Home / gojue / ecapture
Repository Analysis

gojue/ecapture

Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64.

9.0 Low AI signal View on GitHub
9.0
Adjusted Score
9.0
Raw Score
100%
Time Factor
2026-05-26
Last Push
15,212
Stars
C
Language
61,639
Lines of Code
331
Files
456
Pattern Hits
2026-05-31
Scan Date

Score History

Severity Breakdown

CRITICAL 0HIGH 0MEDIUM 25LOW 431

Pattern Findings

456 matches across 5 categories. Click a row to expand file-level details.

Over-Commented Block353 hits · 345 pts
SeverityFileLineSnippet
LOW.golangci.yml1# This configuration file is not a recommendation.
LOWkern/boringssl_na_kern.c1#ifndef ECAPTURE_BORINGSSL_NA_KERN_H
LOWkern/boringssl_na_kern.c21
LOWkern/boringssl_na_kern.c41#define SSL_CIPHER_ST_ID 0x10
LOWkern/boringssl_na_kern.c61// bssl::SSL_HANDSHAKE->hints
LOWkern/gnutls_3_7_0_kern.c1#ifndef ECAPTURE_GNUTLS_3_7_0_KERN_H
LOWkern/gnutls_3_7_0_kern.c21// gnutls_session_int->key.proto.tls13.e_ckey
LOWkern/gnutls_3_8_7_kern.c1#ifndef ECAPTURE_GNUTLS_3_8_7_KERN_H
LOWkern/gnutls_3_8_7_kern.c21// gnutls_session_int->key.proto.tls13.e_ckey
LOWkern/openssl_3_4_0_kern.c1#ifndef ECAPTURE_OPENSSL_3_4_0_KERN_H
LOWkern/openssl_3_4_0_kern.c21
LOWkern/openssl_3_4_0_kern.c41#define SSL_CIPHER_ST_ID 0x18
LOWkern/openssl_3_4_0_kern.c61// bio_st->num
LOWkern/openssl_3_5_0_kern.c1#ifndef ECAPTURE_OPENSSL_3_5_0_KERN_H
LOWkern/openssl_3_5_0_kern.c21
LOWkern/openssl_3_5_0_kern.c41#define SSL_CIPHER_ST_ID 0x18
LOWkern/openssl_3_5_0_kern.c61// bio_st->num
LOWkern/openssl_masterkey_3.2.h1// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.
LOWkern/openssl_3_2_4_kern.c1#ifndef ECAPTURE_OPENSSL_3_2_4_KERN_H
LOWkern/openssl_3_2_4_kern.c21
LOWkern/openssl_3_2_4_kern.c41#define SSL_CIPHER_ST_ID 0x18
LOWkern/openssl_3_2_4_kern.c61// bio_st->num
LOWkern/tc.h1// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.
LOWkern/openssl_masterkey.h1// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.
LOWkern/bash_kern.c1// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.
LOWkern/boringssl_a_15_kern.c1#ifndef ECAPTURE_BORINGSSL_A_15_KERN_H
LOWkern/boringssl_a_15_kern.c21
LOWkern/boringssl_a_15_kern.c41#define SSL_CIPHER_ST_ID 0x10
LOWkern/boringssl_a_15_kern.c61// bssl::SSL_HANDSHAKE->hints
LOWkern/gnutls_3_6_13_kern.c1#ifndef ECAPTURE_GNUTLS_3_6_13_KERN_H
LOWkern/gnutls_3_6_13_kern.c21// gnutls_session_int->key.proto.tls13.e_ckey
LOWkern/postgres_kern.c1// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.
LOWkern/openssl_3_3_2_kern.c1#ifndef ECAPTURE_OPENSSL_3_3_2_KERN_H
LOWkern/openssl_3_3_2_kern.c21
LOWkern/openssl_3_3_2_kern.c41#define SSL_CIPHER_ST_ID 0x18
LOWkern/openssl_3_3_2_kern.c61// bio_st->num
LOWkern/gotls_kern.c1// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.
LOWkern/gotls_kern.c141 return 0;
LOWkern/openssl.h1// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.
LOWkern/ecapture.h1// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.
LOWkern/ecapture.h41 * supported by CLANG.
LOWkern/ecapture.h61#include <bpf/bpf_helpers.h>
LOWkern/openssl_1_1_0a_kern.c1#ifndef ECAPTURE_OPENSSL_1_1_0_A_KERN_H
LOWkern/openssl_1_1_0a_kern.c21
LOWkern/openssl_1_1_0a_kern.c41#define BIO_ST_NUM 0x28
LOWkern/nspr_kern.c1// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.
LOWkern/openssl_1_1_1a_kern.c1#ifndef ECAPTURE_OPENSSL_1_1_1_A_KERN_H
LOWkern/openssl_1_1_1a_kern.c21
LOWkern/openssl_1_1_1a_kern.c41#define SSL_ST_EARLY_SECRET 0x134
LOWkern/openssl_1_1_1a_kern.c61// bio_st->method
LOWkern/openssl_3_0_12_kern.c1#ifndef ECAPTURE_OPENSSL_3_0_12_KERN_H
LOWkern/openssl_3_0_12_kern.c21
LOWkern/openssl_3_0_12_kern.c41#define SSL_ST_EARLY_SECRET 0x544
LOWkern/openssl_3_0_12_kern.c61// bio_st->method
LOWkern/openssl_3_3_0_kern.c1#ifndef ECAPTURE_OPENSSL_3_3_0_KERN_H
LOWkern/openssl_3_3_0_kern.c21
LOWkern/openssl_3_3_0_kern.c41#define SSL_CIPHER_ST_ID 0x18
LOWkern/openssl_3_3_0_kern.c61// bio_st->num
LOWkern/openssl_3_2_0_kern.c1#ifndef ECAPTURE_OPENSSL_3_2_0_KERN_H
LOWkern/openssl_3_2_0_kern.c21
293 more matches not shown…
Redundant / Tautological Comments59 hits · 93 pts
SeverityFileLineSnippet
LOWtest/e2e/gnutls_e2e_test.sh138 # Check if ecapture is still running
LOWtest/e2e/gnutls_e2e_test.sh173 # Check if ecapture log has content
LOWtest/e2e/common.sh31# Check if running as root
LOWtest/e2e/common.sh61# Check if command exists
LOWtest/e2e/common.sh216# Check if a binary is linked against a specific library
LOWtest/e2e/mysql_advanced_test.sh41# Check if MySQL is available
LOWtest/e2e/bash_e2e_test.sh62 # Check if bash has readline
LOWtest/e2e/bash_e2e_test.sh88 # Check if still running
LOWtest/e2e/bash_e2e_test.sh139 # Check if we captured some bash commands
LOWtest/e2e/mysql_e2e_test.sh49# Check if MySQL is available
LOWtest/e2e/mysql_e2e_test.sh53 # Check if mysql client is available
LOWtest/e2e/mysql_e2e_test.sh59 # Check if MySQL server is running
LOWtest/e2e/mysql_e2e_test.sh79 # Check if MySQL is available
LOWtest/e2e/mysql_e2e_test.sh120 # Check if still running
LOWtest/e2e/mysql_e2e_test.sh168 # Check if we captured some MySQL activity
LOWtest/e2e/tls_text_advanced_test.sh343 # Check if output contains hex patterns (0x or just hex digits in specific format)
LOWtest/e2e/zsh_e2e_test.sh58 # Check if zsh is installed
LOWtest/e2e/zsh_e2e_test.sh88 # Check if still running
LOWtest/e2e/zsh_e2e_test.sh136 # Check if we captured some zsh commands
LOWtest/e2e/tls_keylog_advanced_test.sh320 # Check if line starts with CLIENT_RANDOM or other valid key types
LOWtest/e2e/edge_cases_test.sh184 # Check if process terminated gracefully
LOWtest/e2e/edge_cases_test.sh219 # Check if process terminated gracefully
LOWtest/e2e/tls_e2e_test.sh75 # Check if still running
LOWtest/e2e/tls_e2e_test.sh164 # Check if still running
LOWtest/e2e/tls_e2e_test.sh189 # Check if it's a valid pcapng file by checking magic bytes (0x0A0D0D0A at offset 0)
LOWtest/e2e/tls_e2e_test.sh230 # Check if still running
LOWtest/e2e/tls_e2e_test.sh264 # Check if it contains CLIENT_RANDOM entries (standard keylog format)
LOWtest/e2e/tls_e2e_test.sh382 # Check if any test failed
LOWtest/e2e/gotls_e2e_test.sh131 # Check if ecapture is still running
LOWtest/e2e/gotls_e2e_test.sh160 # Check if ecapture log has content
LOWtest/e2e/ecaptureq_e2e_test.sh255 # Check if client is running (meaning it connected and is receiving)
LOWtest/e2e/ecaptureq_e2e_test.sh365 # Check if any test failed
LOWtest/e2e/postgres_e2e_test.sh49# Check if PostgreSQL is available
LOWtest/e2e/postgres_e2e_test.sh53 # Check if psql client is available
LOWtest/e2e/postgres_e2e_test.sh59 # Check if PostgreSQL server is running
LOWtest/e2e/postgres_e2e_test.sh79 # Check if PostgreSQL is available
LOWtest/e2e/postgres_e2e_test.sh119 # Check if still running
LOWtest/e2e/postgres_e2e_test.sh167 # Check if we captured some PostgreSQL activity
LOWtest/e2e/android/build_android_tests.sh34# Check if running on Linux
LOWtest/e2e/android/android_tls_e2e_test.sh100 # Check if ecapture is running
LOWtest/e2e/android/android_tls_e2e_test.sh199 # Check if ecapture is running
LOWtest/e2e/android/android_tls_e2e_test.sh220 # Check if pcap file exists on device
LOWtest/e2e/android/android_tls_e2e_test.sh329 # Check if Go client exists locally and deploy it
LOWtest/e2e/android/android_tls_e2e_test.sh349 # Check if ecapture binary exists locally
LOWtest/e2e/android/android_bash_e2e_test.sh93 # Check if ecapture is running
LOWtest/e2e/android/android_bash_e2e_test.sh289 # Check if sh/bash is available on device and record its path
LOWtest/e2e/android/android_bash_e2e_test.sh306 # Check if ecapture binary exists locally
LOWtest/e2e/android/common_android.sh32# Check if running on macOS (development environment)
LOWtest/e2e/android/common_android.sh37# Check if ADB is available
LOWtest/e2e/android/common_android.sh49# Check if Android device/emulator is connected
LOWtest/e2e/android/common_android.sh137# Check if device is rooted
LOWtest/e2e/android/common_android.sh179# Set SELinux to permissive mode
LOWtest/e2e/android/common_android.sh324# Check if process is running on Android device
LOWtest/e2e/android/common_android.sh362# Check if file exists on Android device
LOWtest/e2e/android/common_android.sh492 # Check if resolv.conf has IPv6 loopback as nameserver
LOWtest/e2e/android/common_android.sh561# Check if command exists on Android device
LOWtest/e2e/android/android_gotls_e2e_test.sh119 # Check if ecapture is running
LOWtest/e2e/android/android_gotls_e2e_test.sh195 # Check if ecapture is running
LOWtest/e2e/android/android_gotls_e2e_test.sh316 # Check if ecapture binary exists locally
Decorative Section Separators23 hits · 78 pts
SeverityFileLineSnippet
MEDIUMkern/boringssl_const.h11// ── Android ≤ 15 (TLS 1.3 secrets are private raw arrays) ─────────────────
MEDIUMkern/boringssl_const.h31// ────────────────────────────────────────────────────────────────────────────
MEDIUMkern/boringssl_const.h34// ── Android 16+: three root values differ from older versions ───────────────
MEDIUMkern/boringssl_const.h46// ── Android ≤ 15: original layout ───────────────────────────────────────────
MEDIUMkern/boringssl_const.h59// ── Downstream offsets: identical formula for all versions ──────────────────
MEDIUMinternal/probe/gotls/event_test.go79// ── DecodeFromBytes ──────────────────────────────────────────────────────────
MEDIUMinternal/probe/gotls/event_test.go271// ── tuple() ─────────────────────────────────────────────────────────────────
MEDIUMinternal/probe/gotls/event_test.go316// ── String() / StringHex() ───────────────────────────────────────────────────
MEDIUMinternal/probe/gotls/event_test.go406// ── UUID() ───────────────────────────────────────────────────────────────────
MEDIUMinternal/probe/gotls/event_test.go454// ── Clone / Type / Validate ─────────────────────────────────────────────────
MEDIUMinternal/probe/gotls/event_test.go511// ── helper functions ─────────────────────────────────────────────────────────
MEDIUMinternal/probe/gotls/event_test.go555// ── IsRead / IsWrite ─────────────────────────────────────────────────────────
MEDIUMinternal/probe/gotls/event_test.go575// ── GetData / GetDataLen ─────────────────────────────────────────────────────
MEDIUMinternal/probe/gotls/event_test.go595// ── DecodeFromBytes round-trip ───────────────────────────────────────────────
MEDIUMutils/boringssl-offset.c42// ─── Type-trait probes ───────────────────────────────────────────────────────
MEDIUMutils/boringssl-offset.c66// ─── Output helpers ──────────────────────────────────────────────────────────
MEDIUMutils/boringssl-offset.c83// ─── Per-field emitters (partial template specialisation) ────────────────────
MEDIUMutils/boringssl-offset.c149// ─── Main ────────────────────────────────────────────────────────────────────
MEDIUMutils/boringssl-offset.c155 // ── ssl_st ────────────────────────────────────────────────────────────────
MEDIUMutils/boringssl-offset.c162 // ── ssl_session_st ────────────────────────────────────────────────────────
MEDIUMutils/boringssl-offset.c167 // ── bio / cipher ──────────────────────────────────────────────────────────
MEDIUMutils/boringssl-offset.c173 // ── bssl::SSL3_STATE ──────────────────────────────────────────────────────
MEDIUMutils/boringssl-offset.c180 // ── bssl::SSL_HANDSHAKE ───────────────────────────────────────────────────
Verbosity Indicators19 hits · 32 pts
SeverityFileLineSnippet
LOWkern/gotls_kern.c113 // Step 1: tls.Conn.conn is the first field (offset 0), it's an interface (16 bytes: type ptr + data ptr)
LOWkern/gotls_kern.c121 // Step 2: net.TCPConn.conn (embedded field at offset 0)
LOWtest/e2e/ecaptureq_e2e_test.sh96 # Step 1: Start eCapture with ecaptureQ WebSocket server
LOWtest/e2e/ecaptureq_e2e_test.sh113 # Step 2: Connect ecaptureq_client
LOWtest/e2e/ecaptureq_e2e_test.sh132 # Step 3: Generate TLS traffic via curl
LOWtest/e2e/ecaptureq_e2e_test.sh144 # Step 4: Stop processes gracefully
LOWtest/e2e/ecaptureq_e2e_test.sh162 # Step 5: Verify results
LOWtest/e2e/android/setup_android_env.sh19 # Step 1: Check ADB
LOWtest/e2e/android/setup_android_env.sh26 # Step 2: Check device connection
LOWtest/e2e/android/setup_android_env.sh43 # Step 3: Display device info
LOWtest/e2e/android/setup_android_env.sh62 # Step 4: Check Android version
LOWtest/e2e/android/setup_android_env.sh70 # Step 5: Check kernel
LOWtest/e2e/android/setup_android_env.sh78 # Step 6: Check architecture
LOWtest/e2e/android/setup_android_env.sh86 # Step 7: Check root access
LOWtest/e2e/android/setup_android_env.sh100 # Step 8: Check SELinux
LOWtest/e2e/android/setup_android_env.sh117 # Step 9: Fix DNS resolution
LOWtest/e2e/android/setup_android_env.sh121 # Step 10: Check available tools
LOWtest/e2e/android/setup_android_env.sh159 # Step 11: Check binaries
LOWtest/e2e/android/setup_android_env.sh213 # Step 12: Summary
AI Slop Vocabulary2 hits · 6 pts
SeverityFileLineSnippet
MEDIUMinternal/probe/openssl/config.go347 // Perhaps we can utilize the Android Version to choose a specific version of boringssl.
MEDIUM.github/workflows/e2e.yml108 # Run comprehensive e2e tests with sudo