by @cfc4n in #143
• user : echo String() or StringHex() by CLI argument. by @cfc4n in #149
• cli/cmd : clean up all probe while process exit. (#150) by @cfc4n in #151
• save as Pcapng files #145 by @cfc4n in #148
• user : Support writing pcapng files with Decryption Secrets Block (DSB). by @cfc4n in #153

Full Changelog: v0.3.0...v0.4.0

eCapture v0.3.0 release (Linux x86_64/aarch64, Android kernel 5.5+).

Breaking Changes

Capture TLS master_key ,save to file. Support openssl 1.1.1.X . TLS 1.2 .

Quick Guide:

• use ecapture to capture TLS master_key, will save master secret to ecapture_masterkey_[pid].log.
• use tcpdump to capture and save packets to xxx.pcapng file.
• open xxx.pcapng file with wireshark.
• Setting : Wireshark --> Preferences --> Protocols --> TLS --> (Pre)-Master-Secret log filename, select ecapture_masterkey_[pid].log.
• Using : right click packet item, select follow -> HTTP Stream / HTTP/2 Stream

What's Changed

• all : refactor event_processor EventType. by @cfc4n in #134
• fixed #138 : You have an error in your yaml syntax on line 79 by @cfc4n in #139
• New feature: capture openssl masterkey #27 by @cfc4n in #140

Full Changelog: v0.2.2...v0.3.0

eCapture v0.2.2 release (Linux x86_64/aarch64, Android kernel 5.5+).

What's Changed

• workflows: build failed on aarch 64 ubuntu : 'linux/kconfig.h' file not found #125 by @cfc4n in #126
• Makefile shell running,with a unexcepted result: lost DKERNEL_LESS_5_2 on kernel 4.15 #129 by @cfc4n in #132
• ebpf: remove detection of BPF config when running at container #127 by @cfc4n in #128

Full Changelog: v0.2.1...v0.2.2