Comment by jeroenhd
18 days ago
I believe that's how https://github.com/gojue/ecapture works. I don't know the details, but it seems to work!
18 days ago
I believe that's how https://github.com/gojue/ecapture works. I don't know the details, but it seems to work!
Yep, that's correct. It uses eBPF upprobes to attach to the SSL_write/SSL_read functions.