an eBPF / XDP Playground
This repository contains a collection of eBPF / XDP programs that I've written while learning about eBPF and XDP. As security is my primary interest, most of these programs are security-related and are intended to be used for security research.
Hide your files and processes from the system
Sniff unencrypted SSL/TLS traffic
[!WARNING] Disclaimer: I condemn the use of these programs for malicious purposes. I am not responsible for any damage caused by the use of these programs. These programs are intended for educational purposes only.
Type | Name | Description | Notes |
---|---|---|---|
XDP | icmp_pingback | Respond to ICMP echo requests with ICMP echo replies within the XDP layer. | Showcase of XDP program |
TP | hide_pid | Hide a process (pid)/folder/file from the system | Inspired by bad-bpf |
TP | hidden_ssh | Give yourself a hidden backdoor in the SSH server | |
UPROBE | ssl_sniffer | Sniff unencrypted SSL/TLS traffic |
For compiling eBPF programs, you'll need the following:
clang
and llvm
(>= 10.0.0)sudo apt install clang llvm libelf-dev linux-headers-$(uname -r) build-essential
You can download the latest release from the releases page.
[!NOTE] Some programs might not give enough control over the eBPF program, if you need to modify the eBPF program, you'll need to compile the source code. (Or open an issue requesting the feature)
As we are using submodules, you'll need to clone this repository with the --recursive
flag:
git clone https://github.com/rphang/evilBPF.git --recursive
If you've already cloned this repository without the --recursive
flag, you can run the following command to clone the submodules:
git submodule update --init --recursive
To compile all the programs at once, simply run the Makefile
in the root directory:
make
All the compiled programs will be placed in the dst
directory.
Each program has its own directory, and each directory has its own Makefile
. To compile a program, simply cd
into the program's directory and run make
:
cd src/<program>...
make
Alot of the general resources I've used to learn about eBPF and XDP are listed below: