mirror of
https://github.com/emanuele-f/PCAPdroid.git
synced 2026-07-03 21:21:12 +08:00
Add socks5 proxy to the remote server check
Also show a message the first time export to a remote server is tried by the user
This commit is contained in:
parent
c411f637f2
commit
e26307264c
@ -22,6 +22,7 @@ package com.emanuelef.remote_capture.activities;
|
||||
import android.content.ComponentName;
|
||||
import android.content.Context;
|
||||
import android.content.Intent;
|
||||
import android.content.SharedPreferences;
|
||||
import android.os.Build;
|
||||
import android.os.Bundle;
|
||||
import android.os.Handler;
|
||||
@ -199,6 +200,27 @@ public class CaptureCtrl extends AppCompatActivity {
|
||||
finish();
|
||||
}
|
||||
|
||||
// Check if the capture is requesting to send traffic to a remote server.
|
||||
// For security reasons, this is only allowed if such server is already configured by
|
||||
// the user in the app prefs.
|
||||
// see also MainActivity.showRemoteServerAlert
|
||||
private String checkRemoteServerNotAllowed(CaptureSettings settings) {
|
||||
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
|
||||
|
||||
if((settings.dump_mode == Prefs.DumpMode.UDP_EXPORTER) &&
|
||||
!Utils.isLocalNetworkAddress(settings.collector_address) &&
|
||||
!Prefs.getCollectorIp(prefs).equals(settings.collector_address))
|
||||
return settings.collector_address;
|
||||
|
||||
if(settings.socks5_enabled &&
|
||||
!Utils.isLocalNetworkAddress(settings.socks5_proxy_address) &&
|
||||
!Prefs.getSocks5ProxyAddress(prefs).equals(settings.socks5_proxy_address))
|
||||
return settings.socks5_proxy_address;
|
||||
|
||||
// ok
|
||||
return null;
|
||||
}
|
||||
|
||||
private void processRequest(Intent req_intent, @NonNull String action) {
|
||||
Intent res = new Intent();
|
||||
Utils.showToast(this, R.string.ctrl_consent_allowed);
|
||||
@ -209,13 +231,11 @@ public class CaptureCtrl extends AppCompatActivity {
|
||||
Log.d(TAG, "Starting capture, caller=" + mStarterApp);
|
||||
|
||||
CaptureSettings settings = new CaptureSettings(req_intent);
|
||||
if((settings.dump_mode == Prefs.DumpMode.UDP_EXPORTER) && (!Utils.isLocalNetworkAddress(settings.collector_address))) {
|
||||
if(!Prefs.getCollectorIp(PreferenceManager.getDefaultSharedPreferences(this)).equals(settings.collector_address)) {
|
||||
Log.w(TAG, "For security reasons, exporting to the remote UDP collector \"" + settings.collector_address + "\" is disabled");
|
||||
abort();
|
||||
return;
|
||||
} else
|
||||
Log.i(TAG, "Allowing export to remote collector as it matches user pref");
|
||||
String disallowedServer = checkRemoteServerNotAllowed(settings);
|
||||
if(disallowedServer != null) {
|
||||
Utils.showToastLong(this, R.string.remote_server_warning, disallowedServer);
|
||||
abort();
|
||||
return;
|
||||
}
|
||||
|
||||
// will call the mCapHelper listener
|
||||
|
||||
@ -674,6 +674,9 @@ public class MainActivity extends BaseActivity implements NavigationView.OnNavig
|
||||
}
|
||||
|
||||
public void startCapture() {
|
||||
if(showRemoteServerAlert())
|
||||
return;
|
||||
|
||||
if(Prefs.getTlsDecryptionEnabled(mPrefs) && MitmAddon.needsSetup(this)) {
|
||||
Intent intent = new Intent(this, MitmSetupWizard.class);
|
||||
startActivity(intent);
|
||||
@ -700,7 +703,28 @@ public class MainActivity extends BaseActivity implements NavigationView.OnNavig
|
||||
CaptureService.stopService();
|
||||
}
|
||||
|
||||
public void openFileSelector() {
|
||||
// see also CaptureCtrl.checkRemoteServerNotAllowed
|
||||
private boolean showRemoteServerAlert() {
|
||||
if(mPrefs.getBoolean(Prefs.PREF_REMOTE_COLLECTOR_ACK, false))
|
||||
return false; // already acknowledged
|
||||
|
||||
if(((Prefs.getDumpMode(mPrefs) == Prefs.DumpMode.UDP_EXPORTER) && !Utils.isLocalNetworkAddress(Prefs.getCollectorIp(mPrefs))) ||
|
||||
(Prefs.getSocks5Enabled(mPrefs) && !Utils.isLocalNetworkAddress(Prefs.getSocks5ProxyAddress(mPrefs)))) {
|
||||
Log.i(TAG, "Showing possible scan notice");
|
||||
|
||||
AlertDialog dialog = new AlertDialog.Builder(this)
|
||||
.setTitle(R.string.scam_alert)
|
||||
.setMessage(R.string.remote_collector_notice)
|
||||
.setPositiveButton(R.string.ok, (d, whichButton) -> mPrefs.edit().putBoolean(Prefs.PREF_REMOTE_COLLECTOR_ACK, true).apply())
|
||||
.show();
|
||||
dialog.setCanceledOnTouchOutside(false);
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
private void openFileSelector() {
|
||||
boolean noFileDialog = false;
|
||||
String fname = Utils.getUniquePcapFileName(this);
|
||||
Intent intent = new Intent(Intent.ACTION_CREATE_DOCUMENT);
|
||||
|
||||
@ -77,6 +77,7 @@ public class Prefs {
|
||||
public static final String PREF_VPN_EXCEPTIONS = "vpn_exceptions";
|
||||
public static final String PREF_BLOCK_NEW_APPS = "block_new_apps";
|
||||
public static final String PREF_PAYLOAD_NOTICE_ACK = "payload_notice";
|
||||
public static final String PREF_REMOTE_COLLECTOR_ACK = "remote_collector_notice";
|
||||
|
||||
public enum DumpMode {
|
||||
NONE,
|
||||
|
||||
@ -386,4 +386,6 @@
|
||||
<string name="payload_scams_notice">This view may contain sensitive information, like your passwords and access tokens.\n\nNever give out this information to anyone, it may be a scam attempt</string>
|
||||
<string name="cancel_action">Cancel</string>
|
||||
<string name="show_data_action">Show data</string>
|
||||
<string name="remote_collector_notice">You have configured PCAPdroid to send traffic to a remote server. The server will be able to access your sensitive information.\n\nIf someone asked you to do this, it is probably a scam attempt</string>
|
||||
<string name="remote_server_warning">For security reasons, sending traffic to the remote server \"%1$s\" is not allowed"</string>
|
||||
</resources>
|
||||
|
||||
Loading…
Reference in New Issue
Block a user