BanCock
commented
2 months ago This appears when I try to use option -l-libssl for libtmessages.49.so.
2024-07-01T09:39:01Z INF AppName="eCapture(旁观者)"
2024-07-01T09:39:01Z INF HomePage=https://ecapture.cc
2024-07-01T09:39:01Z INF Repository=https://github.com/gojue/ecapture
2024-07-01T09:39:01Z INF Author="CFC4N <cfc4ncs@gmail.com>"
2024-07-01T09:39:01Z INF Description="Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64."
2024-07-01T09:39:01Z INF Version=androidgki_amd64:0.8.3-20240619-5a66d6a:6.8.0-36-generic
2024-07-01T09:39:01Z WRN ========== module starting. ==========
2024-07-01T09:39:01Z INF Kernel Info=6.1.23 Pid=6029
2024-07-01T09:39:01Z WRN Your environment is like a container. We won't be able to detect the BTF configuration.
If eCapture fails to run, try specifying the BTF mode. use `-b 2` to specify non-CORE mode.
2024-07-01T09:39:01Z INF BTF bytecode mode: CORE. btfMode=0
2024-07-01T09:39:01Z INF master key keylogger has been set. eBPFProgramType=Text keylogger=
2024-07-01T09:39:01Z INF listen=localhost:28256
2024-07-01T09:39:01Z INF https server starting...You can update the configuration file via the HTTP interface.
2024-07-01T09:39:01Z INF module initialization. isReload=false moduleName=EBPFProbeOPENSSL
2024-07-01T09:39:01Z INF Module.Run()
2024-07-01T09:39:01Z INF OpenSSL/BoringSSL version found BoringSSL Version=14
2024-07-01T09:39:01Z INF Hook masterKey function ElfType=2 Functions=["SSL_in_init"] binrayPath=/data/app/~~14TNtZlD7bokMWLeGsANhQ==/org.telegram.messenger.web-hmfXZNuv6vWZNHqR-CjJIQ==/lib/x86_64/libtmessages.49.so
2024-07-01T09:39:01Z INF target all process.
2024-07-01T09:39:01Z INF target all users.
2024-07-01T09:39:01Z INF setupManagers eBPFProgramType=Text
2024-07-01T09:39:01Z INF BPF bytecode file is matched. bpfFileName=user/bytecode/boringssl_a_14_kern_core.o
2024-07-01T09:39:02Z FTL module run failed, skip it. error="couldn't start bootstrap manager error:7 errors occurred:\n\t* error:opening uprobe: symbol SSL_write: not found , isRet:false, opts:&{0 0 0 0 0 }, {UID:, EbpfFuncName:probe_entry_SSL_write}\n\t* error:opening uprobe: symbol SSL_write: not found , isRet:true, opts:&{0 0 0 0 0 }, {UID:, EbpfFuncName:probe_ret_SSL_write}\n\t* error:opening uprobe: symbol SSL_read: not found , isRet:false, opts:&{0 0 0 0 0 }, {UID:, EbpfFuncName:probe_entry_SSL_read}\n\t* error:opening uprobe: symbol SSL_read: not found , isRet:true, opts:&{0 0 0 0 0 }, {UID:, EbpfFuncName:probe_ret_SSL_read}\n\t* error:opening uprobe: symbol SSL_set_fd: not found , isRet:false, opts:&{0 0 0 0 0 }, {UID:uprobe_ssl_set_fd, EbpfFuncName:probe_SSL_set_fd}\n\t* error:opening uprobe: symbol SSL_set_rfd: not found , isRet:false, opts:&{0 0 0 0 0 }, {UID:uprobe_ssl_set_rfd, EbpfFuncName:probe_SSL_set_fd}\n\t* error:opening uprobe: symbol SSL_set_wfd: not found , isRet:false, opts:&{0 0 0 0 0 }, {UID:uprobe_ssl_set_wfd, EbpfFuncName:probe_SSL_set_fd}\n\n, probes activation validation failed ." isReload=false
cfc4n
Hi, I am new here. I want to use eCapture to capture Telegram Android app tls. I tried to use --libssl flag for libssl.so path, but it seems like Telegram using their own library libtmessages.49.so.
What I need to do to work with Telegram?