mirror of
https://github.com/emanuele-f/PCAPdroid.git
synced 2026-07-03 21:21:12 +08:00
Ability to disable full payload with TLS decryption
This can be useful to prevent OutOfMemoryError Closes #273
This commit is contained in:
parent
356d8cca07
commit
85e1ceb88e
@ -350,7 +350,7 @@ public class CaptureService extends VpnService implements Runnable {
|
||||
mSocks5Port = MitmReceiver.TLS_DECRYPTION_PROXY_PORT;
|
||||
mSocks5Auth = Utils.genRandomString(8) + ":" + Utils.genRandomString(8);
|
||||
|
||||
mMitmReceiver = new MitmReceiver(this, mSettings.root_capture, mSocks5Auth, mSettings.mitmproxy_opts);
|
||||
mMitmReceiver = new MitmReceiver(this, mSettings, mSocks5Auth);
|
||||
try {
|
||||
if(!mMitmReceiver.start())
|
||||
return abortStart();
|
||||
@ -979,10 +979,6 @@ public class CaptureService extends VpnService implements Runnable {
|
||||
if(INSTANCE == null)
|
||||
return Prefs.PayloadMode.MINIMAL;
|
||||
|
||||
// With TLS decryption, payload mode is always "full"
|
||||
if(INSTANCE.mSettings.tls_decryption)
|
||||
return Prefs.PayloadMode.FULL;
|
||||
|
||||
return INSTANCE.mSettings.full_payload ? Prefs.PayloadMode.FULL : Prefs.PayloadMode.MINIMAL;
|
||||
}
|
||||
|
||||
|
||||
@ -48,8 +48,8 @@ import java.io.IOException;
|
||||
import java.lang.ref.WeakReference;
|
||||
|
||||
public class MitmAddon {
|
||||
public static final long PACKAGE_VERSION_CODE = 11;
|
||||
public static final String PACKAGE_VERSION_NAME = "v0.11";
|
||||
public static final long PACKAGE_VERSION_CODE = 12;
|
||||
public static final String PACKAGE_VERSION_NAME = "v0.12";
|
||||
public static final String REPOSITORY = "https://github.com/emanuele-f/PCAPdroid-mitm";
|
||||
private static final String TAG = "MitmAddon";
|
||||
private final Context mContext;
|
||||
|
||||
@ -32,6 +32,7 @@ import androidx.lifecycle.Observer;
|
||||
|
||||
import com.emanuelef.remote_capture.interfaces.ConnectionsListener;
|
||||
import com.emanuelef.remote_capture.interfaces.MitmListener;
|
||||
import com.emanuelef.remote_capture.model.CaptureSettings;
|
||||
import com.emanuelef.remote_capture.model.ConnectionDescriptor;
|
||||
import com.emanuelef.remote_capture.model.PayloadChunk;
|
||||
import com.emanuelef.remote_capture.model.PayloadChunk.ChunkType;
|
||||
@ -90,6 +91,7 @@ public class MitmReceiver implements Runnable, ConnectionsListener, MitmListener
|
||||
TCP_ERROR,
|
||||
WEBSOCKET_CLIENT_MSG,
|
||||
WEBSOCKET_SERVER_MSG,
|
||||
DATA_TRUNCATED,
|
||||
MASTER_SECRET,
|
||||
LOG,
|
||||
}
|
||||
@ -117,7 +119,7 @@ public class MitmReceiver implements Runnable, ConnectionsListener, MitmListener
|
||||
RUNNING
|
||||
}
|
||||
|
||||
public MitmReceiver(Context ctx, boolean rootCapture, String proxyAuth, String additionalOpts) {
|
||||
public MitmReceiver(Context ctx, CaptureSettings settings, String proxyAuth) {
|
||||
mContext = ctx;
|
||||
mReg = CaptureService.requireConnsRegister();
|
||||
mAddon = new MitmAddon(mContext, this);
|
||||
@ -126,7 +128,8 @@ public class MitmReceiver implements Runnable, ConnectionsListener, MitmListener
|
||||
mConfig.proxyPort = TLS_DECRYPTION_PROXY_PORT;
|
||||
mConfig.proxyAuth = proxyAuth;
|
||||
mConfig.dumpMasterSecrets = (CaptureService.getDumpMode() != Prefs.DumpMode.NONE);
|
||||
mConfig.additionalOptions = additionalOpts;
|
||||
mConfig.additionalOptions = settings.mitmproxy_opts;
|
||||
mConfig.shortPayload = !settings.full_payload;
|
||||
|
||||
/* upstream certificate verification is disabled because the app does not provide a way to let the user
|
||||
accept a given cert. Moreover, it provides a workaround for a bug with HTTPS proxies described in
|
||||
@ -134,7 +137,7 @@ public class MitmReceiver implements Runnable, ConnectionsListener, MitmListener
|
||||
mConfig.sslInsecure = true;
|
||||
|
||||
// root capture uses transparent mode (redirection via iptables)
|
||||
mConfig.transparentMode = rootCapture;
|
||||
mConfig.transparentMode = settings.root_capture;
|
||||
|
||||
//noinspection ResultOfMethodCallIgnored
|
||||
getKeylogFilePath(mContext).delete();
|
||||
@ -307,7 +310,9 @@ public class MitmReceiver implements Runnable, ConnectionsListener, MitmListener
|
||||
// see ConnectionDescriptor.processUpdate
|
||||
if(conn.status == ConnectionDescriptor.CONN_STATUS_CLOSED)
|
||||
conn.status = ConnectionDescriptor.CONN_STATUS_CLIENT_ERROR;
|
||||
} else
|
||||
} else if(type == MsgType.DATA_TRUNCATED)
|
||||
conn.setPayloadTruncatedByAddon();
|
||||
else
|
||||
conn.addPayloadChunkMitm(new PayloadChunk(message, getChunkType(type), isSent(type), tstamp));
|
||||
}
|
||||
|
||||
@ -360,6 +365,8 @@ public class MitmReceiver implements Runnable, ConnectionsListener, MitmListener
|
||||
return MsgType.WEBSOCKET_CLIENT_MSG;
|
||||
case "ws_srvmsg":
|
||||
return MsgType.WEBSOCKET_SERVER_MSG;
|
||||
case "trunc":
|
||||
return MsgType.DATA_TRUNCATED;
|
||||
case "secret":
|
||||
return MsgType.MASTER_SECRET;
|
||||
case "log":
|
||||
|
||||
@ -154,7 +154,6 @@ public class SettingsActivity extends BaseActivity implements PreferenceFragment
|
||||
setupSecurityPrefs();
|
||||
setupOtherPrefs();
|
||||
|
||||
fullPayloadHideShow(mTlsDecryption.isChecked());
|
||||
socks5ProxyHideShow(mTlsDecryption.isChecked(), mSocks5Enabled.isChecked(), rootCaptureEnabled());
|
||||
mBlockQuic.setVisible(!rootCaptureEnabled());
|
||||
rootCaptureHideShow(rootCaptureEnabled());
|
||||
@ -174,6 +173,7 @@ public class SettingsActivity extends BaseActivity implements PreferenceFragment
|
||||
if(mHasStartedMitmWizard && !MitmAddon.needsSetup(requireContext())) {
|
||||
Log.d(TAG, "mitm setup complete, enabling");
|
||||
mTlsDecryption.setChecked(true);
|
||||
mFullPayloadEnabled.setChecked(true);
|
||||
}
|
||||
mHasStartedMitmWizard = false;
|
||||
}
|
||||
@ -285,7 +285,6 @@ public class SettingsActivity extends BaseActivity implements PreferenceFragment
|
||||
return false;
|
||||
}
|
||||
|
||||
fullPayloadHideShow((boolean) newValue);
|
||||
mMitmWizard.setVisible((boolean) newValue);
|
||||
mMitmproxyOpts.setVisible((boolean) newValue);
|
||||
socks5ProxyHideShow((boolean) newValue, mSocks5Enabled.isChecked(), rootCaptureEnabled());
|
||||
@ -321,10 +320,6 @@ public class SettingsActivity extends BaseActivity implements PreferenceFragment
|
||||
mSocks5ProxyPort.setOnPreferenceChangeListener((preference, newValue) -> Utils.validatePort(newValue.toString()));
|
||||
}
|
||||
|
||||
private void fullPayloadHideShow(boolean tlsDecryption) {
|
||||
mFullPayloadEnabled.setVisible(!tlsDecryption);
|
||||
}
|
||||
|
||||
private void socks5ProxyHideShow(boolean tlsDecryption, boolean socks5Enabled, boolean rootEnabled) {
|
||||
boolean available = !tlsDecryption && !rootEnabled;
|
||||
mSocks5Enabled.setVisible(available);
|
||||
@ -393,11 +388,9 @@ public class SettingsActivity extends BaseActivity implements PreferenceFragment
|
||||
mSocks5Enabled.setVisible(false);
|
||||
mSocks5ProxyIp.setVisible(false);
|
||||
mSocks5ProxyPort.setVisible(false);
|
||||
fullPayloadHideShow(mTlsDecryption.isChecked());
|
||||
mBlockQuic.setVisible(false);
|
||||
} else {
|
||||
mAutoBlockPrivateDNS.setVisible(true);
|
||||
fullPayloadHideShow(mTlsDecryption.isChecked());
|
||||
mBlockQuic.setVisible(true);
|
||||
socks5ProxyHideShow(mTlsDecryption.isChecked(), mSocks5Enabled.isChecked(), false);
|
||||
}
|
||||
|
||||
@ -289,6 +289,12 @@ public class ConnectionDescriptor {
|
||||
return isBlacklistedIp() || isBlacklistedHost();
|
||||
}
|
||||
|
||||
public void setPayloadTruncatedByAddon() {
|
||||
// only for the mitm addon
|
||||
assert(!isNotDecryptable());
|
||||
payload_truncated = true;
|
||||
}
|
||||
|
||||
public boolean isPayloadTruncated() {
|
||||
return payload_truncated;
|
||||
}
|
||||
|
||||
@ -40,6 +40,7 @@ public class MitmAPI {
|
||||
public boolean transparentMode; // true to use transparent proxy mode, false to use SOCKS5 proxy mode
|
||||
public boolean sslInsecure; // true to disable upstream certificate check
|
||||
public boolean dumpMasterSecrets; // true to enable the TLS master secrets dump messages (similar to SSLKEYLOG)
|
||||
public boolean shortPayload; // if true, only the initial portion of the payload will be sent
|
||||
public String proxyAuth; // SOCKS5 proxy authentication, "user:pass"
|
||||
public String additionalOptions; // provide additional options to mitmproxy
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user