cfc4n@vmserver:~/$ sudo ecapture -h NAME: ecapture - capture text SSL content without CA cert by ebpf hook.
USAGE: ecapture [flags]
VERSION: linux_arm64:v0.8.0:5.15.0-105-generic
COMMANDS: bash capture bash command gnutls capture gnutls text content without CA cert for gnutls libraries. gotls Capturing plaintext communication from Golang programs encrypted with TLS/HTTPS. help Help about any command mysqld capture sql queries from mysqld 5.6/5.7/8.0 . nss capture nss/nspr encrypted text content without CA cert for nss/nspr libraries. postgres capture sql queries from postgres 10+. tls use to capture tls/ssl text content without CA cert. (Support openssl 1.0.x/1.1.x/3.0.x or newer).
DESCRIPTION: eCapture(旁观者) is a tool that can capture plaintext packets such as HTTPS and TLS without installing a CA certificate. It can also capture bash commands, which is suitable for security auditing scenarios, such as database auditing of mysqld, etc (disabled on Android). Support Linux(Android) X86_64 4.18/aarch64 5.5 or newer. Repository: https://github.com/gojue/ecapture HomePage: https://ecapture.cc
Usage: ecapture tls -h ecapture bash -h
OPTIONS: -b, --btf=0 enable BTF mode.(0:auto; 1:core; 2:non-core) -d, --debug[=false] enable debug logging.(coming soon) -h, --help[=false] help for ecapture --hex[=false] print byte strings as hex encoded strings -l, --logaddr="" -l /tmp/ecapture.log or -l tcp://127.0.0.1:8080 --mapsize=1024 eBPF map size per CPU,for events buffer. default:1024 * PAGESIZE. (KB) -p, --pid=0 if pid is 0 then we target all pids -u, --uid=0 if uid is 0 then we target all users -v, --version[=false] version for ecapture