docs : update README.md

Signed-off-by: CFC4N <cfc4n.cs@gmail.com>
N0mansky · Aug 7, 2022 · 53c9666 · 53c9666
1 parent f9c0daa
commit 53c9666
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -9,6 +9,11 @@
 
 ### eCapture(旁观者):  capture SSL/TLS text content without CA cert Using eBPF.
 
+> **Note**
+>
+> Support Linux Kernel 4.15 or newer,Support Android Kernel 5.4 or newer.
+>
+> Do not support Windows and macOS system.
 ----
 
 #  How eCapture works
@@ -23,16 +28,46 @@
 ![](./images/ecapture-architecture.png)
 
 # eCapture User Manual
+
 [![eCapture User Manual](./images/ecapture-user-manual.png)](https://www.youtube.com/watch?v=CoDIjEQCvvA "eCapture User Manual")
 
 # Getting started
+
 ## use ELF binary file
-Download ELF zip file [release](https://github.com/ehids/ecapture/releases) , unzip and use by command `./ecapture --help`.
+
+Download ELF zip file [release](https://github.com/ehids/ecapture/releases) , unzip and use by
+command `./ecapture --help`.
 
 * Linux kernel version >= 4.15 is required.
 * Enable BTF [BPF Type Format (BTF)](https://www.kernel.org/doc/html/latest/bpf/btf.html)  (Optional, 2022-04-17)
 
+## Command line options
+
+> **Note**
+>
+> Need ROOT permission.
+>
+eCapture search `/etc/ld.so.conf` file default, to search load directories of  `SO` file, and search `openssl` shard
+libraries location. or you can use `--libssl`
+flag to set shard library path.
+
+If target program is compile statically, you can set program path as `--libssl` flag value directly。
+
+### Pcapng result
+
+`./ecapture tls -i eth0 -w pcapng -p 443` capture plaintext packets save as pcapng file, use `Wireshark` read it
+directly.
+
+### plaintext result
+
+`./ecapture tls` will capture all plaintext context ,output to console, and capture `Master Secret` of `openssl TLS`
+save to `ecapture_master.log`. You can also use `tcpdump` to capture raw packet,and use `Wireshark` to read them
+with `Master Secret` settings.
+
+>
+
 ### check your server BTF config：
+
 ```shell
 cfc4n@vm-server:~$# uname -r
 4.18.0-305.3.1.el8.x86_64
@@ -41,6 +76,7 @@ CONFIG_DEBUG_INFO_BTF=y
 ```
 
 ### tls command
+
 capture tls text context.
 Step 1:
 ```shell

diff --git a/README_CN.md b/README_CN.md
@@ -10,6 +10,7 @@
 ### eCapture(旁观者): 基于eBPF技术实现TLS加密的明文捕获，无需CA证书。
 
 > **Note**
+>
 > 支持 Linux系统内核4.15以上版本，支持Android系统内核5.4以上版本。
 >
 > 不支持Windows、macOS系统。

diff --git a/user/probe_openssl.go b/user/probe_openssl.go
@@ -86,7 +86,7 @@ func (this *MOpenSSLProbe) Init(ctx context.Context, logger *log.Logger, conf IC
 	this.pidConns = make(map[uint32]map[uint32]string)
 	this.masterKeys = make(map[string]bool)
 	fd := os.Getpid()
-	this.keyloggerFilename = fmt.Sprintf("ecapture_masterkey_%d.log", fd)
+	this.keyloggerFilename = fmt.Sprintf("ecapture_masterkey.log", fd)
 	file, err := os.OpenFile(this.keyloggerFilename, os.O_APPEND|os.O_WRONLY|os.O_CREATE, 0600)
 	if err != nil {
 		return err