eCapture抓包框架

./ecapture 

cfc4n@vmserver:~/$ sudo ecapture -h
NAME:
    ecapture - capture text SSL content without CA cert by ebpf hook.

USAGE:
    ecapture [flags]

VERSION:
    linux_arm64:v0.8.0:5.15.0-105-generic

COMMANDS:
    bash        capture bash command
    gnutls        capture gnutls text content without CA cert for gnutls libraries.
    gotls        Capturing plaintext communication from Golang programs encrypted with TLS/HTTPS.
    help        Help about any command
    mysqld        capture sql queries from mysqld 5.6/5.7/8.0 .
    nss        capture nss/nspr encrypted text content without CA cert for nss/nspr libraries.
    postgres    capture sql queries from postgres 10+.
    tls        use to capture tls/ssl text content without CA cert. (Support openssl 1.0.x/1.1.x/3.0.x or newer).

DESCRIPTION:
    eCapture(旁观者) is a tool that can capture plaintext packets
    such as HTTPS and TLS without installing a CA certificate.
    It can also capture bash commands, which is suitable for
    security auditing scenarios, such as database auditing of mysqld, etc (disabled on Android).
    Support Linux(Android)  X86_64 4.18/aarch64 5.5 or newer.
    Repository: https://github.com/gojue/ecapture
    HomePage: https://ecapture.cc

    Usage:
      ecapture tls -h
      ecapture bash -h

OPTIONS:
  -b, --btf=0        enable BTF mode.(0:auto; 1:core; 2:non-core)
  -d, --debug[=false]    enable debug logging.(coming soon)
  -h, --help[=false]    help for ecapture
      --hex[=false]    print byte strings as hex encoded strings
  -l, --logaddr=""    -l /tmp/ecapture.log or -l tcp://127.0.0.1:8080
      --mapsize=1024    eBPF map size per CPU,for events buffer. default:1024 * PAGESIZE. (KB)
  -p, --pid=0        if pid is 0 then we target all pids
  -u, --uid=0        if uid is 0 then we target all users
  -v, --version[=false]    version for ecapture