Commit Graph

196 Commits

Author SHA1 Message Date
emanuele-f
e32b4713a6 Add missing notice 2021-10-20 16:00:21 +02:00
emanuele-f
cb4bbc454d Implement blacklist-based malware detection
A notification is generated when a connection matches known malicious
domains or IP addresses. The connections view reports malicious
connections with a skull icon. A filter can be set to only show them.

Needed for #105
2021-10-20 15:32:29 +02:00
emanuele-f
6b623ea34d Fix bad locale used in Edit Rules 2021-10-19 23:35:02 +02:00
emanuele-f
bb55072f45 Improve buttons style 2021-10-19 22:58:17 +02:00
emanuele-f
79ad691e73 Rename whitelist to hidden connections 2021-10-19 22:07:05 +02:00
emanuele-f
91d3194542 Implement "Edit Filter" activity
- Ability to filter connections by status
- Fix search button sometimes disappearing

Fixes #126
2021-10-19 19:59:50 +02:00
emanuele-f
bb477f9760 Make the whitelist a singleton 2021-10-19 16:08:41 +02:00
emanuele-f
ac77f5a47f Rename MatchList 2021-10-19 15:26:33 +02:00
emanuele-f
9c3c4ba121 Catch SecurityException to prevent crash with URI
A SecurityException occurs when the app does not have the permissions to
write the specified URI
2021-09-15 11:46:27 +02:00
emanuele-f
24f10dd24c Take persistable URI to write PCAPs from cli 2021-09-15 11:17:38 +02:00
emanuele-f
8bb1ff3caf Fix SearchView text not updated on filter 2021-09-11 16:24:47 +02:00
emanuele-f
a083a05f43 Fix boolean Intent options parsing 2021-09-11 15:55:18 +02:00
emanuele-f
ca3889fab9 Improve control via Intent
- Fix app state not refreshed
- Fix VPNService.prepare not called
- Add missing pcap_uri parameter
2021-09-11 15:45:31 +02:00
emanuele-f
8181575f82 Fix wrong app filter shown when started via intents 2021-09-11 12:44:28 +02:00
emanuele-f
b56327af5c Copy action now also dumps request plaintext 2021-09-07 15:50:13 +02:00
emanuele-f
ce941d3999 Add null check 2021-09-07 10:44:15 +02:00
emanuele-f
25f495335a Add ability to select interface in root mode
Closes #110
2021-08-25 21:48:48 +02:00
emanuele-f
bdba16562d Add PCAPdroid API documentation
See #33
2021-08-20 15:21:26 +02:00
emanuele-f
1c5995e01e Implement start via intent
User permission is asked every time the intent is fired. Stopping capure
is allowed to the same app which started it without asking permission.

See #33
2021-08-20 00:58:22 +02:00
emanuele-f
dc1b5dc1b5 Remove "rate app" menu entry 2021-07-19 18:39:57 +02:00
emanuele-f
479aeb794b Add search by source port via exact match 2021-07-16 12:21:55 +02:00
emanuele-f
5637191b13 Add TCP flags for debugging 2021-07-16 12:15:28 +02:00
emanuele-f
bc28244e21 Rework time handling
Periodic tasks are now based on a monotonic timer. The timestamp in
the exported PCAP now corresponds to the original timestamp when using
root. Moreover, in-app first/last seen time now displays the milliseconds.

Closes #89
2021-07-06 15:54:26 +02:00
emanuele-f
4846a0b546 Add preference to toggle the PCAPdroid trailer
Closes #36
2021-07-04 15:08:08 +02:00
emanuele-f
0a935be6e4 Initial export of app info in PCAP
Initial work for #36
2021-07-02 00:45:19 +02:00
emanuele-f
da141fa8df Cleanup pcap_utils 2021-07-01 18:58:37 +02:00
emanuele-f
51dc0dde7e Fix bogus connections with root due to fragments
Connections with random ports sometimes appeared while capturing packets
as root, in particular while exporting data via the UDP exporter. These
were actually IP fragments, whose data was misinterpreted due to the
lack of L4 headers.
2021-07-01 18:27:28 +02:00
emanuele-f
9d427461cb Fix UDP exporter and HTTP dump modes with root
When exporting traffic over the network, we must exclude this traffic
from the monitoring, otherwise the traffic will be captured in a loop
2021-07-01 14:30:37 +02:00
emanuele-f
91cc995eff Refactor PCAP dump
PCAP dump now always occurs in Java
2021-07-01 11:01:15 +02:00
emanuele-f
258930d110 Fix multiple issues with ICMP connections
- Fix ping to known DNS servers being blocked
- Hide port number for ICMP connections
- Fix monodirectional ICMP connnections in root mode
2021-06-30 17:31:41 +02:00
emanuele-f
ca7c8127d9 Hide connections matching whitelist after delay
Some info of the connections, such as the host and the protocol, can
become available after the connection has been shown. Such info could
determine a match with the whitelist, in which case the connection must
be hidden.
2021-06-29 19:39:11 +02:00
emanuele-f
5b50e3e8a1 Optimize JNI calls on connections updates
Connections data is now split into three groups:

- The connection identifier (e.g. 5 tuple)
- The connection statistics
- The connection L7 information (e.g. HTTP URL and request data)

With this optimization, most updates will only pass the connection
statistics throught the JNI interface. The connection identifier will
only be passed for new connections and the L7 information will only be
passed when needed (e.g. after extracting the URL).

Closes #82
2021-06-29 15:31:30 +02:00
emanuele-f
f1a69ccfa7 Fix missing save button with open search bar 2021-06-29 01:01:17 +02:00
emanuele-f
69f21be864 Allow searching by destination port 2021-06-28 23:55:04 +02:00
emanuele-f
a1f96c08ed Implement separate connections activity
This allows filtering by app by keeping activities navigation
consistent
2021-06-28 23:50:55 +02:00
emanuele-f
762b09620e Add copy/share to the App Details activity 2021-06-28 23:12:34 +02:00
emanuele-f
b308666687 Add packet drops for root capture 2021-06-27 19:43:18 +02:00
emanuele-f
bfb1390499 Implement app details
Show information about an app, including its target SDK version,
install/update date and its requested permissions. Also add a button to
quickly open the app info/settings in android.

Closes #45
2021-06-25 14:50:38 +02:00
emanuele-f
6b3fb1c2d0 Fix root domain rule label 2021-06-25 09:22:56 +02:00
emanuele-f
01b4fa1a60 Add null check 2021-06-14 18:34:38 +02:00
emanuele-f
0c4b33c4ba Implement ability yo search connections
Through the search bar is now possible to search connections by host,
IP, protocol, uid, app name or package name.

Closes #67
2021-06-14 18:25:58 +02:00
emanuele-f
209b24ccd6 Remove leftover 2021-06-14 15:47:35 +02:00
emanuele-f
66f27ff805 Add ability to copy/share whitelist 2021-06-14 15:38:29 +02:00
emanuele-f
f49c34ddec Rework whitelist
The whitelist editor is now a separate activity. Whitelist removed from
the ConnectionRegister.
2021-06-14 15:21:57 +02:00
emanuele-f
9b7675d6e2 Rename "exclusions" to "whitelist" 2021-06-14 11:15:36 +02:00
emanuele-f
c5ef7caf31 Fix label for apps exclusions 2021-06-11 21:19:27 +02:00
emanuele-f
a642ddbd0d Optimize connections matching 2021-06-11 21:01:17 +02:00
emanuele-f
8701eb9145 Add ability to exclude a root domain 2021-06-11 18:53:09 +02:00
emanuele-f
2983be8ecf Optimize adapter ops with connections filters 2021-06-11 18:22:25 +02:00
emanuele-f
c190caadfd Fix app filter not working when using exclusions 2021-06-11 15:29:10 +02:00