gojue/ecapture

Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64.

What's novel

Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64.

Code Analysis

0 files read · 1 rounds

A user-space eBPF-based security auditing tool that captures plaintext data from encrypted network traffic (SSL/TLS) and system commands without requiring root CA certificates.

Strengths

Highly innovative approach using eBPF for deep kernel-level inspection of user-space libraries like OpenSSL and BoringSSL. Strong separation of concerns between Go control plane and C/eBPF data plane, with robust version-specific offset handling mechanisms.

Weaknesses

Limited test coverage for edge cases in eBPF programs; heavy reliance on external build tools (clang/bpfcc) which may complicate deployment environments.

Score Breakdown

Innovation

8 (25%)

Craft

86 (35%)

Traction

80 (15%)

Scope

96 (25%)

Signal breakdown

Innovation

Not Fork+1

Code Novelty+2

Concept Novelty+3

Craft

Ci+5

Tests+8

Polish+5

Releases+5

Has License+5

Code Quality+21

Readme Quality+15

Recent Activity+7

Structure Quality+5

Commit Consistency+5

Has Dependency Mgmt+5

Traction

Forks+20

Stars+30

Hn Points+15

Watchers+10

Early Traction+0

Devto Reactions+0

Community Contribs+5

Scope

Commits+8

Languages+8

Subsystems+15

Bloat Penalty+0

Completeness+7

Contributors+8

Authored Files+15

Readme Code Match+3

Architecture Depth+7

Implementation Depth+8

Evidence

Commits

110

Contributors

Files

369

Active weeks

TestsCI/CDREADMELicenseContributing

Repository

Language

Stars

15032

Forks

1596

License

Apache-2.0