peetch - an eBPF based networking tool — Guillaume Valadon
Date : 09 June 2023 à 10:00 — 15 min.
peetch is a collection of tools aimed at experimenting with different aspects of eBPF to bypass TLS protocol protections.
Currently, peetch includes two subcommands. The first called dump aims to sniff network traffic by associating information about the source process with each packet. The second called tls allows to identify processes using OpenSSL to extract cryptographic keys.
Combined, these two commands make it possible to decrypt TLS exchanges recorded in the PCAPng format.