split gnutls module.

Signed-off-by: cfc4n <cfc4n.cs@gmail.com>
gojue · Dec 1, 2023 · 675791b · 675791b
1 parent db7e37a
commit 675791b
Show file tree

Hide file tree

Showing 3 changed files with 153 additions and 9 deletions.
diff --git a/cli/cmd/gnutls.go b/cli/cmd/gnutls.go
@@ -0,0 +1,149 @@
+//go:build !androidgki
+// +build !androidgki
+
+// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package cmd
+
+import (
+	"context"
+	"ecapture/pkg/util/kernel"
+	"ecapture/user/config"
+	"ecapture/user/module"
+	"log"
+	"os"
+	"os/signal"
+	"sync"
+	"syscall"
+
+	"github.com/spf13/cobra"
+)
+
+var gc = config.NewGnutlsConfig()
+
+// gnutlsCmd represents the openssl command
+var gnutlsCmd = &cobra.Command{
+	Use:     "gnutls",
+	Aliases: []string{"gnu"},
+	Short:   "capture gnutls text content without CA cert for gnutls libraries.",
+	Long: `use eBPF uprobe/TC to capture process event data and network data.also support pcap-NG format.
+ecapture gnutls
+ecapture gnutls --hex --pid=3423
+ecapture gnutls -l save.log --pid=3423
+ecapture gnutls --gnutls=/lib/x86_64-linux-gnu/libgnutls.so
+`,
+	Run: gnuTlsCommandFunc,
+}
+
+func init() {
+	//opensslCmd.PersistentFlags().StringVar(&gc.Curlpath, "wget", "", "wget file path, default: /usr/bin/wget. (Deprecated)")
+	gnutlsCmd.PersistentFlags().StringVar(&gc.Gnutls, "gnutls", "", "libgnutls.so file path, will automatically find it from curl default.")
+	rootCmd.AddCommand(gnutlsCmd)
+}
+
+// gnuTlsCommandFunc executes the "bash" command.
+func gnuTlsCommandFunc(command *cobra.Command, args []string) {
+	stopper := make(chan os.Signal, 1)
+	signal.Notify(stopper, os.Interrupt, syscall.SIGTERM)
+	ctx, cancelFun := context.WithCancel(context.TODO())
+
+	logger := log.New(os.Stdout, "tls_", log.LstdFlags)
+
+	// save global config
+	gConf, err := getGlobalConf(command)
+	if err != nil {
+		logger.Fatal(err)
+	}
+	logger.SetOutput(gConf.writer)
+
+	logger.Printf("ECAPTURE :: %s Version : %s", cliName, GitVersion)
+	logger.Printf("ECAPTURE :: Pid Info : %d", os.Getpid())
+	var version kernel.Version
+	version, err = kernel.HostVersion()
+	logger.Printf("ECAPTURE :: Kernel Info : %s", version.String())
+	modNames := []string{module.ModuleNameGnutls}
+
+	var runMods uint8
+	var runModules = make(map[string]module.IModule)
+	var wg sync.WaitGroup
+
+	for _, modName := range modNames {
+		mod := module.GetModuleByName(modName)
+		if mod == nil {
+			logger.Printf("ECAPTURE :: \tcant found module: %s", modName)
+			break
+		}
+
+		var conf config.IConfig
+		conf = gc
+		if conf == nil {
+			logger.Printf("ECAPTURE :: \tcant found module %s config info.", mod.Name())
+			break
+		}
+
+		conf.SetPid(gConf.Pid)
+		conf.SetUid(gConf.Uid)
+		conf.SetDebug(gConf.Debug)
+		conf.SetHex(gConf.IsHex)
+
+		err = conf.Check()
+
+		if err != nil {
+			logger.Printf("%s\tmodule initialization failed. [skip it]. error:%+v", mod.Name(), err)
+			continue
+		}
+
+		logger.Printf("%s\tmodule initialization", mod.Name())
+
+		//初始化
+		err = mod.Init(ctx, logger, conf)
+		if err != nil {
+			logger.Printf("%s\tmodule initialization failed, [skip it]. error:%+v", mod.Name(), err)
+			continue
+		}
+
+		err = mod.Run()
+		if err != nil {
+			logger.Printf("%s\tmodule run failed, [skip it]. error:%+v", mod.Name(), err)
+			continue
+		}
+		runModules[mod.Name()] = mod
+		logger.Printf("%s\tmodule started successfully.", mod.Name())
+		wg.Add(1)
+		runMods++
+	}
+
+	// needs runmods > 0
+	if runMods > 0 {
+		logger.Printf("ECAPTURE :: \tstart %d modules", runMods)
+		<-stopper
+	} else {
+		logger.Println("ECAPTURE :: \tNo runnable modules, Exit(1)")
+		os.Exit(1)
+	}
+	cancelFun()
+
+	// clean up
+	for _, mod := range runModules {
+		err = mod.Close()
+		wg.Done()
+		if err != nil {
+			logger.Fatalf("%s\tmodule close failed. error:%+v", mod.Name(), err)
+		}
+	}
+
+	wg.Wait()
+	os.Exit(0)
+}
diff --git a/cli/cmd/root.go b/cli/cmd/root.go
@@ -46,7 +46,7 @@ var rootCmd = &cobra.Command{
 such as HTTPS and TLS without installing a CA certificate.
 It can also capture bash commands, which is suitable for 
 security auditing scenarios, such as database auditing of mysqld, etc (disabled on Android).
-
+Support Linux(Android)  X86_64 4.18/aarch64 5.5 or newer.
 Repository: https://github.com/gojue/ecapture
 HomePage: https://ecapture.cc
 

diff --git a/cli/cmd/tls.go b/cli/cmd/tls.go
@@ -29,14 +29,13 @@ import (
 )
 
 var oc = config.NewOpensslConfig()
-var gc = config.NewGnutlsConfig()
 var nc = config.NewNsprConfig()
 
 // opensslCmd represents the openssl command
 var opensslCmd = &cobra.Command{
 	Use:     "tls",
-	Aliases: []string{"openssl", "gnutls", "nss"},
-	Short:   "use to capture tls/ssl text content without CA cert. (Support Linux(Android)  X86_64 4.18/aarch64 5.5 or newer).",
+	Aliases: []string{"openssl", "nss"},
+	Short:   "use to capture tls/ssl text content without CA cert. (Support openssl 1.0.x/1.1.x/3.0.x or newer).",
 	Long: `use eBPF uprobe/TC to capture process event data and network data.also support pcap-NG format.
 ecapture tls
 ecapture tls --hex --pid=3423
@@ -52,8 +51,6 @@ func init() {
 	//opensslCmd.PersistentFlags().StringVar(&oc.Curlpath, "curl", "", "curl or wget file path, use to dectet openssl.so path, default:/usr/bin/curl. (Deprecated)")
 	opensslCmd.PersistentFlags().StringVar(&oc.Openssl, "libssl", "", "libssl.so file path, will automatically find it from curl default.")
 	opensslCmd.PersistentFlags().StringVar(&oc.CGroupPath, "cgroup_path", "/sys/fs/cgroup", "cgroup path, default: /sys/fs/cgroup.")
-	opensslCmd.PersistentFlags().StringVar(&gc.Gnutls, "gnutls", "", "libgnutls.so file path, will automatically find it from curl default.")
-	//opensslCmd.PersistentFlags().StringVar(&gc.Curlpath, "wget", "", "wget file path, default: /usr/bin/wget. (Deprecated)")
 	//opensslCmd.PersistentFlags().StringVar(&nc.Firefoxpath, "firefox", "", "firefox file path, default: /usr/lib/firefox/firefox. (Deprecated)")
 	opensslCmd.PersistentFlags().StringVar(&nc.Nsprpath, "nspr", "", "libnspr44.so file path, will automatically find it from curl default.")
 	opensslCmd.PersistentFlags().StringVar(&oc.Pthread, "pthread", "", "libpthread.so file path, use to hook connect to capture socket FD.will automatically find it from curl.")
@@ -89,7 +86,7 @@ func openSSLCommandFunc(command *cobra.Command, args []string) {
 	if config.ElfArchIsandroid || oc.Write != "" {
 		modNames = []string{module.ModuleNameOpenssl}
 	} else {
-		modNames = []string{module.ModuleNameOpenssl, module.ModuleNameGnutls, module.ModuleNameNspr}
+		modNames = []string{module.ModuleNameOpenssl, module.ModuleNameNspr}
 	}
 
 	var runMods uint8
@@ -107,8 +104,6 @@ func openSSLCommandFunc(command *cobra.Command, args []string) {
 		switch mod.Name() {
 		case module.ModuleNameOpenssl:
 			conf = oc
-		case module.ModuleNameGnutls:
-			conf = gc
 		case module.ModuleNameNspr:
 			conf = nc
 		default: