Comments (3)
换 non-CO-RE版本 : https://github.com/gojue/ecapture/releases/download/v0.7.0/ecapture-v0.7.0-android-aarch64-nocore.tar.gz
from ecapture.
# / cd /storage/emulated/0/ecapture; sh /storage/emulated/0/ecapture/run.sh; exit &>/dev/null
tls_2023/12/21 22:34:22 ECAPTURE :: ecapture Version : androidgki_aarch64:0.7.0-20231203-2fbdf3f:5.4.0-155-generic
tls_2023/12/21 22:34:22 ECAPTURE :: Pid Info : 28169
tls_2023/12/21 22:34:22 ECAPTURE :: Kernel Info : 5.10.200
tls_2023/12/21 22:34:22 EBPFProbeOPENSSL module initialization
tls_2023/12/21 22:34:22 EBPFProbeOPENSSL master key keylogger:
tls_2023/12/21 22:34:22 ECAPTURE :: Module.Run()
tls_2023/12/21 22:34:22 EBPFProbeOPENSSL Text MODEL
tls_2023/12/21 22:34:22 EBPFProbeOPENSSL OpenSSL/BoringSSL version found, ro.build.version.release=13
tls_2023/12/21 22:34:22 EBPFProbeOPENSSL HOOK type:2, binrayPath:/apex/com.android.conscrypt/lib64/libssl.so
tls_2023/12/21 22:34:22 EBPFProbeOPENSSL Hook masterKey function:SSL_in_init
tls_2023/12/21 22:34:22 EBPFProbeOPENSSL libPthread:/apex/com.android.runtime/lib64/bionic/libc.so
tls_2023/12/21 22:34:22 EBPFProbeOPENSSL target all process.
tls_2023/12/21 22:34:22 EBPFProbeOPENSSL target all users.
tls_2023/12/21 22:34:22 EBPFProbeOPENSSL BPF bytecode filename:user/bytecode/boringssl_a_13_kern.o
tls_2023/12/21 22:34:22 EBPFProbeOPENSSL perfEventReader created. mapSize:20 MB
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x28 pc=0x2b4d80]
goroutine 1 [running]:
github.com/cilium/ebpf/perf.NewReaderWithOptions(0x40003b25a0, 0x1400000, {0x118fb00?, 0xd8?})
/home/ubuntu/go/pkg/mod/github.com/cilium/[email protected]/perf/reader.go:234 +0x270
github.com/cilium/ebpf/perf.NewReader(...)
/home/ubuntu/go/pkg/mod/github.com/cilium/[email protected]/perf/reader.go:187
ecapture/user/module.(*Module).perfEventReader(0x400013e580, 0x40005f0000, 0x40003b25a0)
/home/ubuntu/project/ecapture/user/module/imodule.go:193 +0x140
ecapture/user/module.(*Module).readEvents(0x400013e580)
/home/ubuntu/project/ecapture/user/module/imodule.go:181 +0xfc
ecapture/user/module.(*Module).Run(0x400013e580)
/home/ubuntu/project/ecapture/user/module/imodule.go:140 +0x100
ecapture/cli/cmd.openSSLCommandFunc(0x4000172a00?, {0x52d3c8?, 0x4?, 0x52d324?})
/home/ubuntu/project/ecapture/cli/cmd/tls.go:131 +0x680
github.com/spf13/cobra.(*Command).execute(0xc1d4c0, {0x118e2c0, 0x0, 0x0})
/home/ubuntu/go/pkg/mod/github.com/spf13/[email protected]/command.go:860 +0x53c
github.com/spf13/cobra.(*Command).ExecuteC(0xc1d240)
/home/ubuntu/go/pkg/mod/github.com/spf13/[email protected]/command.go:974 +0x318
github.com/spf13/cobra.(*Command).Execute(...)
/home/ubuntu/go/pkg/mod/github.com/spf13/[email protected]/command.go:902
ecapture/cli/cmd.Execute()
/home/ubuntu/project/ecapture/cli/cmd/root.go:75 +0x108
ecapture/cli.Start(...)
/home/ubuntu/project/ecapture/cli/main.go:22
main.main()
/home/ubuntu/project/ecapture/main.go:73 +0x1c0
run.sh是自己写的sh文件
cd /data/media/0/ecapture
./ecapture tls
这样有什么问题
from ecapture.
请先使用这个命令代替,未来将在 cilium/ebpf#1281 中修复崩溃bug。
Please use this command instead, the crash bug will be fixed in cilium/ebpf#1281 in the future.
./ecapture tls --mapsize=256
from ecapture.
Related Issues (20)
- ecapture 0.7.6依旧无法抓取docker pull的完全URL HOT 8
- gotls: hook dockerd fail HOT 1
- gojue/ebpfmanager dependency with an AGPL license HOT 3
- In v0.7.6, the gotls module works exceptionally in pie mode on x64 platform. HOT 3
- module run failed, [skip it]. error:EBPFProbeOPENSSL couldn't find asset open user/bytecode: file does not exist HOT 5
- SSL_in_before hook点在openssl 1.0.2k的系统上找不到符号表 HOT 4
- 执行时报Permission denied HOT 4
- 数据抓不全的问题 HOT 8
- 获取https request response header+ body HOT 5
- BoringSSL is not supported on linux HOT 4
- Keylog capture not working with OpenSSL 1.1.0 HOT 3
- support updated versions of OpenSSL such as 1.1.1u, v, w, etc.
- masterKey被多次写入pcapng文件中 HOT 3
- load bpf failed on kernel 4.18.0
- android version compilation has failed. HOT 1
- gotls shared object not supported HOT 11
- FTL module run failed, skip it. error="couldn't init manager xxx error:program probe_entry_SSL_read HOT 3
- unsupported arch library HOT 2
- ecapture cannot work on linux with boringssl HOT 9
- panic on pixel 6 pro(android13) HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ecapture.