- Ability to enable/disable the firewall at runtime
- Blocked connections stats: num blocked, last block, jump to
connections
- In the app details, show traffic and total/blocked connections
- 3 modes: no payload, minimal payload (save memory), full payload
- Display payload as hexdump
- Display HTTP requests and responses as string
- Show decrypted HTTPS (requires mitm addon)
- Decode chunked encoding and gzip body
- Show websockets messages (only with TLS decryption enabled)
- An icon indicates the connections decryption status
- Easily copy the HTTP request/response from the context menu
See #107
When the TLS decryption is enabled, it's now possible to export the
SSLKEYLOGFILE to decrypt the PCAP file in Wireshark. The export only
works when the capture is running.
When stopping the service, only stopForeground was called, but not
stopSelf. If the process was destroyed (e.g. by swiping the app
from the recent apps), in some cases it would be restarted due to
START_STICKY, causing ForegroundServiceStartNotAllowedException in
Android 12.
Fixes#175
The pcapdroid_mitm.py plugin allows PCAPdroid to receive the decrypted data from
mitmproxy and display it into the GUI (currently limited to the HTTP request)
PCAP dump is now performed into a separate thread. This greatly reduces
the chance for packet loss in root mode as well as preventing latency
spikes in VPN mode.
The VPN can now be started by the system when the always-on VPN is
enabled. In this case, the stop button is hidden and the previous
configuration is used.
Closes#165
Null intents (e.g. due to START_STICKY) are now handled, which prevents
ForegroundServiceStartNotAllowedException in Android 12.
Fixes#175
When the capture interface is set to "All Interfaces", it is now
possible to filter connections by interface. The interface is also shown
into the connection details.
Closes#163
- Block connections by IP, domain or app
- Add filter to show blocked connections
- Migrate IP matching to ndpi_ptree_t API
- IPv6 addresses now supported in blacklists
- Duplicate IP address rules now only counted once
PCAPdroid now tracks the private DNS state. Secure DNS queries are now
only blocked when set in opportunistic mode. A notice is now shown when
PCAPdroid has no visibility on the DNS query.
Fixes#130
A notification is generated when a connection matches known malicious
domains or IP addresses. The connections view reports malicious
connections with a skull icon. A filter can be set to only show them.
Needed for #105
