From cbb66749d471e73cb8cd1aa34f5246c075b02906 Mon Sep 17 00:00:00 2001 From: CFC4N Date: Tue, 21 Jun 2022 21:41:13 +0800 Subject: [PATCH] =?UTF-8?q?Add=20chinese=20name=20=E6=97=81=E8=A7=82?= =?UTF-8?q?=E8=80=85.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: CFC4N --- README.md | 4 ++-- README_CN.md | 11 ++++++++--- cli/cmd/root.go | 4 ++-- 3 files changed, 12 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 740a34632..be0555f08 100644 --- a/README.md +++ b/README.md @@ -1,13 +1,13 @@ ![](./images/ecapture-logo-400x400.png) -[简体中文介绍](./README_CN.md) | English +[中文介绍](./README_CN.md) | English [![GitHub stars](https://img.shields.io/github/stars/ehids/ecapture.svg?label=Stars&logo=github)](https://github.com/ehids/ecapture) [![GitHub forks](https://img.shields.io/github/forks/ehids/ecapture?label=Forks&logo=github)](https://github.com/ehids/ecapture) [![CI](https://github.com/ehids/ecapture/actions/workflows/codeql-analysis.yml/badge.svg)](https://github.com/ehids/ecapture/actions/workflows/code-analysis.yml) [![Github Version](https://img.shields.io/github/v/release/ehids/ecapture?display_name=tag&include_prereleases&sort=semver)](https://github.com/ehids/ecapture/releases) -### eCapture: capture SSL/TLS text content without CA cert Using eBPF. +### eCapture(旁观者): capture SSL/TLS text content without CA cert Using eBPF. ---- diff --git a/README_CN.md b/README_CN.md index d54347784..668beddbd 100644 --- a/README_CN.md +++ b/README_CN.md @@ -1,21 +1,26 @@ ![](./images/ecapture-logo-400x400.png) -[English](./README.md) | 简体中文 +[English](./README.md) | 中文介绍 [![GitHub stars](https://img.shields.io/github/stars/ehids/ecapture.svg?label=Stars&logo=github)](https://github.com/ehids/ecapture) [![GitHub forks](https://img.shields.io/github/forks/ehids/ecapture?label=Forks&logo=github)](https://github.com/ehids/ecapture) [![CI](https://github.com/ehids/ecapture/actions/workflows/codeql-analysis.yml/badge.svg)](https://github.com/ehids/ecapture/actions/workflows/code-analysis.yml) [![Github Version](https://img.shields.io/github/v/release/ehids/ecapture?display_name=tag&include_prereleases&sort=semver)](https://github.com/ehids/ecapture/releases) -### eCapture: 基于eBPF技术实现TLS加密的明文捕获。 +### eCapture(旁观者): 基于eBPF技术实现TLS加密的明文捕获。 ---- -# eCapture 工作原理 +# eCapture旁观者 + +eCapture的中文名字为**旁观者**,即「**当局者迷,旁观者清**」,与其本身功能**旁路、观察**契合,且发音与英文有相似之处。 + +# eCapture 工作原理 ![](./images/how-ecapture-works.png) eBPF HOOK uprobe实现的各种用户态进程的数据捕获,无需改动原程序。 + * SSL/HTTPS数据导出功能,针对HTTPS的数据包抓取,不需要导入CA证书。 * bash的命令捕获,HIDS的bash命令监控解决方案。 * mysql query等数据库的数据库审计解决方案。 diff --git a/cli/cmd/root.go b/cli/cmd/root.go index 807e14278..e093c1129 100644 --- a/cli/cmd/root.go +++ b/cli/cmd/root.go @@ -12,7 +12,7 @@ import ( ) const ( - cliName = "ecapture" + cliName = "eCapture" cliDescription = "capture text SSL content without CA cert by ebpf hook." ) @@ -32,7 +32,7 @@ var rootCmd = &cobra.Command{ Short: cliDescription, SuggestFor: []string{"ecapture"}, - Long: `eCapture is a tool that can capture plaintext packets + Long: `eCapture(旁观者) is a tool that can capture plaintext packets such as HTTPS and TLS without installing a CA certificate. It can also capture bash commands, which is suitable for security auditing scenarios, such as database auditing of mysqld, etc.