search

tweaselORG / cyanoacrylate

Toolkit for large-scale automated traffic analysis of mobile apps on Android and iOS.
MIT License
5 stars 1 forks source link

Make use of WireGuard's app filtering #11

Closed baltpeter closed 1 year ago

baltpeter commented 1 year ago

One of the major features of WireGuard on Android is the ability to only tunnel the traffic for certain apps. appAnalysis.startTrafficCollection() should make use of that by default (with an optional parameter to capture the whole device's traffic instead).

baltpeter commented 1 year ago

Here's what a config with an allowlist looks like:

[Interface]
Address = 10.0.0.1/32
DNS = 10.0.0.53
IncludedApplications = com.aurora.store, org.lineageos.jelly
PrivateKey = abc=

[Peer]
AllowedIPs = 0.0.0.0/0
Endpoint = 10.0.0.68:51820
PublicKey = abc=

And here's one with a blocklist:

[Interface]
Address = 10.0.0.1/32
DNS = 10.0.0.53
ExcludedApplications = com.aurora.store, org.lineageos.jelly
PrivateKey = abc=

[Peer]
AllowedIPs = 0.0.0.0/0
Endpoint = 10.0.0.68:51820
PublicKey = abc=

This one tunnels all apps:

[Interface]
Address = 10.0.0.1/32
DNS = 10.0.0.53
PrivateKey = abc=

[Peer]
AllowedIPs = 0.0.0.0/0
Endpoint = 10.0.0.68:51820
PublicKey = abc=
baltpeter commented 1 year ago

In addition to the curried startTrafficCollection() and stopTrafficCollection() on the appAnalysis, these now also exist on the analysis, where you can configure which apps to include/exclude.

Another difference is that the stopTrafficCollection() on the analysis returns the HAR directly.