Ecapture Versions Save

Full Changelog: https://github.com/gojue/ecapture/compare/v0.7.7...v0.7.7

What's Changed

• [Fix] get textStart from pclnTable by @wlingze in https://github.com/gojue/ecapture/pull/516
• fix: amd64, offset read error issue for PIE executable. PR #516 by @cfc4n in https://github.com/gojue/ecapture/pull/517
• makefile: used CC=$(CROSS_COMPILE)gcc for CGO compile. by @cfc4n in https://github.com/gojue/ecapture/pull/519
• user: return error when detect openssl version failed. by @cfc4n in https://github.com/gojue/ecapture/pull/521
• user : fixed the invalid address reference of the SSL_in_before symbol OpenSSL 1.0.2k. by @cfc4n in https://github.com/gojue/ecapture/pull/520
• feat: support cross-compilation for workflows. by @cfc4n in https://github.com/gojue/ecapture/pull/523
• readme: improve English README.md translation and add TOCs by @zhoukuncheng in https://github.com/gojue/ecapture/pull/525
• build(deps): bump golang.org/x/net from 0.17.0 to 0.23.0 by @dependabot in https://github.com/gojue/ecapture/pull/528

New Contributors

• @wlingze made their first contribution in https://github.com/gojue/ecapture/pull/516
• @zhoukuncheng made their first contribution in https://github.com/gojue/ecapture/pull/525

Full Changelog: https://github.com/gojue/ecapture/compare/v0.7.6...v0.7.7

What's Changed

• fix #500 to avoid potential hang and event loss by @ruitianzhong in https://github.com/gojue/ecapture/pull/501
• fix issue#504 by @sancppp in https://github.com/gojue/ecapture/pull/506
• tentative fix to address bash problem #490 by @ruitianzhong in https://github.com/gojue/ecapture/pull/510
• Fix cant found RET offset in gotls mode. fix #502. by @cfc4n in https://github.com/gojue/ecapture/pull/512

Full Changelog: https://github.com/gojue/ecapture/compare/v0.7.5...v0.7.6

What's Changed

• Improve makefile by @cfc4n in https://github.com/gojue/ecapture/pull/488
• Fix: init GoTLSProbe.tcPacketsChan #492 by @ruitianzhong in https://github.com/gojue/ecapture/pull/493
• fix: avoid printing confusing message when input contains special character by @ruitianzhong in https://github.com/gojue/ecapture/pull/495
• correctly update ContentLength for uncompressed response body by @ruitianzhong in https://github.com/gojue/ecapture/pull/498
• add -race flags for go test and fix data race warning by @ruitianzhong in https://github.com/gojue/ecapture/pull/499
• openssl: encode the value of fd (ssl->wbio->num) to gen uuid, rather than an unexpected random number by @wuyexkx in https://github.com/gojue/ecapture/pull/494

New Contributors

• @ruitianzhong made their first contribution in https://github.com/gojue/ecapture/pull/493
• @wuyexkx made their first contribution in https://github.com/gojue/ecapture/pull/494

Full Changelog: https://github.com/gojue/ecapture/compare/v0.7.4...v0.7.5

🚀 Breaking Changes

eCapture supports Pcap Filter Syntax, and you can use the pcap filter expression to filter network packets like tcpdump.

In the tls\gotls module, when the running mode is pcap, the pcap filter expression is supported, which can be set in the last parameter of the command line, for example:

ecapture tls -m pcap -i wlan0 -w save.pcapng host 192.168.1.1 and tcp port 443

What's Changed

• Update probe_bash.go by @sancppp in https://github.com/gojue/ecapture/pull/479
• docs: Optimized the error message in the gotls module.(fix: #482) by @cfc4n in https://github.com/gojue/ecapture/pull/484
• feat: Support pcap-filter expression for pcap mode by @Asphaltt in https://github.com/gojue/ecapture/pull/478
• chore: Pcap filter tidy,support ubuntu arm64 to make libpcap by @cfc4n in https://github.com/gojue/ecapture/pull/487

New Contributors

• @sancppp made their first contribution in https://github.com/gojue/ecapture/pull/479
• @Asphaltt made their first contribution in https://github.com/gojue/ecapture/pull/478

Full Changelog: https://github.com/gojue/ecapture/compare/v0.7.3...v0.7.4

What's Changed

• makefile: Optimize the feature list for the Android version by @cfc4n in https://github.com/gojue/ecapture/pull/457
• user: support event processor by @cfc4n in https://github.com/gojue/ecapture/pull/462
• chore: remove refs to deprecated io/ioutil by @testwill in https://github.com/gojue/ecapture/pull/465
• user: fix concurrent map read and map write #467 by @cfc4n in https://github.com/gojue/ecapture/pull/468
• utils: support openssl 3.1.0-3.1.4 and 3.0.9-3.0.12 by @cfc4n in https://github.com/gojue/ecapture/pull/469
• user: imporve dynamic link library path loading logic on aarch64 ubuntu by @cfc4n in https://github.com/gojue/ecapture/pull/470
• user: imporve #463, impact on the performance of the tested program by @cfc4n in https://github.com/gojue/ecapture/pull/471
• kern: support openssl 3.2.x , change ssl_st to ssl_connection_st by @cfc4n in https://github.com/gojue/ecapture/pull/472

New Contributors

• @testwill made their first contribution in https://github.com/gojue/ecapture/pull/465

Full Changelog: https://github.com/gojue/ecapture/compare/v0.7.2...v0.7.3

What's Changed

• user: improve pcapng writer, flush every 2s. by @cfc4n in https://github.com/gojue/ecapture/pull/455
• builder: add debian package build script. by @cfc4n in https://github.com/gojue/ecapture/pull/456

Full Changelog: https://github.com/gojue/ecapture/compare/v0.7.1...v0.7.2

What's Changed

• cli: reduce mapsize to 1024 * PAGESIZE. by @cfc4n in https://github.com/gojue/ecapture/pull/440
• Add optimization in openssl detection logic to consume less memory by @h0x0er in https://github.com/gojue/ecapture/pull/438
• cli: fix nss module panic by @mannkafai in https://github.com/gojue/ecapture/pull/444
• build(deps): bump golang.org/x/crypto from 0.14.0 to 0.17.0 by @dependabot in https://github.com/gojue/ecapture/pull/448
• pkg: support android on docker(redroid). by @cfc4n in https://github.com/gojue/ecapture/pull/453

New Contributors

• @mannkafai made their first contribution in https://github.com/gojue/ecapture/pull/444

Full Changelog: https://github.com/gojue/ecapture/compare/v0.7.0...v0.7.1

🚀 Breaking Changes

• Split nss/gnutls/openssl into three separate submodules. Corresponding to the ./ecapture nss, ./ecapture gnutls, ecapture tls commands.
• Support keylog mode, equivalent to the functionality of the SSLKEYLOGFILE environment variable. Captures SSL/TLS communication keys directly without the need for changes in the target process.
• Refactor the mode parameters supported by the openssl(aka tls) module using the -mparameter, with values text, pcap,keylog.
  • pcap mode: Set with -m pcap or -m pcapng parameters. When using this mode, it is necessary to specify --pcapfile and -i parameters. The default value for the --pcapfile parameter is ecapture_openssl.pcapng.
  • keylog mode: Set with -m keylog or -m key parameters. When using this mode, it is necessary to specify --keylogfile, defaulting to ecapture_masterkey.log.
  • text mode: Default mode when -m parameter is unspecified. Outputs all plaintext packets in text form. (As of v0.7.0, no longer captures communication keys, please use keylog mode instead.)
• Refactor the mode parameters supported by the gotls module, similar to the openssl module, without further details.
• Optimize the memory size of eBPF Map, specify with the --mapsize parameter, defaulting to 5120 KB.
• Remove the -w parameter, use --pcapfile parameter instead.
• Change log-addr parameter to logaddr, with unchanged functionality.

Thanks to the genius idea from @blaisewang.

• 将nss/gnutls/openssl拆分为独立的三个子模块。分别对应./ecapture nss、./ecapture gnutls、ecapture tls三个子命令。
• 支持keylog模式，等同于SSLKEYLOGFILE环境变量的功能，无需目标进程改动，直接捕获SSL/TLS通信密钥。
• 重构openssl(aka tls)模块支持的模式参数，使用-m参数指定，分别为text,pcap,keylog三个值。
  • pcap模式：-m pcap或-m pcapng参数来设定。当使用本模式时，必需指定--pcapfile、-i这两个参数才能使用。 其中--pcapfile参数的默认值为ecapture_openssl.pcapng。
  • keylog模式：-m keylog或-m key参数来设定。当使用本模式时，必需指定--keylogfile，默认为ecapture_masterkey.log。
  • text模式：-m参数不指定时，默认为本模式。将以文本形式输出所有的明文数据包。（自v0.7.0起，不再捕获通讯密钥，请使用keylog模式代替）
• 重构gotls模块支持的模式参数，与openssl模块一样，不再赘述。
• 优化eBPF Map的内存大小，使用--mapsize参数指定，默认为5120 KB。
• 移除-w参数，请使用--pcapfile参数代替。
• 更改log-addr参数为logaddr，功能含义不变。

感谢 @blaisewang 的天才思路。

What's Changed

• ignore connect symbol cant found. by @cfc4n in https://github.com/gojue/ecapture/pull/431
• Add support for stripped go binaries by @h0x0er in https://github.com/gojue/ecapture/pull/426
• splitting gnutls/nss module from tls module lists. by @cfc4n in https://github.com/gojue/ecapture/pull/434
• user: custom mapSize flag. improve memory usage #433 . by @cfc4n in https://github.com/gojue/ecapture/pull/435
• add the model flag to distinguish the captured modes, support keylog captured. by @cfc4n in https://github.com/gojue/ecapture/pull/436

Full Changelog: https://github.com/gojue/ecapture/compare/v0.6.6...v0.7.0

What's Changed

• add ubunutu23.04 aarch64 clang-15 into init_env.sh by @BiteFoo in https://github.com/gojue/ecapture/pull/413
• Decode kernel time to user time by @h0x0er in https://github.com/gojue/ecapture/pull/418
• Fix : openssl event output invalid with hex mode by @cfc4n in https://github.com/gojue/ecapture/pull/421
• user : Set the connect hook as an optional parameter. by @cfc4n in https://github.com/gojue/ecapture/pull/423

New Contributors

• @BiteFoo made their first contribution in https://github.com/gojue/ecapture/pull/413
• @h0x0er made their first contribution in https://github.com/gojue/ecapture/pull/418

Full Changelog: https://github.com/gojue/ecapture/compare/v0.6.5...v0.6.6

What's Changed

• supports all ports when target_port is set to 0. by @cfc4n in https://github.com/gojue/ecapture/pull/409
• support for the boringssl library on Android 12\13\14. by @cfc4n in https://github.com/gojue/ecapture/pull/410
• update golang version to 1.21 from 1.18 by @cfc4n in https://github.com/gojue/ecapture/pull/412
• 支持所有端口的网络数据捕获(target_port为0时) by @cfc4n in https://github.com/gojue/ecapture/pull/409
• 在Android 12\13\14上，支持borlingssl类库的明文捕获 by @cfc4n in https://github.com/gojue/ecapture/pull/410
• 更新Golang类库到1.21，cilium/ebpf类库到0.12.3 by @cfc4n in https://github.com/gojue/ecapture/pull/412

Full Changelog: https://github.com/gojue/ecapture/compare/v0.6.4...v0.6.5