You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Just ran across this project, looks neat. Taking a look at the underlying implementation, this works as a program that just hooks common shared library encryption routines via uprobes and events with the unencrypted data as those routines are invoked. That makes sense.
The README diagrams however, are kind of odd. They:
Have libpcap in them, which, as far as I can tell doesn't appear to be leveraged anywhere in this project
Within libpcap shows TC and XDP boxes, almost implying that this works with network-level packet capture
Neither of those seem accurate, since installing a system-wide uprobe hook into say, the openssl library, will event on data even if it's being encrypted/decrypted locally on a filesystem and doing 0 with the network.
I think it'd be helpful to update the diagrams to better illustrate the uprobe hooks without any reference to libpcap or the network just for people wondering how this actually works.
The text was updated successfully, but these errors were encountered:
Just ran across this project, looks neat. Taking a look at the underlying implementation, this works as a program that just hooks common shared library encryption routines via uprobes and events with the unencrypted data as those routines are invoked. That makes sense.
The README diagrams however, are kind of odd. They:
libpcap
in them, which, as far as I can tell doesn't appear to be leveraged anywhere in this projectlibpcap
showsTC
andXDP
boxes, almost implying that this works with network-level packet captureNeither of those seem accurate, since installing a system-wide uprobe hook into say, the openssl library, will event on data even if it's being encrypted/decrypted locally on a filesystem and doing 0 with the network.
I think it'd be helpful to update the diagrams to better illustrate the uprobe hooks without any reference to libpcap or the network just for people wondering how this actually works.
The text was updated successfully, but these errors were encountered: