rphang / evilbpf Goto Github PK
View Code? Open in Web Editor NEWWeaponizing the Linux Kernel (Hide Files/PID, SSH backdoors, SSL Sniffer, ...) by poking around eBPF/XDP
Weaponizing the Linux Kernel (Hide Files/PID, SSH backdoors, SSL Sniffer, ...) by poking around eBPF/XDP
I have run firefox and tried to figure out the dynamically linked ssl libraries.
pegasus@pegasus:~$ sudo lsof -p 21129 | grep -iE 'ssl|nss'
[sudo] password for pegasus:
lsof: WARNING: can't stat() fuse.portal file system /run/user/1000/doc
Output information may be incomplete.
lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/1000/gvfs
Output information may be incomplete.
firefox-b 21129 pegasus mem REG 259,7 567848 32653234 /opt/firefox/libnssckbi.so
firefox-b 21129 pegasus mem REG 259,7 447160 32653231 /opt/firefox/libssl3.so
firefox-b 21129 pegasus mem REG 259,7 776816 32653277 /opt/firefox/libnss3.so
firefox-b 21129 pegasus mem REG 259,7 189080 32653243 /opt/firefox/libnssutil3.so
If I add this path in libresolver.c:
const char *COMMON_PATHS[] = {
"/opt/firefox/",
"/home/linuxbrew/.linuxbrew/",
"/lib/",
"/lib64/",
"/lib32/",
"/usr/lib/",
"/usr/lib64/",
"/usr/lib32/",
"/usr/local/lib/",
};
and compile and run the tool and visit any big websites, it gives segmentation fault.
StreamTrans #66��M��h{
"componentChunkName":�---src-pages-about-mdx",
"path": "/�/(result": {"9TContext":{"frontmatterLtitle":"About","bann�\"/assets/bg/bg3.jpg"}}}, vXstaticQueryHashes": []}crb72c0lA2suMWPWT92PFLaRvFrFn9HVzI6Vh50YZgB3AObSMWNAd4zBEEEG13G5zsHSQPaWhIb7uocyHf0eN45QAAABjkN89pQAAAQDAEgwRgIhAPJQX4QArFCjM0sKKzsWLmqmmU8lMhKEYR2Tges1AQyQAiEA2Y3VhP5RG+dapcbwYgVbrTlgWzO7KE/lg1x11CVcz3QwDQYJKoZIhvcNAQELBQADggEBAHKlvzObJBxxgyLaUNCEFf37mNFsUtXmaWvkmcfIt9V+TZ7Qmtvjx5bsd5lqAflp/eqk4+JYpnYcKWrZfM/vMdxPQTeh/VQWewY/hYn6X/V1s�@B"�otVd<{���
Worker Launcher�sNaPpY�2IS7MIg7wKR+DDxoNj4fFFluxteVNgbtwuJcb23NkBQqfHXCvQWqxXZZA4Nwl/WoGPoGGdW5qVOc3BlhtITW53ASyhvKC7HArhj7LwQH8C/dRgn1agIHP9vVJ1NaZnPXhK98Tohv++OO0E/F/bVGNWVnLBQ4v5PjQzRQUTGvM2mUTAQAEAAAAAAABAQAAAAAAAAZ4MjU1MTkAAAAOUlNBLVBTUy1TSEEyNTYAA2YKMiaRXE/7uyCJhaYy3wW9w5eaVCJM1YWJaWtuluqDAAAAAAAABz0wggc5MIIGIaADAgECAhAGPUkXQE055RPLP+7NGy4bMA0GCSqGSIb3DQEBCwUAMFkxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxMzAxBgNVBAMTKkRpZ2lDZXJ0IEdsb2JhbCBHMiBUTFMgUlNBIFNIQTI1NiAyMDIwIENBMTAeFw0yNDAzMTUwMDAwMDBaFw0yNTAzMTQyMzU5NTlaMGcxCzAJBgNVB�@B�RQYDV�Ǜr�
Socket ThreadM1TYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxHaXRIdWIsIEluYy4xFDASBgNVBAMMCyouZ2l0aHViLmlvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArSsUpTpMQa+4sJjdk65eUb7eN6sPoQ/WBzWp7fmDrwWrIa5U85R11g1mLKaNgxnHLCg2nerGVsUUFN/162xrJq9P65b7ZQyOoKi0B0oqJwESym4TGgAIW42BOLuxJRPsDnn6Tj/7k75W2lrFDl2ZCTsfFyq8xjHmjAFT58HBgMP6Fd6Ddi/Etk14iU3w6WpYvzD0dsb7dxx6BUSM4lBuStytbshAyrZST3ZePEg+YxUi9p5+pwLWmgZi9LhW8SHfHri8krWEQzhgswoFoT+GoW1wyjOL4f/wmpMJ/M9CGe7bUciin2tK5zHGdlt70B4fPYsRGlRN/euOA4yD08HVFQIDAQABo4ID7TCCA+kwHwYDVR0jBBgwFoAUdIWAwGbH3zfez70pN6oDHb7tzRcwHQYDVR0OBBYEFOhvV+uGUZjrn6W+U9rblKwoLvvtMHsGA1UdEQR0MHKCCyouZ2l0aHViLmlvgglnaXRodWIuaW+CFWdpdGh1YnVzZXJjb250ZW50LmNvbYIOd3d3LmdpdGh1Yi5jb22CDCouZ2l0aHViLmNvbYIXKi5naXRodWJ1c2VyY29udGVudC5jb22CCmdpdGh1Yi5jb20wPgYDVR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgZ8GA1UdHwSBlzCBlDBIoEagRIZCaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsRzJUTFNSU0FTSEEyNTYyMDIwQ0ExLTEuY3JsMEigRqBEhkJodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxHMlRMU1JTQVNIQTI1NjIwMjBDQTEtMS5jcmwwgYcGCCsGAQUFBwEBBHsweTAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMFEGCCsGAQUFBzAChkVodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxHMlRMU1JTQVNIQTI1NjIwMjBDQTEtMS5jcnQwDAYDVR0TAQH/BAIwADCCAX8GCisGAQQB1nkCBAIEggFvBIIBawFpAHYATnWjJ1yaEMM4W2zU3z9S6x3w4I4bjWnAsfpksWKaOd8AAAGOQ3z2gAAABAMARzBFAiBT8znbtZzHQpDcgjuQK`��ssl_sniffer: we might lose some data (%d), need some recursive read
Segmentation fault
Like this.
How to solve this?
When I'm trying to build the tools using make
I find the following error:
pegasus@pegasus:~/Documents/ssl-ebpf-projects/evilBPF$ make
find . -mindepth 2 -name libbpf -prune -o -name Makefile -execdir make release \; || exit 1
make[1]: Entering directory '/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/ssl_sniffer'
make -C /home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/../lib/libbpf/src
make[2]: Entering directory '/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/lib/libbpf/src'
make[2]: Leaving directory '/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/lib/libbpf/src'
clang -Wall -O2 sniffer.c -Iinclude -Iebpf ebpf/loader.o utils/libresolver.o -I/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/../lib/libbpf/src -L/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/../lib/libbpf/src -l:libbpf.a -lbpf -lelf -lz -o sniffer -static
In file included from sniffer.c:7:
include/utils/libresolver.h:22:12: warning: unused function 'lookup_path' [-Wunused-function]
22 | static int lookup_path(const char *path, char *library_name, int strict, char *library_path, int depth);
| ^~~~~~~~~~~
1 warning generated.
/usr/bin/ld: /lib/x86_64-linux-gnu/libelf.a(elf_compress.o): in function `__libelf_compress':
(.text+0x113): undefined reference to `ZSTD_createCCtx'
/usr/bin/ld: (.text+0x2a9): undefined reference to `ZSTD_compressStream2'
/usr/bin/ld: (.text+0x2b4): undefined reference to `ZSTD_isError'
/usr/bin/ld: (.text+0x2db): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: (.text+0x5a0): undefined reference to `ZSTD_compressStream2'
/usr/bin/ld: (.text+0x5ab): undefined reference to `ZSTD_isError'
/usr/bin/ld: (.text+0x6b9): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: (.text+0x835): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: (.text+0x86f): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: (.text+0x91b): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: (.text+0xa12): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: /lib/x86_64-linux-gnu/libelf.a(elf_compress.o): in function `__libelf_decompress':
(.text+0xbfc): undefined reference to `ZSTD_decompress'
/usr/bin/ld: (.text+0xc04): undefined reference to `ZSTD_isError'
/usr/bin/ld: /lib/x86_64-linux-gnu/libelf.a(elf_compress.o): in function `__libelf_decompress_elf':
(.text+0xd45): undefined reference to `ZSTD_decompress'
/usr/bin/ld: (.text+0xd4d): undefined reference to `ZSTD_isError'
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make[1]: *** [/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/common.mk:23: sniffer] Error 1
make[1]: Leaving directory '/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/ssl_sniffer'
make[1]: Entering directory '/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/hidden_ssh'
make -C /home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/../lib/libbpf/src
make[2]: Entering directory '/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/lib/libbpf/src'
make[2]: Leaving directory '/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/lib/libbpf/src'
clang -Wall -O2 hidden_ssh.c -I/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/../lib/libbpf/src -L/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/../lib/libbpf/src -l:libbpf.a -lbpf -lelf -lz -o hidden_ssh -static
/usr/bin/ld: /lib/x86_64-linux-gnu/libelf.a(elf_compress.o): in function `__libelf_compress':
(.text+0x113): undefined reference to `ZSTD_createCCtx'
/usr/bin/ld: (.text+0x2a9): undefined reference to `ZSTD_compressStream2'
/usr/bin/ld: (.text+0x2b4): undefined reference to `ZSTD_isError'
/usr/bin/ld: (.text+0x2db): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: (.text+0x5a0): undefined reference to `ZSTD_compressStream2'
/usr/bin/ld: (.text+0x5ab): undefined reference to `ZSTD_isError'
/usr/bin/ld: (.text+0x6b9): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: (.text+0x835): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: (.text+0x86f): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: (.text+0x91b): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: (.text+0xa12): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: /lib/x86_64-linux-gnu/libelf.a(elf_compress.o): in function `__libelf_decompress':
(.text+0xbfc): undefined reference to `ZSTD_decompress'
/usr/bin/ld: (.text+0xc04): undefined reference to `ZSTD_isError'
/usr/bin/ld: /lib/x86_64-linux-gnu/libelf.a(elf_compress.o): in function `__libelf_decompress_elf':
(.text+0xd45): undefined reference to `ZSTD_decompress'
/usr/bin/ld: (.text+0xd4d): undefined reference to `ZSTD_isError'
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make[1]: *** [/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/common.mk:23: hidden_ssh] Error 1
make[1]: Leaving directory '/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/hidden_ssh'
make[1]: Entering directory '/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/hide_pid'
/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/common.mk:37: warning: overriding recipe for target 'hider.bpf.o'
/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/common.mk:32: warning: ignoring old recipe for target 'hider.bpf.o'
make[1]: Circular hider.bpf.o <- hider.bpf.o dependency dropped.
make -C /home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/../lib/libbpf/src
make[2]: Entering directory '/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/lib/libbpf/src'
make[2]: Leaving directory '/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/lib/libbpf/src'
clang -Wall -O2 hider.c -I/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/../lib/libbpf/src -L/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/../lib/libbpf/src -l:libbpf.a -lbpf -lelf -lz -o hider -static
/usr/bin/ld: /lib/x86_64-linux-gnu/libelf.a(elf_compress.o): in function `__libelf_compress':
(.text+0x113): undefined reference to `ZSTD_createCCtx'
/usr/bin/ld: (.text+0x2a9): undefined reference to `ZSTD_compressStream2'
/usr/bin/ld: (.text+0x2b4): undefined reference to `ZSTD_isError'
/usr/bin/ld: (.text+0x2db): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: (.text+0x5a0): undefined reference to `ZSTD_compressStream2'
/usr/bin/ld: (.text+0x5ab): undefined reference to `ZSTD_isError'
/usr/bin/ld: (.text+0x6b9): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: (.text+0x835): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: (.text+0x86f): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: (.text+0x91b): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: (.text+0xa12): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: /lib/x86_64-linux-gnu/libelf.a(elf_compress.o): in function `__libelf_decompress':
(.text+0xbfc): undefined reference to `ZSTD_decompress'
/usr/bin/ld: (.text+0xc04): undefined reference to `ZSTD_isError'
/usr/bin/ld: /lib/x86_64-linux-gnu/libelf.a(elf_compress.o): in function `__libelf_decompress_elf':
(.text+0xd45): undefined reference to `ZSTD_decompress'
/usr/bin/ld: (.text+0xd4d): undefined reference to `ZSTD_isError'
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make[1]: *** [/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/common.mk:23: hider] Error 1
make[1]: Leaving directory '/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/hide_pid'
make[1]: Entering directory '/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/icmp_pingback/maps'
/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/common.mk:37: warning: overriding recipe for target 'icmp.bpf.o'
/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/common.mk:32: warning: ignoring old recipe for target 'icmp.bpf.o'
make[1]: Circular icmp.bpf.o <- icmp.bpf.o dependency dropped.
make -C /home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/../lib/libbpf/src
make[2]: Entering directory '/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/lib/libbpf/src'
make[2]: Leaving directory '/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/lib/libbpf/src'
clang -Wall -O2 icmp.c -I/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/../lib/libbpf/src -L/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/../lib/libbpf/src -l:libbpf.a -lbpf -lelf -lz -o icmp -static
/usr/bin/ld: /lib/x86_64-linux-gnu/libelf.a(elf_compress.o): in function `__libelf_compress':
(.text+0x113): undefined reference to `ZSTD_createCCtx'
/usr/bin/ld: (.text+0x2a9): undefined reference to `ZSTD_compressStream2'
/usr/bin/ld: (.text+0x2b4): undefined reference to `ZSTD_isError'
/usr/bin/ld: (.text+0x2db): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: (.text+0x5a0): undefined reference to `ZSTD_compressStream2'
/usr/bin/ld: (.text+0x5ab): undefined reference to `ZSTD_isError'
/usr/bin/ld: (.text+0x6b9): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: (.text+0x835): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: (.text+0x86f): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: (.text+0x91b): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: (.text+0xa12): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: /lib/x86_64-linux-gnu/libelf.a(elf_compress.o): in function `__libelf_decompress':
(.text+0xbfc): undefined reference to `ZSTD_decompress'
/usr/bin/ld: (.text+0xc04): undefined reference to `ZSTD_isError'
/usr/bin/ld: /lib/x86_64-linux-gnu/libelf.a(elf_compress.o): in function `__libelf_decompress_elf':
(.text+0xd45): undefined reference to `ZSTD_decompress'
/usr/bin/ld: (.text+0xd4d): undefined reference to `ZSTD_isError'
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make[1]: *** [/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/common.mk:23: icmp] Error 1
make[1]: Leaving directory '/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/icmp_pingback/maps'
make[1]: Entering directory '/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/icmp_pingback/minimum'
/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/common.mk:37: warning: overriding recipe for target 'icmp.bpf.o'
/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/common.mk:32: warning: ignoring old recipe for target 'icmp.bpf.o'
make[1]: Circular icmp.bpf.o <- icmp.bpf.o dependency dropped.
make -C /home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/../lib/libbpf/src
make[2]: Entering directory '/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/lib/libbpf/src'
make[2]: Leaving directory '/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/lib/libbpf/src'
clang -Wall -O2 icmp.c -I/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/../lib/libbpf/src -L/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/../lib/libbpf/src -l:libbpf.a -lbpf -lelf -lz -o icmp -static
/usr/bin/ld: /lib/x86_64-linux-gnu/libelf.a(elf_compress.o): in function `__libelf_compress':
(.text+0x113): undefined reference to `ZSTD_createCCtx'
/usr/bin/ld: (.text+0x2a9): undefined reference to `ZSTD_compressStream2'
/usr/bin/ld: (.text+0x2b4): undefined reference to `ZSTD_isError'
/usr/bin/ld: (.text+0x2db): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: (.text+0x5a0): undefined reference to `ZSTD_compressStream2'
/usr/bin/ld: (.text+0x5ab): undefined reference to `ZSTD_isError'
/usr/bin/ld: (.text+0x6b9): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: (.text+0x835): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: (.text+0x86f): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: (.text+0x91b): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: (.text+0xa12): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: /lib/x86_64-linux-gnu/libelf.a(elf_compress.o): in function `__libelf_decompress':
(.text+0xbfc): undefined reference to `ZSTD_decompress'
/usr/bin/ld: (.text+0xc04): undefined reference to `ZSTD_isError'
/usr/bin/ld: /lib/x86_64-linux-gnu/libelf.a(elf_compress.o): in function `__libelf_decompress_elf':
(.text+0xd45): undefined reference to `ZSTD_decompress'
/usr/bin/ld: (.text+0xd4d): undefined reference to `ZSTD_isError'
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make[1]: *** [/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/common.mk:23: icmp] Error 1
make[1]: Leaving directory '/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/icmp_pingback/minimum'
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.