eCapture v0.4.1 release (Linux x86_64/aarch64, Android kernel 5.5+).

What's Changed

• kern : define variable target_port always. by @cfc4n in #157
• workflows : build nocore version for Android default. by @cfc4n in #159
• pkg : Ifname default value. by @cfc4n in #161
• user : skip loopback network interface by @cfc4n in #163
• user : tls models exit gracefully. by @cfc4n in #165
• git: ignore .check* files by @blaisewang in #168
• pkg : fix config file parse failed, when as gzip format. by @cfc4n in #169
• fix gzip read err by @4ft35t in #175
• pkg/util/ebpf : add unit testing for kernel CONFIG reader by @cfc4n in #176
• user : fix incorrect TimeStamp by @cfc4n in #179
• cli/cmd : print version info by @cfc4n in #177
• kern : support boringssl offset for Android 12. by @cfc4n in #181

New Contributors

• @blaisewang made their first contribution in #168
• @4ft35t made their first contribution in #175

Full Changelog: v0.4.0...v0.4.1

eCapture v0.4.0 release (Linux x86_64/aarch64, Android kernel 5.5+).

Note

Support Wireshark to open directly. Do not need to setting up Master Secrets files.

Capture raw packet by Traffic Control eBPF filter. Added Master Secrets information into pcapng
with Decryption Secrets Block (DSB).

Warning

change loggerFile flag as -l from -w , because -w is reserved for Wireshark, and keep same as -w
for tcpdump. use ecapture -h for help.
change master secrets filename from ecapture_masterkey_[pid].log to ecapture_masterkey.log.

What's Changed

• new feature: capture TLS 1.3 master secret by @cfc4n in #143
• user : echo String() or StringHex() by CLI argument. by @cfc4n in #149
• cli/cmd : clean up all probe while process exit. (#150) by @cfc4n in #151
• save as Pcapng files #145 by @cfc4n in #148
• user : Support writing pcapng files with Decryption Secrets Block (DSB). by @cfc4n in #153

Full Changelog: v0.3.0...v0.4.0

eCapture v0.3.0 release (Linux x86_64/aarch64, Android kernel 5.5+).

Breaking Changes

Capture TLS master_key ,save to file. Support openssl 1.1.1.X . TLS 1.2 .

Quick Guide:

• use ecapture to capture TLS master_key, will save master secret to ecapture_masterkey_[pid].log.
• use tcpdump to capture and save packets to xxx.pcapng file.
• open xxx.pcapng file with wireshark.
• Setting : Wireshark --> Preferences --> Protocols --> TLS --> (Pre)-Master-Secret log filename, select ecapture_masterkey_[pid].log.
• Using : right click packet item, select follow -> HTTP Stream / HTTP/2 Stream

What's Changed

• all : refactor event_processor EventType. by @cfc4n in #134
• fixed #138 : You have an error in your yaml syntax on line 79 by @cfc4n in #139
• New feature: capture openssl masterkey #27 by @cfc4n in #140

Full Changelog: v0.2.2...v0.3.0

eCapture v0.2.2 release (Linux x86_64/aarch64, Android kernel 5.5+).

What's Changed

• workflows: build failed on aarch 64 ubuntu : 'linux/kconfig.h' file not found #125 by @cfc4n in #126
• Makefile shell running,with a unexcepted result: lost DKERNEL_LESS_5_2 on kernel 4.15 #129 by @cfc4n in #132
• ebpf: remove detection of BPF config when running at container #127 by @cfc4n in #128

Full Changelog: v0.2.1...v0.2.2

eCapture v0.2.1 release (Linux x86_64/aarch64, Android kernel 4.18+).

What's Changed

• pkg : fix Kernel config read failed, error:Config not found #117 by @cfc4n in #123
• user : Clean up unnecessary information. fix #122 by @cfc4n in #124

Full Changelog: v0.2.0...v0.2.1

eCapture v0.2.0 release (Linux x86_64/aarch64, Android kernel 4.18+).

What's Changed

• Directly search so in search path when /usr/bin/curl is not exist by @tiann in #97
• Add GitHub Action ：Golangci lint by @cfc4n in #99
• Add Chinese name 旁观者. by @cfc4n in #103
• build: change tar.gz file path in checksum.txt by @cfc4n in #104
• Support Golang HTTPS introspection by @chenhengqi in #100
• New Feature: support Android without GKI (kernel version > 4.18) by @cfc4n in #107
• fixed :#108 tls module cannot to capture payload on Aarch64 kernel 4.18 by @huzai9527 in #109
• fixed #108: ip address lost on aarch64 kernel 4.18 by @cfc4n in #111
• New feature: add payload parser. by @cfc4n in #113
• document: message friendly by @cfc4n in #119

New Contributors

• @tiann made their first contribution in #97
• @chenhengqi made their first contribution in #100

Full Changelog: v0.1.10...v0.2.0

eCapture v0.1.10 release (Linux x86_64/aarch64, Android GKI).

What's Changed

• user : fixed bug. #76 libpthread.so not found. by @cfc4n in #77
• Support for ARM64 architecture by @cfc4n in #75
• fixed: outputing blank text on linux 4.18 #81 by @cfc4n in #82
• New feature: update ebpfmanager package to 0.3.0 by @cfc4n in #83
• New feature: #80 event filter by uid by @cfc4n in #84
• New feature: #85 event filter by uid for module tls by @cfc4n in #86
• New feature: #87 support Android GKI by @cfc4n in #88
• fixed: #92 github checkout error while a PR sent. by @cfc4n in #93
• New Feature: #79 Auto release for android gki by @cfc4n in #94

Full Changelog: v0.1.9...v0.1.10

eCapture v0.1.9 release (Linux x86_64/aarch64).

What's Changed

• code refactoring: event dispatcher by @cfc4n in #58
• add notes for how to use ecapture in other libs by @xjas in #60
• add TLS/SSL Version info (openssl). by @cfc4n in #62
• Update README.md by @nfsec in #63
• fix some typos by @cuishuang in #68
• Add nosearch argument to skip auto search lib path by @vincentmli in #70

New Contributors

• @xjas made their first contribution in #60
• @nfsec made their first contribution in #63
• @cuishuang made their first contribution in #68
• @vincentmli made their first contribution in #70

Full Changelog: v0.1.8...v0.1.9

eCapture v0.1.8 release.

What's Changed

• ADD mysqld dispatch_command return value. by @cfc4n in #44
• autogen vmlinux header file to compatible current OS by @cfc4n in #50
• feat: support postgres query hook by @yihong0618 in #51
• added return value of bash module. by @huzai9527 in #52
• change bash line size to 256 bytes by @yindex in #55
• add errnumber flag for command bash by @huzai9527 in #56

New Contributors

• @huzai9527 made their first contribution in #52
• @yindex made their first contribution in #55

Full Changelog: v0.1.7...v0.1.8

eCapture v0.1.7 release.

What's Changed

• user: fix #29 ubuntu21.10 error :connect symbol cant found by @cfc4n in #30
• support no co-re version on linux kernel >= 5.2 by @cfc4n in #32
• merge two Makefile files. by @cfc4n in #33
• images : fix #34 Inaccurate/Confusing Diagrams by @cfc4n in #36
• Fix #37 Shared object dependence by @cfc4n in #38
• README grammar fix by @chriskaliX in #35
• Fix #39 .rodata: map create: read- and write-only maps not supported (requires >= v5.2) by @cfc4n in #40
• set clang version lower to 9 from 12 by @cfc4n in #41

New Contributors

• @cfc4n made their first contribution in #30

Full Changelog: v0.1.6...v0.1.7