| ▲ | adtac 3 days ago | |||||||
Yep, certificate pinning is the one scenario Subtrace can't handle in my experience, but thankfully, it's fairly rare like you said. And IMO there is no general solution to the problem [1], but it's one of those very interesting problems to daydream thinking about when you're stuck in traffic or whatever :) We still try our best by handling as much of the long tail of environments with some library/framework specific workaround (e.g. Deno bundles all TLS certs in its binary so we set the DENO_CERT env var when applicable). | ||||||||
| ▲ | chatmasta 2 days ago | parent | next [-] | |||||||
No general solution? :) If you came up with this hack I’m sure you can extend it… Cert pinning has to read a public cert from memory, right? And a public cert has a well-known shape… and you have bpf and access to the memory… | ||||||||
| ||||||||
| ▲ | smw 2 days ago | parent | prev [-] | |||||||
kubeshark [0] is using ebpf to catch calls to openssl/go's tls lib and thus no need to juggle certs. Has pros and cons compared to your method, but an interesting comparison. | ||||||||
| ||||||||