Open
Description
pixel7 android15 已经root
./ecapture tls -l log.txt, 没有抓包数据,完整日志如下
{"level":"info","AppName":"eCapture(旁观者)","time":"2025-06-05T01:40:48Z"}
{"level":"info","HomePage":"https://ecapture.cc","time":"2025-06-05T01:40:48Z"}
{"level":"info","Repository":"https://github.com/gojue/ecapture","time":"2025-06-05T01:40:48Z"}
{"level":"info","Author":"CFC4N <[email protected]>","time":"2025-06-05T01:40:48Z"}
{"level":"info","Description":"Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64.","time":"2025-06-05T01:40:48Z"}
{"level":"info","Version":"androidgki_arm64:v1.1.0:6.8.0-1027-azure","time":"2025-06-05T01:40:48Z"}
{"level":"info","Listen":"localhost:28256","time":"2025-06-05T01:40:48Z"}
{"level":"info","logger":"save.txt","time":"2025-06-05T01:40:48Z","message":"eCapture running logs"}
{"level":"info","eventCollector":"","time":"2025-06-05T01:40:48Z","message":"the file handler that receives the captured event"}
{"level":"info","listen":"localhost:28256","time":"2025-06-05T01:40:48Z"}
{"level":"info","time":"2025-06-05T01:40:48Z","message":"https server starting...You can upgrade the configuration file via the HTTP interface."}
{"level":"info","Pid":23058,"Kernel Info":"6.1.99","time":"2025-06-05T01:40:48Z"}
{"level":"info","TruncateSize":0,"Unit":"bytes","time":"2025-06-05T01:40:48Z"}
{"level":"warn","time":"2025-06-05T01:40:48Z","message":"Your environment is like a container. We won't be able to detect the BTF configuration.\nIf eCapture fails to run, try specifying the BTF mode. use `-b 2` to specify non-CORE mode."}
{"level":"info","btfMode":0,"time":"2025-06-05T01:40:48Z","message":"BTF bytecode mode: CORE."}
{"level":"info","keylogger":"","eBPFProgramType":"Text","time":"2025-06-05T01:40:48Z","message":"master key keylogger has been set."}
{"level":"info","moduleName":"EBPFProbeOPENSSL","isReload":false,"time":"2025-06-05T01:40:48Z","message":"module initialization."}
{"level":"info","time":"2025-06-05T01:40:48Z","message":"Module.Run()"}
{"level":"error","time":"2025-06-05T01:40:48Z","message":"OpenSSL/BoringSSL version not found, used default version.If you want to use the specific version, please set the sslVersion parameter with \"--ssl_version='boringssl_a_13'\" , \"--ssl_version='boringssl_a_14'\", or use \"ecapture tls --help\" for more help."}
{"level":"error","sslVersion":"android_default","bpfFile":"boringssl_a_15_kern.o","time":"2025-06-05T01:40:48Z"}
{"level":"info","binrayPath":"/apex/com.android.conscrypt/lib64/libssl.so","ElfType":2,"Functions":["SSL_in_init"],"time":"2025-06-05T01:40:48Z","message":"Hook masterKey function"}
{"level":"info","time":"2025-06-05T01:40:48Z","message":"target all process."}
{"level":"info","time":"2025-06-05T01:40:48Z","message":"target all users."}
{"level":"info","eBPFProgramType":"Text","time":"2025-06-05T01:40:48Z","message":"setupManagers"}
{"level":"info","bpfFileName":"user/bytecode/boringssl_a_15_kern_core.o","time":"2025-06-05T01:40:48Z","message":"BPF bytecode file is matched."}
{"level":"info","mapSize(MB)":4,"time":"2025-06-05T01:40:49Z","message":"perfEventReader created"}
{"level":"info","mapSize(MB)":4,"time":"2025-06-05T01:40:49Z","message":"perfEventReader created"}
{"level":"info","moduleName":"EBPFProbeOPENSSL","isReload":false,"time":"2025-06-05T01:40:49Z","message":"module started successfully."}
{"level":"info","time":"2025-06-05T01:42:03Z","message":"module close."}
{"level":"info","time":"2025-06-05T01:42:03Z","message":"Module closed,message Received from Context"}
{"level":"info","time":"2025-06-05T01:42:03Z","message":"iModule module close"}
{"level":"info","time":"2025-06-05T01:42:03Z","message":"bye bye."}