Feature Request: Import the sslkeylogfile.txt when opening pcap files

emanuele-f / PCAPdroid

No-root network monitor, firewall and PCAP dumper for Android

https://emanuele-f.github.io/PCAPdroid

GNU General Public License v3.0

2.08k stars 261 forks source link

Feature Request: Import the sslkeylogfile.txt when opening pcap files #351

Open ItsIgnacioPortal opened 9 months ago

ItsIgnacioPortal commented 9 months ago

In recent versions, pcapdroid has received an upgrade that allows it to open pcap files. This is great, but it's missing the feature of importing the decryption keys. Without importing the decryption keys, pcapdroid can't decrypt the HTTPS traffic from pcap files.

emanuele-f commented 9 months ago

Hi, please note that the decryption itself is currently performed by mitmproxy (from the PCAPdroid mitm addon), so this will probably require the implementation of the decryption logic in PCAPdroid

qkmaosjtu commented 4 months ago

Do you have any plans to develop this enhancement?

emanuele-f commented 4 months ago

In order to proceed, I first need get a good idea on how to perform the decryption

emanuele-f commented 2 weeks ago

@qkmaosjtu @ItsIgnacioPortal this is now implemented as an experimental feature, you can test it in the following apk: https://pcapdroid.org/fdroid/repo/PCAPdroid_1.7.2-754c6572.apk . For more details, check out https://github.com/emanuele-f/PCAPdroid/commit/177d5b3fb1a6423a216bb0b2a09971e5d261f52c and https://t.me/pcapdroidnews/4 .

decrypt

emanuele-f commented 2 weeks ago

Here is a new apk with the following fixes:

Fix keylog being asked with Pcapng file
Fix decryption status/data not shown due to full payload off

https://pcapdroid.org/fdroid/repo/PCAPdroid_1.7.2-b5a594cc.apk