eCapture v1.3.1

What's Changed

• fix: share same hpack decoder for one tuple connect #744 by @chilli13 in #798
• fix: Improve bash path detection and correct probe attachment by @zenyanle in #805

Full Changelog: v1.3.0...v1.3.1

eCapture v1.3.0

What's Changed

• feat: enhance BPF core read macros and add new utility functions by @cfc4n in #797
• feat: support gnutls early secret by @yuweizzz in #801
• fix: keylog lost in openssl by @yuweizzz in #802

Full Changelog: v1.2.0...v1.3.0

eCapture v1.2.0

What's Changed

• feat: add JetBrains logo and acknowledgements to README files by @cfc4n in #793
• feat: Implement dual lifecycle management for eventWorker by @zenyanle in #785
• rorate: add eventroratesize, eventroratetime to support file rorate #720 by @chilli13 in #794
• feat: define early_secret in SSL structures for enhanced security by @cfc4n in #792

New Contributors

• @zenyanle made their first contribution in #785

Full Changelog: v1.1.0...v1.2.0

eCapture v1.1.0

What's Changed

• feat: allow capture icmp protocol by @yuweizzz in #779
• opt: redesign the truncate effect logic to reduce memory cost in text mode #718 by @chilli13 in #775
• fix: clean up SSLDataEvent string methods and improve logging #776 by @cfc4n in #777
• fix: improve logging for truncated events and update string formatting by @cfc4n in #780
• feat: support openssl version 3.5.0 #783 by @chilli13 in #787
• fix: avoid writing empty decryption secrets block in savePcapng method by @cfc4n in #786

Full Changelog: v1.0.2...v1.1.0

eCapture v1.0.2

What's Changed

• build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0 by @dependabot in #766
• feat: add support for OpenSSL 3.3.3 and 3.4.1, update version mappings by @cfc4n in #769

Full Changelog: v1.0.1...v1.0.2

eCapture v1.0.1

What's Changed

• fix: #757 , update clang version to 10 in installation scripts by @cfc4n in #758
• refactor: remove loopback device checks from pcap probe files by @cfc4n in #762

Full Changelog: v1.0.0...v1.0.1

eCapture v1.0.0

v1.0.0 Stable Versions (2025-03-25)

🚀 eCapture Features Overview

eCapture is a powerful network traffic capture and decryption tool focusing on TLS/SSL protocol transparency and analysis. It supports multiple protocols and architectures, providing efficient and flexible capture and decryption capabilities.

---

Core Features

1. Multi-Protocol Support

• Supports TLS, gnutls, nss, openssl, and other encryption protocols, compatible with different versions of SSL/TLS implementations.

2. Smart Packet Capture

• Based on eBPF technology, enabling efficient network data capture and protocol parsing. Supports IPv4, IPv6 dual-stack and 4-tuple filtering.

3. Master Key Capture

• Supports TLS 1.2 and 1.3 protocol master key capture. Integrates with Wireshark for decryption, allowing direct viewing of encrypted traffic in plain text.

4. Modular Architecture

• Modular design allows for easy extension and flexible configuration of different protocol modules.

5. Cross-Platform Support

• Supports Linux, Android, and other platforms, compatible with ARM64 and x86 architectures, adapting to different environments.

---

Features

• Automation
  Automatically detects SSL/TLS library versions, intelligently identifies CO-RE and non-CO-RE modes, optimizes memory usage.

• Flexible Configuration
  Supports custom filters, log files, decryption modes (keylog, pcap, text), and multiple output formats.

• High Performance
  High-efficiency data processing based on eBPF, supports large-scale concurrent captures and long-term packet capturing.

• Strong Compatibility
  Supports multiple SSL/TLS library versions, including openssl 1.1.1, 3.0.x, boringssl, etc.

• Extensibility
  Provides Wireshark plugin support for easy data analysis and visualization.

---

Technical Advantages

• eBPF Engine
  Utilizes advanced eBPF technology to improve capture and decryption efficiency, reducing system resource usage.

• Modular Architecture
  Core functionality is modularized for easy extension and maintenance.

• Intelligence
  Automatically detects the runtime environment and intelligently adapts to different protocols and architectures.

---

Application Scenarios

1. Network Debugging
   Real-time capture and decryption of TLS/SSL traffic to assist in development and debugging.

2. Security Analysis
   Analyze encrypted communications to identify potential security vulnerabilities.

3. Protocol Research
   Study TLS/SSL protocol implementations and analyze traffic characteristics.

4. Monitoring and Auditing
   Monitor network communications, record, and audit sensitive operations.

Links

1. eCapture旁观者
2. eCapture Github
3. 微信公众号
   

Full Changelog: v0.9.5...v1.0.0

eCapture v0.9.5

What's Changed

• fix: incorrect stream id in http2 protocol data frame by @yuweizzz in #737
• Fix: #740, the bug of incomplete SSL data for excessively long lengths. by @cfc4n in #742
• improve: provide opts to set the truncate size in text mode to reduce memory cost by @yuweizzz in #731
• improve: handle COMPRESSION_ERROR to reduce the error log displayed by @yuweizzz in #745
• fix: #739 the tuple to be unreachable. by @cfc4n in #741
• improve: add frame length by @yuweizzz in #748

Full Changelog: v0.9.4...v0.9.5

eCapture v0.9.4

What's Changed

• feat(boringssl): add support Android15 BoringSSL by @cfc4n in #723
• feat: support ipv6 4-tuple (#724) by @chilli13 in #728
• improve: include a stream id field when parse http2 event by @yuweizzz in #734
• tuple: bugfix for tuple ipv4 dst ip info by @chilli13 in #735

New Contributors

• @chilli13 made their first contribution in #728

Full Changelog: v0.9.3...v0.9.4

eCapture v0.9.3

What's Changed

• fix(make): improve error handling and clean target logic in Makefile by @cfc4n in #713
• fix: incorrect CAP_BPF check method by @hengyoush in #715
• feat(ci): update GitHub Action runners with Linux arm64 host by @cfc4n in #722

New Contributors

• @hengyoush made their first contribution in #715

Full Changelog: v0.9.2...v0.9.3