Comment by jeroenhd
19 days ago
I believe that's how https://github.com/gojue/ecapture works. I don't know the details, but it seems to work!
19 days ago
I believe that's how https://github.com/gojue/ecapture works. I don't know the details, but it seems to work!
Yep, that's correct. It uses eBPF upprobes to attach to the SSL_write/SSL_read functions.