PCAP dump to file has been reworked as follows:
- File selection dialog is not shown anymore when the capture starts
- The PCAP filea are saved to the Downloads/PCAPdroid folder
- Simplified mechanism to dump to an arbitrary URI (pcap_uri param)
- Add pcap_name parameter to specify PCAP file name
Overall, this simplifies user interaction and make it easier to
access the PCAP file.
Closes#183
- Stop blacklist download if it takes more than 10 sec
- Abort downloads if capture is stopped
- Update the UI status during each individual download
Closes#224
The DNS servers used in VPN mode are now configurable. It's now
possible to ignore the system DNS server and use the specified
ones. Cloudflare DNS is now the default DNS server, which has a
no-logs policy.
Closes#275
In VPN mode, it's now possible to redirect the traffic of specific
ports towards another host and port. This makes it possible to
integrate PCAPdroid with other apps, by forwarding the traffic to
a local server.
Closes#274
Some users may be tricked into accepting the traffic control request
and allow an attacker to enable the UDP dump to a remote server.
To prevent this, PCAPdroid now allows remote UDP dump via API only if
the server address is already configured by the user into the PCAPdroid
settings
This is a signature-level permission required in order to call
getPackagesForUid for other users/profiles. It will be granted on first
root capture start.
See #217
A rule like "example.com" is now interpreted as "*.example.com", so it
will match all its sub-domains (e.g. "yet.another.example.com"). This is
importantant, in particular, to match malware subdomains.
This removes the bundled geolocation db, saving about 8 MB of space.
It is now possible to manually download the database from the app settings.
Closes#172
- 3 modes: no payload, minimal payload (save memory), full payload
- Display payload as hexdump
- Display HTTP requests and responses as string
- Show decrypted HTTPS (requires mitm addon)
- Decode chunked encoding and gzip body
- Show websockets messages (only with TLS decryption enabled)
- An icon indicates the connections decryption status
- Easily copy the HTTP request/response from the context menu
See #107
When the TLS decryption is enabled, it's now possible to export the
SSLKEYLOGFILE to decrypt the PCAP file in Wireshark. The export only
works when the capture is running.
- Remove ending periods and exclamation marks (Material guidelines)
- Improve some apps strings (credits: @comradekingu)
- Improve labels of external projects
Closes#174
The CaptureCtrl is only started when the PCAPdroid control API is
invoked. The crash occurred because getInsetsController was called
before setContentView.
Fixes#179
While swiping in the viewpager, the fragments onResume may haven't been
called yet. This commit initializes the status fragment before onResume and
also fixes the "No Connections" shown just briefly after the connections
fragment is shown
- Block connections by IP, domain or app
- Add filter to show blocked connections
- Migrate IP matching to ndpi_ptree_t API
- IPv6 addresses now supported in blacklists
- Duplicate IP address rules now only counted once