fix the issue with retrieving the return value of the Read function in the Golang TLS module. #646
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…tion in the Golang TLS module. improve #623 Signed-off-by: CFC4N <[email protected]>
Signed-off-by: CFC4N <[email protected]>
cfc4n
added
🐞 bug
…entually). Signed-off-by: CFC4N <[email protected]>
cfc4n
force-pushed
the
gotls-read-return-len
branch
from
cad58a8 to
8345397
Compare
|
test passed. golang ABI register-based (golang >= 1.17)2024-10-02T03:07:54Z INF AppName="eCapture(旁观者)"
2024-10-02T03:07:54Z INF HomePage=https://ecapture.cc
2024-10-02T03:07:54Z INF Repository=https://github.com/gojue/ecapture
2024-10-02T03:07:54Z INF Author="CFC4N <[email protected]>"
2024-10-02T03:07:54Z INF Description="Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64."
2024-10-02T03:07:54Z INF Version=linux_arm64:0.8.6-20240915-136069e:5.15.0-121-generic
2024-10-02T03:07:54Z INF Listen=localhost:28256
2024-10-02T03:07:54Z INF eCapture running logs logger=
2024-10-02T03:07:54Z INF the file handler that receives the captured event eventCollector=
2024-10-02T03:07:54Z INF listen=localhost:28256
2024-10-02T03:07:54Z INF https server starting...You can update the configuration file via the HTTP interface.
2024-10-02T03:07:54Z WRN ========== module starting. ==========
2024-10-02T03:07:54Z INF Kernel Info=5.15.163 Pid=98438
2024-10-02T03:07:54Z INF BTF bytecode mode: CORE. btfMode=0
2024-10-02T03:07:54Z INF GoTlsProbe init keylogFile= model=Text
2024-10-02T03:07:54Z INF module initialization. isReload=false moduleName=EBPFProbeGoTLS
2024-10-02T03:07:54Z INF Module.Run()
2024-10-02T03:07:54Z INF HOOK type:Golang elf GoVersion=go1.21.6 binrayPath=./tests/golang_https buildInfo=" -buildmode=exe -compiler=gc CGO_ENABLED=1 GOARCH=arm64 GOOS=linux" isRegisterABI=true
2024-10-02T03:07:54Z INF golang uretprobe added. function=gotls_read_register offsets="[1461456 1461496 1461596 1461880 1461928 1462024 1462052]"
2024-10-02T03:07:54Z INF target all process.
2024-10-02T03:07:54Z INF target all users.
2024-10-02T03:07:54Z INF BPF bytecode file is matched. bpfFileName=user/bytecode/gotls_kern_core.o
2024-10-02T03:07:54Z INF perfEventReader created mapSize(MB)=4
2024-10-02T03:07:54Z INF module started successfully. isReload=false moduleName=EBPFProbeGoTLS
2024-10-02T03:08:12Z ??? PID: 98467, Comm: golang_https, TID: 98467, PayloadType:0, Payload:
0000 47 45 54 20 2F 20 48 54 54 50 2F 31 2E 31 0D 0A GET / HTTP/1.1..
0016 48 6F 73 74 3A 20 62 61 69 64 75 2E 63 6F 6D 0D Host: baidu.com.
0032 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 47 6F 2D .User-Agent: Go-
0048 68 74 74 70 2D 63 6C 69 65 6E 74 2F 31 2E 31 0D http-client/1.1.
0064 0A 41 63 63 65 70 74 2D 45 6E 63 6F 64 69 6E 67 .Accept-Encoding
0080 3A 20 67 7A 69 70 0D 0A 0D 0A : gzip....
2024-10-02T03:08:12Z ??? PID: 98467, Comm: golang_https, TID: 98471, PayloadType:1, Payload:
0000 48 54 54 50 2F 31 2E 31 20 33 30 32 20 4D 6F 76 HTTP/1.1 302 Mov
0016 65 64 20 54 65 6D 70 6F 72 61 72 69 6C 79 0D 0A ed Temporarily..
0032 53 65 72 76 65 72 3A 20 62 66 65 2F 31 2E 30 2E Server: bfe/1.0.
0048 38 2E 31 38 0D 0A 44 61 74 65 3A 20 57 65 64 2C 8.18..Date: Wed,
0064 20 30 32 20 4F 63 74 20 32 30 32 34 20 30 33 3A 02 Oct 2024 03:
0080 30 38 3A 31 32 20 47 4D 54 0D 0A 43 6F 6E 74 65 08:12 GMT..Conte
0096 6E 74 2D 54 79 70 65 3A 20 74 65 78 74 2F 68 74 nt-Type: text/ht
0112 6D 6C 0D 0A 43 6F 6E 74 65 6E 74 2D 4C 65 6E 67 ml..Content-Leng
0128 74 68 3A 20 31 36 31 0D 0A 43 6F 6E 6E 65 63 74 th: 161..Connect
0144 69 6F 6E 3A 20 6B 65 65 70 2D 61 6C 69 76 65 0D ion: keep-alive.
0160 0A 4C 6F 63 61 74 69 6F 6E 3A 20 68 74 74 70 3A .Location: http:
0176 2F 2F 77 77 77 2E 62 61 69 64 75 2E 63 6F 6D 2F //www.baidu.com/
0192 0D 0A 0D 0A 3C 68 74 6D 6C 3E 0D 0A 3C 68 65 61 ....<html>..<hea
0208 64 3E 3C 74 69 74 6C 65 3E 33 30 32 20 46 6F 75 d><title>302 Fou
0224 6E 64 3C 2F 74 69 74 6C 65 3E 3C 2F 68 65 61 64 nd</title></head
0240 3E 0D 0A 3C 62 6F 64 79 20 62 67 63 6F 6C 6F 72 >..<body bgcolor
0256 3D 22 77 68 69 74 65 22 3E 0D 0A 3C 63 65 6E 74 ="white">..<cent
0272 65 72 3E 3C 68 31 3E 33 30 32 20 46 6F 75 6E 64 er><h1>302 Found
0288 3C 2F 68 31 3E 3C 2F 63 65 6E 74 65 72 3E 0D 0A </h1></center>..
0304 3C 68 72 3E 3C 63 65 6E 74 65 72 3E 62 66 65 2F <hr><center>bfe/
0320 31 2E 30 2E 38 2E 31 38 3C 2F 63 65 6E 74 65 72 1.0.8.18</center
0336 3E 0D 0A 3C 2F 62 6F 64 79 3E 0D 0A 3C 2F 68 74 >..</body>..</ht
0352 6D 6C 3E 0D 0A ml>..golang ABI stack-based (golang < 1.17)[sudo] password for cfc4n:
2024-10-02T03:07:41Z INF AppName="eCapture(旁观者)"
2024-10-02T03:07:41Z INF HomePage=https://ecapture.cc
2024-10-02T03:07:41Z INF Repository=https://github.com/gojue/ecapture
2024-10-02T03:07:41Z INF Author="CFC4N <[email protected]>"
2024-10-02T03:07:41Z INF Description="Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64."
2024-10-02T03:07:41Z INF Version=linux_arm64:0.8.6-20240915-136069e:5.15.0-121-generic
2024-10-02T03:07:41Z INF Listen=localhost:28256
2024-10-02T03:07:41Z INF eCapture running logs logger=
2024-10-02T03:07:41Z INF the file handler that receives the captured event eventCollector=
2024-10-02T03:07:41Z INF listen=localhost:28256
2024-10-02T03:07:41Z INF https server starting...You can update the configuration file via the HTTP interface.
2024-10-02T03:07:41Z WRN ========== module starting. ==========
2024-10-02T03:07:41Z INF Kernel Info=5.15.163 Pid=98304
2024-10-02T03:07:41Z INF BTF bytecode mode: CORE. btfMode=0
2024-10-02T03:07:41Z INF GoTlsProbe init keylogFile= model=Text
2024-10-02T03:07:41Z INF module initialization. isReload=false moduleName=EBPFProbeGoTLS
2024-10-02T03:07:41Z INF Module.Run()
2024-10-02T03:07:41Z INF HOOK type:Golang elf GoVersion=go1.15.15 binrayPath=./tests/golang_https_1.15 buildInfo= isRegisterABI=false
2024-10-02T03:07:41Z INF golang uretprobe added. function=gotls_read_stack offsets="[1445792 1445884 1446016 1446096 1446268 1446292 1446328]"
2024-10-02T03:07:41Z INF target all process.
2024-10-02T03:07:41Z INF target all users.
2024-10-02T03:07:41Z INF BPF bytecode file is matched. bpfFileName=user/bytecode/gotls_kern_core.o
2024-10-02T03:07:41Z INF perfEventReader created mapSize(MB)=4
2024-10-02T03:07:41Z INF module started successfully. isReload=false moduleName=EBPFProbeGoTLS
2024-10-02T03:07:45Z ??? PID: 98323, Comm: golang_https_1., TID: 98325, PayloadType:0, Payload:
0000 47 45 54 20 2F 20 48 54 54 50 2F 31 2E 31 0D 0A GET / HTTP/1.1..
0016 48 6F 73 74 3A 20 62 61 69 64 75 2E 63 6F 6D 0D Host: baidu.com.
0032 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 47 6F 2D .User-Agent: Go-
0048 68 74 74 70 2D 63 6C 69 65 6E 74 2F 31 2E 31 0D http-client/1.1.
0064 0A 41 63 63 65 70 74 2D 45 6E 63 6F 64 69 6E 67 .Accept-Encoding
0080 3A 20 67 7A 69 70 0D 0A 0D 0A : gzip....
2024-10-02T03:07:45Z ??? PID: 98323, Comm: golang_https_1., TID: 98323, PayloadType:1, Payload:
0000 48 54 54 50 2F 31 2E 31 20 33 30 32 20 4D 6F 76 HTTP/1.1 302 Mov
0016 65 64 20 54 65 6D 70 6F 72 61 72 69 6C 79 0D 0A ed Temporarily..
0032 53 65 72 76 65 72 3A 20 62 66 65 2F 31 2E 30 2E Server: bfe/1.0.
0048 38 2E 31 38 0D 0A 44 61 74 65 3A 20 57 65 64 2C 8.18..Date: Wed,
0064 20 30 32 20 4F 63 74 20 32 30 32 34 20 30 33 3A 02 Oct 2024 03:
0080 30 37 3A 34 35 20 47 4D 54 0D 0A 43 6F 6E 74 65 07:45 GMT..Conte
0096 6E 74 2D 54 79 70 65 3A 20 74 65 78 74 2F 68 74 nt-Type: text/ht
0112 6D 6C 0D 0A 43 6F 6E 74 65 6E 74 2D 4C 65 6E 67 ml..Content-Leng
0128 74 68 3A 20 31 36 31 0D 0A 43 6F 6E 6E 65 63 74 th: 161..Connect
0144 69 6F 6E 3A 20 6B 65 65 70 2D 61 6C 69 76 65 0D ion: keep-alive.
0160 0A 4C 6F 63 61 74 69 6F 6E 3A 20 68 74 74 70 3A .Location: http:
0176 2F 2F 77 77 77 2E 62 61 69 64 75 2E 63 6F 6D 2F //www.baidu.com/
0192 0D 0A 0D 0A 3C 68 74 6D 6C 3E 0D 0A 3C 68 65 61 ....<html>..<hea
0208 64 3E 3C 74 69 74 6C 65 3E 33 30 32 20 46 6F 75 d><title>302 Fou
0224 6E 64 3C 2F 74 69 74 6C 65 3E 3C 2F 68 65 61 64 nd</title></head
0240 3E 0D 0A 3C 62 6F 64 79 20 62 67 63 6F 6C 6F 72 >..<body bgcolor
0256 3D 22 77 68 69 74 65 22 3E 0D 0A 3C 63 65 6E 74 ="white">..<cent
0272 65 72 3E 3C 68 31 3E 33 30 32 20 46 6F 75 6E 64 er><h1>302 Found
0288 3C 2F 68 31 3E 3C 2F 63 65 6E 74 65 72 3E 0D 0A </h1></center>..
0304 3C 68 72 3E 3C 63 65 6E 74 65 72 3E 62 66 65 2F <hr><center>bfe/
0320 31 2E 30 2E 38 2E 31 38 3C 2F 63 65 6E 74 65 72 1.0.8.18</center
0336 3E 0D 0A 3C 2F 62 6F 64 79 3E 0D 0A 3C 2F 68 74 >..</body>..</ht
0352 6D 6C 3E 0D 0A ml>.. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
fixes: #618, improve #623