{"id":35891253,"url":"https://github.com/gojue/ecaptureQ","last_synced_at":"2026-01-15T16:00:42.280Z","repository":{"id":305684932,"uuid":"805426445","full_name":"gojue/ecaptureQ","owner":"gojue","description":"A cross-platform GUI for ecapture built with Tauri, enabling eBPF-based, non-intrusive TLS inspection on Linux \u0026 Android, with remote clients for Windows, macOS, and Linux.","archived":false,"fork":false,"pushed_at":"2025-12-15T12:21:06.000Z","size":12552,"stargazers_count":207,"open_issues_count":3,"forks_count":13,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-12-18T13:58:18.119Z","etag":null,"topics":["android","android-https-capture","cross-platform-gui","ebpf","linux","network-capture","rust","tauri","tauri2"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/gojue.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-05-24T14:46:34.000Z","updated_at":"2025-12-15T12:21:10.000Z","dependencies_parsed_at":"2025-09-27T14:21:25.737Z","dependency_job_id":"ea818abe-dfda-4556-8d63-650170cd54b2","html_url":"https://github.com/gojue/ecaptureQ","commit_stats":null,"previous_names":["gojue/ecaptureq"],"tags_count":7,"template":false,"template_full_name":null,"purl":"pkg:github/gojue/ecaptureQ","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gojue%2FecaptureQ","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gojue%2FecaptureQ/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gojue%2FecaptureQ/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gojue%2FecaptureQ/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/gojue","download_url":"https://codeload.github.com/gojue/ecaptureQ/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gojue%2FecaptureQ/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28458636,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-15T15:17:48.816Z","status":"ssl_error","status_checked_at":"2026-01-15T15:16:50.052Z","response_time":62,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["android","android-https-capture","cross-platform-gui","ebpf","linux","network-capture","rust","tauri","tauri2"],"created_at":"2026-01-09T08:00:27.102Z","updated_at":"2026-01-15T16:00:42.268Z","avatar_url":"https://github.com/gojue.png","language":"Rust","funding_links":[],"categories":["Rust"],"sub_categories":[],"readme":"\u003cimg src=\"./images/ecaptureq.png\" alt=\"eCaptureQ Logo\" width=\"300\" height=\"300\"/\u003e\n\n[简体中文](./README_CN.md) | English\n\n[![GitHub stars](https://img.shields.io/github/stars/gojue/ecaptureq.svg?label=Stars\u0026logo=github)](https://github.com/gojue/ecaptureq)\n[![GitHub forks](https://img.shields.io/github/forks/gojue/ecaptureq?label=Forks\u0026logo=github)](https://github.com/gojue/ecaptureq)\n[![Github Version](https://img.shields.io/github/v/release/gojue/ecaptureq?display_name=tag\u0026include_prereleases\u0026sort=semver)](https://github.com/gojue/ecaptureq/releases)\n\n\n# eCaptureQ\n\nEffortlessly capture TLS encrypted traffic in a cross-platform GUI using eBPF, without configuring CA certificates or performing Man-in-the-Middle (MITM) attacks.\n\n## Overview\n\neCaptureQ is a cross-platform GUI for [eCapture](https://github.com/gojue/ecapture), visualizing its eBPF-powered packet capturing capabilities: capture TLS plaintext at the kernel level without needing a CA certificate or MITM.\n\nThis means you can debug and analyze the encrypted communications of any program in a simpler, more efficient, and non-intrusive way.\n\nhttps://github.com/user-attachments/assets/c8b7a84d-58eb-4fdb-9843-f775c97bdbfb\n\n\n## Key Features\n\n**Certificate-Free Capture with eBPF**: Directly capture and decrypt TLS traffic from the kernel without configuring CA certificates or a man-in-the-middle proxy.\n\n**Real-time \u0026 Responsive View**: Displays network requests in real-time and automatically switches between a desktop table view and a mobile card view based on the device.\n\n**Advanced Packet Filtering**: Filter captured packets using custom SQL queries with support for simple conditions or complex full SQL statements. Perfect for focusing on specific traffic patterns, processes, or payload content.\n\n**Cross-Platform \u0026 Dual-Mode**: Runs as an all-in-one tool on Linux/Android, and as a remote client on Windows/macOS/Linux to connect to a server.\n\n**Secure, Lightweight, and Native Experience**: Built with Rust on the backend for memory safety and native performance.\n\n## Operating Modes\n\n`eCaptureQ` offers two main operating modes to suit different user needs.\n\n![](./images/packet_list.png)\n![](./images/packet_detail_overview.png)\n\n### 1\\. Integrated Mode (All-in-One Package)\n\nThis is the standard, all-in-one mode. In this mode, the `ecapture` binary is bundled directly within the `eCaptureQ` application.\n\n  * **Supported Platforms**: **Linux**, **Android**\n  \u003e [!IMPORTANT]  \n  \u003e The integrated Linux build must be compiled from source.\n\n  * **Features**:\n      * **Out-of-the-Box**: No need to manually install or configure `ecapture`.\n      * **Automated Management**: `eCaptureQ` automatically manages the lifecycle of the capture process.\n      * **Simple and Convenient**: Ideal for quick traffic analysis on a local device.\n  * **Requirements**:\n      * On Linux and Android, this mode requires **root privileges** to run the eBPF program.\n\n### 2\\. Remote Mode (Client-Only)\n\nIn this mode, `eCaptureQ` runs as a standalone client without the bundled `ecapture` binary. It connects remotely via WebSocket to an `ecapture` instance that is **manually run** by the user.\n\n  * **Client-Supported Platforms**: **Linux**, **Windows**, **macOS**\n  * **Features**:\n      * **High Flexibility**: Run `ecapture` on a Linux server and monitor it remotely from a Windows or macOS machine.\n      * **No Root Required**: The `eCaptureQ` client itself does not require root privileges.\n      * **Secure Isolation**: Suitable for scenarios where the capture process and the analysis interface need to have separate permissions.\n  * **Requirements**:\n      * The user must download and run `ecapture` separately on the target device.\n      * `ecapture` must be started with the `--ecaptureq` flag to activate the WebSocket service.\n\n## Packet Filtering\n\neCaptureQ provides powerful SQL-based packet filtering capabilities to help you focus on specific network traffic patterns.\n\n### Filter Modes\n\n**Simple Filtering (Recommended for beginners)**  \nWrite simple conditions to filter packets quickly:\n```sql\ndst_port = 443 AND pname = 'chrome'\n```\n\n**Advanced SQL Filtering (For power users)**  \nUse full SQL queries for complex filtering logic:\n```sql\nSELECT * FROM packets WHERE dst_port IN (80, 443) \nUNION \nSELECT * FROM packets WHERE pname LIKE 'python%'\n```\n\n### Common Use Cases\n\n- **Filter by port**: `dst_port IN (80, 443)` - Show only HTTP/HTTPS traffic\n- **Filter by process**: `pname = 'curl'` - Show traffic from specific applications  \n- **Filter by IP**: `src_ip LIKE '192.168.1.%'` - Focus on specific network segments\n- **Search payload**: `payload_utf8 LIKE '%password%'` - Find packets containing sensitive data\n\n### Documentation\n\nFor detailed filtering syntax, examples, and best practices:\n- 📖 [SQL Filtering Guide](./docs/custom_sql_examples_english.md)\n\n## How to Use\n\n### Integrated Mode (on Linux or Android)\n\n1.  Download and install the standard version of `eCaptureQ`.\n2.  (Linux only) Run the application with `sudo`:\n    ```bash\n    sudo /path/to/ecaptureq\n    ```\n3.  Click \"Start\" in the application interface to begin capturing.\n\n### Remote Mode (e.g., connecting from Windows/macOS to a remote Linux server)\n\n1.  On the **target Linux machine**, download and start `ecapture` with the `--ecaptureq` flag. Ensure the WebSocket address is accessible from your `eCaptureQ` client.\n    ```bash\n    # Run on the target server (requires root privileges)\n    sudo ./ecapture tls --ecaptureq ws://0.0.0.0:28257\n    ```\n2.  On **your Windows/macOS/Linux machine**, download and run the `decoupled` version of `eCaptureQ`.\n3.  Go to the settings page in `eCaptureQ`.\n4.  Configure the \"WebSocket Server URL\" to the address `ecapture` is listening on (e.g., `ws://\u003cSERVER_IP\u003e:28257`).\n5.  Return to the main page and click \"Start\" to begin receiving data.\n\n## Tech Stack\n\n  * **Core Engine**: **ecapture** (The underlying eBPF capture tool)\n  * **Framework**: **Tauri** (A framework for building cross-platform applications with Rust)\n  * **Backend**: **Rust** (with Tokio for asynchronous processing and Polars for high-performance data handling)\n  * **Frontend**: **React** with **TypeScript**, **Tailwind CSS**\n\n## Acknowledgement\n\n  * **[ecapture](https://github.com/gojue/ecapture)**: Capturing SSL/TLS plaintext without a CA certificate using eBPF.\n  * **[Tauri](https://tauri.app/)**: Build smaller, faster, and more secure desktop and mobile applications with a web frontend.\n\n## Special Thanks\n\n  * **[Dichgrem](https://github.com/Dichgrem)**: For the invaluable help with testing and product refinement.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgojue%2FecaptureQ","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgojue%2FecaptureQ","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgojue%2FecaptureQ/lists"}