(github.com)

664 points alexflint | 1 comments | 03 Feb 25 16:28 UTC | HN request time: 0.205s | source

Show context

ranger_danger ◴[03 Feb 25 19:23 UTC] No.42921763[source]▶

>>42919909 (OP) #

Why not use eBPF instead? Then you could see all http requests from all processes at once, including ones that are already running. Plus you wouldn't need to bother with TLS at all, just hook on e.g. write(2).

replies(5): >>42921870 #>>42921954 #>>42923824 #>>42924500 #>>42927428 #

somanyphotons ◴[03 Feb 25 19:39 UTC] No.42921954[source]▶

>>42921763 #

Presumably eBPF requires root privs?

replies(2): >>42922030 #>>42922926 #

trallnag ◴[03 Feb 25 19:46 UTC] No.42922030[source]▶

>>42921954 #

I'm having a hard time coming up with a use case where I want to use a tool like that but I'm also lacking root privileges

replies(1): >>42922087 #

freedomben ◴[03 Feb 25 19:51 UTC] No.42922087[source]▶

>>42922030 #

Inside most production environments. I could use this today inside a Pod that isn't allowed root privs.

replies(2): >>42922183 #>>42924734 #

1. dgl ◴[03 Feb 25 23:14 UTC] No.42924734[source]▶

>>42922087 #

This won't work in most cases inside a Kubernetes pod, as the default seccomp policies don't allow creating namespaces within them. You can obviously relax the seccomp policies, but at that point you can also just give yourself the capabilities.

There are eBPF tools which will work, for example https://inspektor-gadget.io/docs/latest/gadgets/trace_ssl

↑

Httptap: View HTTP/HTTPS requests made by any Linux program