Isn't there already mechanisms for patching specific SSL libraries to view encrypted requests (e.g. frida)? What is the benefit of using eBPF?
The main benefit is complete coverage. In production systems there are many different workloads with many different binaries, each with different build processes. Leveraging eBPF enables seeing everything on a system without having to adjust the build pipeline.