diff --git a/app/src/main/java/com/emanuelef/remote_capture/CaptureService.java b/app/src/main/java/com/emanuelef/remote_capture/CaptureService.java index eb59f6eb..c97d2244 100644 --- a/app/src/main/java/com/emanuelef/remote_capture/CaptureService.java +++ b/app/src/main/java/com/emanuelef/remote_capture/CaptureService.java @@ -350,7 +350,7 @@ public class CaptureService extends VpnService implements Runnable { mSocks5Port = MitmReceiver.TLS_DECRYPTION_PROXY_PORT; mSocks5Auth = Utils.genRandomString(8) + ":" + Utils.genRandomString(8); - mMitmReceiver = new MitmReceiver(this, mSettings.root_capture, mSocks5Auth, mSettings.mitmproxy_opts); + mMitmReceiver = new MitmReceiver(this, mSettings, mSocks5Auth); try { if(!mMitmReceiver.start()) return abortStart(); @@ -979,10 +979,6 @@ public class CaptureService extends VpnService implements Runnable { if(INSTANCE == null) return Prefs.PayloadMode.MINIMAL; - // With TLS decryption, payload mode is always "full" - if(INSTANCE.mSettings.tls_decryption) - return Prefs.PayloadMode.FULL; - return INSTANCE.mSettings.full_payload ? Prefs.PayloadMode.FULL : Prefs.PayloadMode.MINIMAL; } diff --git a/app/src/main/java/com/emanuelef/remote_capture/MitmAddon.java b/app/src/main/java/com/emanuelef/remote_capture/MitmAddon.java index fa4d31de..29bbb9ce 100644 --- a/app/src/main/java/com/emanuelef/remote_capture/MitmAddon.java +++ b/app/src/main/java/com/emanuelef/remote_capture/MitmAddon.java @@ -48,8 +48,8 @@ import java.io.IOException; import java.lang.ref.WeakReference; public class MitmAddon { - public static final long PACKAGE_VERSION_CODE = 11; - public static final String PACKAGE_VERSION_NAME = "v0.11"; + public static final long PACKAGE_VERSION_CODE = 12; + public static final String PACKAGE_VERSION_NAME = "v0.12"; public static final String REPOSITORY = "https://github.com/emanuele-f/PCAPdroid-mitm"; private static final String TAG = "MitmAddon"; private final Context mContext; diff --git a/app/src/main/java/com/emanuelef/remote_capture/MitmReceiver.java b/app/src/main/java/com/emanuelef/remote_capture/MitmReceiver.java index 8438242b..3ae96223 100644 --- a/app/src/main/java/com/emanuelef/remote_capture/MitmReceiver.java +++ b/app/src/main/java/com/emanuelef/remote_capture/MitmReceiver.java @@ -32,6 +32,7 @@ import androidx.lifecycle.Observer; import com.emanuelef.remote_capture.interfaces.ConnectionsListener; import com.emanuelef.remote_capture.interfaces.MitmListener; +import com.emanuelef.remote_capture.model.CaptureSettings; import com.emanuelef.remote_capture.model.ConnectionDescriptor; import com.emanuelef.remote_capture.model.PayloadChunk; import com.emanuelef.remote_capture.model.PayloadChunk.ChunkType; @@ -90,6 +91,7 @@ public class MitmReceiver implements Runnable, ConnectionsListener, MitmListener TCP_ERROR, WEBSOCKET_CLIENT_MSG, WEBSOCKET_SERVER_MSG, + DATA_TRUNCATED, MASTER_SECRET, LOG, } @@ -117,7 +119,7 @@ public class MitmReceiver implements Runnable, ConnectionsListener, MitmListener RUNNING } - public MitmReceiver(Context ctx, boolean rootCapture, String proxyAuth, String additionalOpts) { + public MitmReceiver(Context ctx, CaptureSettings settings, String proxyAuth) { mContext = ctx; mReg = CaptureService.requireConnsRegister(); mAddon = new MitmAddon(mContext, this); @@ -126,7 +128,8 @@ public class MitmReceiver implements Runnable, ConnectionsListener, MitmListener mConfig.proxyPort = TLS_DECRYPTION_PROXY_PORT; mConfig.proxyAuth = proxyAuth; mConfig.dumpMasterSecrets = (CaptureService.getDumpMode() != Prefs.DumpMode.NONE); - mConfig.additionalOptions = additionalOpts; + mConfig.additionalOptions = settings.mitmproxy_opts; + mConfig.shortPayload = !settings.full_payload; /* upstream certificate verification is disabled because the app does not provide a way to let the user accept a given cert. Moreover, it provides a workaround for a bug with HTTPS proxies described in @@ -134,7 +137,7 @@ public class MitmReceiver implements Runnable, ConnectionsListener, MitmListener mConfig.sslInsecure = true; // root capture uses transparent mode (redirection via iptables) - mConfig.transparentMode = rootCapture; + mConfig.transparentMode = settings.root_capture; //noinspection ResultOfMethodCallIgnored getKeylogFilePath(mContext).delete(); @@ -307,7 +310,9 @@ public class MitmReceiver implements Runnable, ConnectionsListener, MitmListener // see ConnectionDescriptor.processUpdate if(conn.status == ConnectionDescriptor.CONN_STATUS_CLOSED) conn.status = ConnectionDescriptor.CONN_STATUS_CLIENT_ERROR; - } else + } else if(type == MsgType.DATA_TRUNCATED) + conn.setPayloadTruncatedByAddon(); + else conn.addPayloadChunkMitm(new PayloadChunk(message, getChunkType(type), isSent(type), tstamp)); } @@ -360,6 +365,8 @@ public class MitmReceiver implements Runnable, ConnectionsListener, MitmListener return MsgType.WEBSOCKET_CLIENT_MSG; case "ws_srvmsg": return MsgType.WEBSOCKET_SERVER_MSG; + case "trunc": + return MsgType.DATA_TRUNCATED; case "secret": return MsgType.MASTER_SECRET; case "log": diff --git a/app/src/main/java/com/emanuelef/remote_capture/activities/SettingsActivity.java b/app/src/main/java/com/emanuelef/remote_capture/activities/SettingsActivity.java index a76f8f73..c575e1fb 100644 --- a/app/src/main/java/com/emanuelef/remote_capture/activities/SettingsActivity.java +++ b/app/src/main/java/com/emanuelef/remote_capture/activities/SettingsActivity.java @@ -154,7 +154,6 @@ public class SettingsActivity extends BaseActivity implements PreferenceFragment setupSecurityPrefs(); setupOtherPrefs(); - fullPayloadHideShow(mTlsDecryption.isChecked()); socks5ProxyHideShow(mTlsDecryption.isChecked(), mSocks5Enabled.isChecked(), rootCaptureEnabled()); mBlockQuic.setVisible(!rootCaptureEnabled()); rootCaptureHideShow(rootCaptureEnabled()); @@ -174,6 +173,7 @@ public class SettingsActivity extends BaseActivity implements PreferenceFragment if(mHasStartedMitmWizard && !MitmAddon.needsSetup(requireContext())) { Log.d(TAG, "mitm setup complete, enabling"); mTlsDecryption.setChecked(true); + mFullPayloadEnabled.setChecked(true); } mHasStartedMitmWizard = false; } @@ -285,7 +285,6 @@ public class SettingsActivity extends BaseActivity implements PreferenceFragment return false; } - fullPayloadHideShow((boolean) newValue); mMitmWizard.setVisible((boolean) newValue); mMitmproxyOpts.setVisible((boolean) newValue); socks5ProxyHideShow((boolean) newValue, mSocks5Enabled.isChecked(), rootCaptureEnabled()); @@ -321,10 +320,6 @@ public class SettingsActivity extends BaseActivity implements PreferenceFragment mSocks5ProxyPort.setOnPreferenceChangeListener((preference, newValue) -> Utils.validatePort(newValue.toString())); } - private void fullPayloadHideShow(boolean tlsDecryption) { - mFullPayloadEnabled.setVisible(!tlsDecryption); - } - private void socks5ProxyHideShow(boolean tlsDecryption, boolean socks5Enabled, boolean rootEnabled) { boolean available = !tlsDecryption && !rootEnabled; mSocks5Enabled.setVisible(available); @@ -393,11 +388,9 @@ public class SettingsActivity extends BaseActivity implements PreferenceFragment mSocks5Enabled.setVisible(false); mSocks5ProxyIp.setVisible(false); mSocks5ProxyPort.setVisible(false); - fullPayloadHideShow(mTlsDecryption.isChecked()); mBlockQuic.setVisible(false); } else { mAutoBlockPrivateDNS.setVisible(true); - fullPayloadHideShow(mTlsDecryption.isChecked()); mBlockQuic.setVisible(true); socks5ProxyHideShow(mTlsDecryption.isChecked(), mSocks5Enabled.isChecked(), false); } diff --git a/app/src/main/java/com/emanuelef/remote_capture/model/ConnectionDescriptor.java b/app/src/main/java/com/emanuelef/remote_capture/model/ConnectionDescriptor.java index 169596a6..a56d51d5 100644 --- a/app/src/main/java/com/emanuelef/remote_capture/model/ConnectionDescriptor.java +++ b/app/src/main/java/com/emanuelef/remote_capture/model/ConnectionDescriptor.java @@ -289,6 +289,12 @@ public class ConnectionDescriptor { return isBlacklistedIp() || isBlacklistedHost(); } + public void setPayloadTruncatedByAddon() { + // only for the mitm addon + assert(!isNotDecryptable()); + payload_truncated = true; + } + public boolean isPayloadTruncated() { return payload_truncated; } diff --git a/app/src/main/java/com/pcapdroid/mitm/MitmAPI.java b/app/src/main/java/com/pcapdroid/mitm/MitmAPI.java index 68c71363..c1546b7a 100644 --- a/app/src/main/java/com/pcapdroid/mitm/MitmAPI.java +++ b/app/src/main/java/com/pcapdroid/mitm/MitmAPI.java @@ -40,6 +40,7 @@ public class MitmAPI { public boolean transparentMode; // true to use transparent proxy mode, false to use SOCKS5 proxy mode public boolean sslInsecure; // true to disable upstream certificate check public boolean dumpMasterSecrets; // true to enable the TLS master secrets dump messages (similar to SSLKEYLOG) + public boolean shortPayload; // if true, only the initial portion of the payload will be sent public String proxyAuth; // SOCKS5 proxy authentication, "user:pass" public String additionalOptions; // provide additional options to mitmproxy }