Monitor the encrypted transmission packet of an app

When it comes to intercepting encrypted transmission packets, people usually think of bypassing "Certificate Pinning".
Besides, there is a amazing tool called eCapture, which utilizes eBPF technology. eBPF stands for Extended Berkeley Packet Filter, and it is a network analysis tool that operates at the Linux kernel level. It runs at runtime environment and does not require modifications to the kernel. Unlike methods that forcibly bypass "Certificate Pinning", eBPF can achieve the goal of intercepting encrypted transmission content without the need for a CA certificate.