(github.com)

664 points alexflint | 2 comments | 03 Feb 25 16:28 UTC | HN request time: 0.414s | source

Show context

ranger_danger ◴[03 Feb 25 19:23 UTC] No.42921763[source]▶

>>42919909 (OP) #

Why not use eBPF instead? Then you could see all http requests from all processes at once, including ones that are already running. Plus you wouldn't need to bother with TLS at all, just hook on e.g. write(2).

replies(5): >>42921870 #>>42921954 #>>42923824 #>>42924500 #>>42927428 #

ARob109 ◴[04 Feb 25 03:23 UTC] No.42927428[source]▶

>>42921763 #

Using uprobes to hook the SSL library, would it be possible to filter content by inspecting and modifying eg the decrypted HTTP response ?

replies(1): >>42928234 #

ranger_danger ◴[04 Feb 25 05:04 UTC] No.42928234[source]▶

>>42927428 #

absolutely

replies(1): >>42929118 #

1. farnulfo ◴[04 Feb 25 07:13 UTC] No.42929118[source]▶

>>42928234 #

eBPF TLS tracing: The Past, Present and Future https://blog.px.dev/ebpf-tls-tracing-past-present-future/

replies(1): >>42933364 #

2. ddelnano ◴[04 Feb 25 15:16 UTC] No.42933364[source]▶

>>42929118 (TP) #

Author here :). Happy to answer any questions on this TLS tracing stuff.

↑

Httptap: View HTTP/HTTPS requests made by any Linux program