From 4e2e168ec5adca4b7a88ecb651850c1d2f382376 Mon Sep 17 00:00:00 2001 From: emanuele-f Date: Sat, 9 Jul 2022 17:32:33 +0200 Subject: [PATCH] Ability to only show cleartext connections Protocol search is now performed with exact match (e.g. HTTP does not match HTTPS) Fixes #228 --- .../remote_capture/activities/EditFilterActivity.java | 5 +++++ .../remote_capture/model/ConnectionDescriptor.java | 6 +++--- .../emanuelef/remote_capture/model/FilterDescriptor.java | 8 ++++++++ app/src/main/res/layout/edit_filter_activity.xml | 7 +++++++ app/src/main/res/values/strings.xml | 2 ++ 5 files changed, 25 insertions(+), 3 deletions(-) diff --git a/app/src/main/java/com/emanuelef/remote_capture/activities/EditFilterActivity.java b/app/src/main/java/com/emanuelef/remote_capture/activities/EditFilterActivity.java index a58723dc..38e65f08 100644 --- a/app/src/main/java/com/emanuelef/remote_capture/activities/EditFilterActivity.java +++ b/app/src/main/java/com/emanuelef/remote_capture/activities/EditFilterActivity.java @@ -56,6 +56,7 @@ public class EditFilterActivity extends BaseActivity { private FilterDescriptor mFilter; private CheckBox mHideMasked; private CheckBox mOnlyBlacklisted; + private CheckBox mOnlyCleartext; private ArrayList> mFirewallChips; private ArrayList> mStatusChips; private ArrayList> mDecChips; @@ -84,6 +85,7 @@ public class EditFilterActivity extends BaseActivity { mHideMasked = findViewById(R.id.not_hidden); mOnlyBlacklisted = findViewById(R.id.only_blacklisted); + mOnlyCleartext = findViewById(R.id.only_cleartext); mInterfaceGroup = findViewById(R.id.interfaces); findViewById(R.id.edit_mask).setOnClickListener(v -> { @@ -113,6 +115,7 @@ public class EditFilterActivity extends BaseActivity { if(CaptureService.isDecryptingTLS()) { findViewById(R.id.decryption_status_label).setVisibility(View.VISIBLE); findViewById(R.id.decryption_status_group).setVisibility(View.VISIBLE); + mOnlyCleartext.setVisibility(View.GONE); } Billing billing = Billing.newInstance(this); @@ -173,6 +176,7 @@ public class EditFilterActivity extends BaseActivity { private void model2view() { mHideMasked.setChecked(!mFilter.showMasked); mOnlyBlacklisted.setChecked(mFilter.onlyBlacklisted); + mOnlyCleartext.setChecked(mFilter.onlyCleartext); setCheckedChip(mStatusChips, mFilter.status); setCheckedChip(mDecChips, mFilter.decStatus); @@ -193,6 +197,7 @@ public class EditFilterActivity extends BaseActivity { private void view2model() { mFilter.showMasked = !mHideMasked.isChecked(); mFilter.onlyBlacklisted = mOnlyBlacklisted.isChecked(); + mFilter.onlyCleartext = mOnlyCleartext.isChecked(); mFilter.status = getCheckedChip(mStatusChips, Status.STATUS_INVALID); mFilter.decStatus = getCheckedChip(mDecChips, DecryptionStatus.INVALID); diff --git a/app/src/main/java/com/emanuelef/remote_capture/model/ConnectionDescriptor.java b/app/src/main/java/com/emanuelef/remote_capture/model/ConnectionDescriptor.java index 063e856d..8579a598 100644 --- a/app/src/main/java/com/emanuelef/remote_capture/model/ConnectionDescriptor.java +++ b/app/src/main/java/com/emanuelef/remote_capture/model/ConnectionDescriptor.java @@ -111,8 +111,8 @@ public class ConnectionDescriptor { public boolean is_blocked; public boolean netd_block_missed; private boolean payload_truncated; - private boolean encrypted_l7; - public boolean encrypted_payload; + private boolean encrypted_l7; // application layer is encrypted (e.g. TLS) + public boolean encrypted_payload; // actual payload is encrypted (e.g. telegram - see Utils.hasEncryptedPayload) public String decryption_error; public String country; public Geomodel.ASN asn; @@ -231,7 +231,7 @@ public class ConnectionDescriptor { return(((info != null) && (info.contains(filter))) || dst_ip.contains(filter) || - l7proto.toLowerCase().contains(filter) || + l7proto.toLowerCase().equals(filter) || Integer.toString(uid).equals(filter) || Integer.toString(dst_port).contains(filter) || Integer.toString(src_port).equals(filter) || diff --git a/app/src/main/java/com/emanuelef/remote_capture/model/FilterDescriptor.java b/app/src/main/java/com/emanuelef/remote_capture/model/FilterDescriptor.java index c97015c6..ba44bf55 100644 --- a/app/src/main/java/com/emanuelef/remote_capture/model/FilterDescriptor.java +++ b/app/src/main/java/com/emanuelef/remote_capture/model/FilterDescriptor.java @@ -37,6 +37,7 @@ public class FilterDescriptor implements Serializable { public Status status; public boolean showMasked; public boolean onlyBlacklisted; + public boolean onlyCleartext; public FilteringStatus filteringStatus; public DecryptionStatus decStatus; public String iface; @@ -53,6 +54,7 @@ public class FilterDescriptor implements Serializable { || (filteringStatus != FilteringStatus.INVALID) || (iface != null) || onlyBlacklisted + || onlyCleartext || (uid != -2) || (!showMasked && !PCAPdroid.getInstance().getVisualizationMask().isEmpty()); } @@ -60,6 +62,7 @@ public class FilterDescriptor implements Serializable { public boolean matches(ConnectionDescriptor conn) { return (showMasked || !PCAPdroid.getInstance().getVisualizationMask().matches(conn)) && (!onlyBlacklisted || conn.isBlacklisted()) + && (!onlyCleartext || conn.isCleartext()) && ((status == Status.STATUS_INVALID) || (conn.getStatus().equals(status))) && ((decStatus == DecryptionStatus.INVALID) || (conn.getDecryptionStatus() == decStatus)) && ((filteringStatus == FilteringStatus.INVALID) || ((filteringStatus == FilteringStatus.BLOCKED) == conn.is_blocked)) @@ -81,6 +84,8 @@ public class FilterDescriptor implements Serializable { addChip(inflater, group, R.id.not_hidden, ctx.getString(R.string.not_hidden_filter)); if(onlyBlacklisted) addChip(inflater, group, R.id.blacklisted, ctx.getString(R.string.malicious_connection_filter)); + if(onlyCleartext) + addChip(inflater, group, R.id.only_cleartext, ctx.getString(R.string.cleartext_connection)); if(status != Status.STATUS_INVALID) { String label = String.format(ctx.getString(R.string.status_filter), ConnectionDescriptor.getStatusLabel(status, ctx)); addChip(inflater, group, R.id.status_ind, label); @@ -103,6 +108,8 @@ public class FilterDescriptor implements Serializable { showMasked = true; else if(filter_id == R.id.blacklisted) onlyBlacklisted = false; + else if(filter_id == R.id.only_cleartext) + onlyCleartext = false; else if(filter_id == R.id.status_ind) status = Status.STATUS_INVALID; else if(filter_id == R.id.decryption_status) @@ -116,6 +123,7 @@ public class FilterDescriptor implements Serializable { public void clear() { showMasked = true; onlyBlacklisted = false; + onlyCleartext = false; status = Status.STATUS_INVALID; decStatus = DecryptionStatus.INVALID; filteringStatus = FilteringStatus.INVALID; diff --git a/app/src/main/res/layout/edit_filter_activity.xml b/app/src/main/res/layout/edit_filter_activity.xml index 8d73f6f5..71cdf443 100644 --- a/app/src/main/res/layout/edit_filter_activity.xml +++ b/app/src/main/res/layout/edit_filter_activity.xml @@ -43,6 +43,13 @@ android:layout_marginBottom="10dp" android:text="@string/show_only_malicious" /> + + The list is empty Malicious connection detected (%1$s) Malicious connections + Cleartext connections Security Malware detection Detect connections to known malicious hosts via third-party blacklists @@ -375,4 +376,5 @@ VPN Exemptions Exempt some apps from the VPN connection. Their traffic will not be monitored No matches + Cleartext