This is a simple demo showing how to use eBPF uprobe
s and uretprobe
s to grab
data from applications using OpenSSL before it is encrypted, and after it is decrypted.
This lets us see application traffic without having to setup a man-in-the-middle proxy, and dealing with the associated certificate mess.
You can read more about how this was built here.
This is Linux only, of course. Once you have an environment setup that can run ebpf-go, you're good to go!
go generate
go build
sudo ./ebpf-go