Commit Graph

181 Commits

Author SHA1 Message Date
emanuele-f
68daa312bf Fix app not blocked after reinstallation
The package name to UID mapping was not updated after reinstallation,
causing UID matching to fail and subsequent failure to block it.
Now the UID mapping is automatically updated whenever an app is
installed or uninstalled.

Fixes #338
2023-08-11 20:12:24 +02:00
emanuele-f
e2c5b81d4f Fix possible NullPointerException in getNetworkInterfaces
This occurred with non-primary user account.

See #336
2023-07-20 21:56:33 +02:00
emanuele-f
5a139aaf6c Fix crash on invalid IPv6 DNS
Closes #325
2023-06-13 20:35:00 +02:00
emanuele-f
464516409a Only apply TLS decryption to specified connections
TLS decryption is now only applied to connections matching
the user-configured rules. This allows running the decryption
along with the normal capture. The decryption whitelist has
been removed.
2023-05-31 23:16:55 +02:00
emanuele-f
3459d18e3b Capture IPv6 ULA addresses traffic
Closes #321
2023-05-19 09:34:37 +02:00
emanuele-f
6a42e7d988 Log private DNS mode in build info 2023-04-23 18:30:09 +02:00
emanuele-f
8e584fa8c2 Allow configuring SOCKS5 proxy auth
Closes #304
2023-03-16 12:17:52 +01:00
emanuele-f
2bde04c971 Fix incorrect pcap file size in Android 7
The internal dump size is now used instead of the
on-disk size
2023-01-15 10:15:15 +01:00
emanuele-f
6842ef1231 Store decryption secrets into PCAPNG
When both TLS decryption and PCAPNG are enabled, PCAPdroid now embeds
the TLS master secrets directly into the PCAPNG dump, without the need
for a separate SSLKEYLOG file.

Closes #185
2023-01-08 19:20:49 +01:00
emanuele-f
0b322b0941 Implement PCAPNG dump format
It's now possible to dump packets in the PCAPNG format. This mode does
not currently support the PCAPdroid trailer option.
2023-01-07 19:48:20 +01:00
emanuele-f
916e5cf89b Fix PCAP dialog shown on resume 2022-12-27 22:51:49 +01:00
emanuele-f
46889738c7 Rework PCAP dump to file
PCAP dump to file has been reworked as follows:

- File selection dialog is not shown anymore when the capture starts
- The PCAP filea are saved to the Downloads/PCAPdroid folder
- Simplified mechanism to dump to an arbitrary URI (pcap_uri param)
- Add pcap_name parameter to specify PCAP file name

Overall, this simplifies user interaction and make it easier to
access the PCAP file.

Closes #183
2022-12-27 13:59:02 +01:00
emanuele-f
3a89269f79 Implement TLS decryption whitelist
It's now possible to whitelist specific apps, hosts or IP addresses
to exclude them from the TLS decryption. The whitelist is not available
for decryption in root mode.

Beware that since the host is only available after the TLS connection
is in progress, host-based whitelisting only works if a prior DNS reply
for the given host was seen, creating a mapping between the resolved IP
and the host.

Closes #266
2022-12-22 12:59:44 +01:00
emanuele-f
4edd1e7ede Improve log viewer
- reduce logging level of firewall events to debug
- only display the most recent 512 log lines
2022-12-20 12:36:21 +01:00
emanuele-f
1d878c56c8 Fix blacklist loading after latest commit 2022-12-19 12:53:52 +01:00
emanuele-f
553772724d Improve blacklists update process
- Stop blacklist download if it takes more than 10 sec
- Abort downloads if capture is stopped
- Update the UI status during each individual download

Closes #224
2022-12-18 20:05:30 +01:00
emanuele-f
68bd85b615 Add ability to choose DNS servers
The DNS servers used in VPN mode are now configurable. It's now
possible to ignore the system DNS server and use the specified
ones. Cloudflare DNS is now the default DNS server, which has a
no-logs policy.

Closes #275
2022-12-18 19:19:20 +01:00
emanuele-f
85e1ceb88e Ability to disable full payload with TLS decryption
This can be useful to prevent OutOfMemoryError

Closes #273
2022-12-16 01:12:36 +01:00
emanuele-f
6bf8a6bd8b Add ability to manually add rules
It's now possible to define rules manually without first seeing a
related connection. This includes firewall and whitelist rules.

Closes #207
2022-12-13 23:24:08 +01:00
emanuele-f
2a22e89fef Add ability to configure port mapping
In VPN mode, it's now possible to redirect the traffic of specific
ports towards another host and port. This makes it possible to
integrate PCAPdroid with other apps, by forwarding the traffic to
a local server.

Closes #274
2022-12-12 23:48:56 +01:00
emanuele-f
9eed9ed221 Implement firewall whitelist mode
When whitelist mode is enabled, all the connections are blocked unless
an app is manually whitelisted. DNS resolution by netd is always allowed,
since it's not possible to determine the requesting app.

With this mode enabled, the firewall blocklist is still used and has
priority. For example, if an app is whitelisted but a block rule exists
for the given domain, the connection will be blocked.

The app provides a default whitelist with some essential services.

Closes #232
2022-12-01 00:42:41 +01:00
emanuele-f
60460880af Ability to provide custom mitmproxy options
A new preference has been added to provide additional mitmproxy options

Closes #283
2022-11-24 20:02:37 +01:00
emanuele-f
cdafc69902 Write app log to file
See #282
2022-11-23 13:00:15 +01:00
emanuele-f
eccacc9ad8 Exclude unreachable errors from dropped conn count
Network may become temporary unreachable at any time, e.g. while
switching between wifi and mobile
2022-10-05 22:20:05 +02:00
emanuele-f
0b34620233 Rename AppDescriptor getters 2022-09-20 16:23:27 +02:00
emanuele-f
e687380850 Remove deprecated LocalBroadcastManager
Replaced with LiveData

Closes #187
2022-08-17 01:08:23 +02:00
emanuele-f
e9fed41efb Fix PackageManager deprecations
Closes #225
2022-08-17 00:03:34 +02:00
emanuele-f
ae7a06cfa3 Fix getSerializable/Extra deprecations
See #225
2022-08-16 23:22:12 +02:00
emanuele-f
42c9ec389e Fix TooManyRequestsException with NetworkCallbacks
On multiple capture start/stop, a TooManyRequestsException could be
thrown because the registered NetworkCallback was not unregistered,
causing leaks
2022-08-13 11:10:52 +02:00
emanuele-f
ab5bd509d9 Unblock newly installed apps via notification button
Closes #236
2022-07-22 12:49:41 +02:00
emanuele-f
11e860a988 Improve firewall temporary app unblock
- If temporary unblocked, menu will show option to block it again
- Add unblock for 10 min
- Add temporary unblock to the apps view
- Show hourglass in apps view if temporary unblocked
2022-07-22 11:01:55 +02:00
emanuele-f
7e7b4461fb Initial support for TLS decryption in root mode 2022-07-20 17:24:41 +02:00
emanuele-f
53b42af3c7 Ability to block newly installed apps (firewall)
Closes #208
2022-07-09 19:38:29 +02:00
emanuele-f
dd98decfec Ability to temporary unblock an app (firewall)
Closes #226
2022-07-09 18:47:09 +02:00
emanuele-f
ec4cda0a94 Add ability to exclude apps from the VPN
Closes #229
2022-07-05 16:36:13 +02:00
emanuele-f
28e4fac618 Target Android SDK 33 2022-06-29 12:56:00 +02:00
emanuele-f
d81a7a2356 Implement IPv6-only VPN mode
This allows running PCAPdroid over an IPv6-only network

See #223
2022-06-29 11:25:48 +02:00
emanuele-f
ef45343175 Avoid spamming of low memory notifications 2022-06-22 18:28:58 +02:00
emanuele-f
5aadd5fe0a Show message on firewall enabled without VPN lockdown
Closes #221
2022-06-22 15:40:42 +02:00
emanuele-f
3a7ac7a0ce Avoid releasing payload with TLS decryption and low mem 2022-06-22 14:59:33 +02:00
emanuele-f
e512218eae Show notification on low memory 2022-06-22 12:52:50 +02:00
emanuele-f
7238f7ea4a Disable full payload on low memory
Closes #220
2022-06-22 12:17:09 +02:00
emanuele-f
6922b1aedb Fix ANR on first root capture start 2022-06-15 17:19:41 +02:00
emanuele-f
03865a0c4d Fix possible SecurityException in Android 11 2022-06-15 16:22:34 +02:00
emanuele-f
9c7a1d0952 Fix permission grant inside work profile 2022-06-06 16:43:18 +02:00
emanuele-f
fec54e9499 Add INTERACT_ACROSS_USERS permission
This is a signature-level permission required in order to call
getPackagesForUid for other users/profiles. It will be granted on first
root capture start.

See #217
2022-06-06 14:54:23 +02:00
emanuele-f
33b68936ea Fix developer warning notification on Android 32
Bug introduced in bd6034b. Now notification is correctly removed
2022-06-01 15:46:27 +02:00
emanuele-f
ca063e3296 Wait for capture stop when calling stop via API
This allows getting more accurate capture stats
2022-06-01 12:14:38 +02:00
emanuele-f
523e1dda41 Fix private DNS blocking setting not applied
Fixes #216
2022-05-31 17:22:32 +02:00
emanuele-f
bd6034b8c6 Fix notification sometimes not removed on stop
Fixes #198
2022-05-31 00:15:04 +02:00