eCapture: Capture SSL/TLS text content without a CA certificate using eBPF. https://ecapture.cc
5.5K
Important
Supports Linux/Android kernel versions x86_64 4.18 and above, **aarch64 5.5** and above. Need ROOT permission. Does not support Windows and macOS system.
This Docker image provides an easy way to use ecapture, a powerful tool for capturing SSL/TLS plaintext data directly from Linux or Android systems without requiring a CA certificate. With ecapture, you can collect decrypted HTTPS traffic in real time for security analysis, debugging, or auditing.
Key Features & Use Cases:
How to Use:
Pull the Image
docker pull gojue/ecapture:latest
Run ecapture via Docker
Grant necessary privileges (ecapture requires privileged mode and access to host network for full functionality):
docker run --rm -it \
--privileged \
--net=host \
-v /lib/modules:/lib/modules:ro \
-v /usr/src:/usr/src:ro \
gojue/ecapture \
[ecapture options]
Replace [ecapture options] with ecapture’s command-line arguments, such as tls for HTTPS or see the README for more.
Example:
To monitor SSL/TLS traffic for a given process or port, refer to usage examples in the eCapture Trobleshooting.
Requirements & Notices:
--privileged and --net=host options.More Information:
For advanced configuration, detailed options, and source code, please visit the GitHub repository.
Content type
Buildkit_cache
Digest
sha256:127578814…
Size
1.7 GB
Last updated
8 days ago
docker pull gojue/ecapture:buildcache