Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature Request: Import the sslkeylogfile.txt when opening pcap files #351

Open
ItsIgnacioPortal opened this issue Sep 25, 2023 · 6 comments
Labels
enhancement New feature or request
Milestone

Comments

@ItsIgnacioPortal
Copy link

In recent versions, pcapdroid has received an upgrade that allows it to open pcap files. This is great, but it's missing the feature of importing the decryption keys. Without importing the decryption keys, pcapdroid can't decrypt the HTTPS traffic from pcap files.

@emanuele-f emanuele-f added the enhancement New feature or request label Sep 25, 2023
@emanuele-f
Copy link
Owner

Hi, please note that the decryption itself is currently performed by mitmproxy (from the PCAPdroid mitm addon), so this will probably require the implementation of the decryption logic in PCAPdroid

@qkmaosjtu
Copy link

Do you have any plans to develop this enhancement?

@emanuele-f
Copy link
Owner

In order to proceed, I first need get a good idea on how to perform the decryption

emanuele-f added a commit that referenced this issue Jun 15, 2024
A new "Decrypt PCAP file" entry has been added to the main menu,
which allows loading a PCAP+keylog or a Pcapng with secrets and
show the decrypted data in PCAPdroud.

The decryption itself is performed by Wireshark, which is built as
the standalone shared library libushark.so, thanks to ushark.

The shared library is loaded via dlopen to allow proper
re-initialization of the static variables in Wireshark. This also
provides the benefit to avoud unnecessary overhead and possible
inteferences when not used.

HTTP/2 reassembly is properly supported (implemented in ushark)
and content decoding works as expected.

See #351
@emanuele-f
Copy link
Owner

@qkmaosjtu @ItsIgnacioPortal this is now implemented as an experimental feature, you can test it in the following apk: https://pcapdroid.org/fdroid/repo/PCAPdroid_1.7.2-754c6572.apk . For more details, check out 177d5b3 and https://t.me/pcapdroidnews/4 .

decrypt

emanuele-f added a commit that referenced this issue Jun 16, 2024
On newer Android versions, the uri does not contain the ".pcapng" extension

See #351
emanuele-f added a commit that referenced this issue Jun 16, 2024
This is needed to properly show the decrypted status and data

See #351
@emanuele-f
Copy link
Owner

Here is a new apk with the following fixes:

  • Fix keylog being asked with Pcapng file
  • Fix decryption status/data not shown due to full payload off

https://pcapdroid.org/fdroid/repo/PCAPdroid_1.7.2-b5a594cc.apk

@ItsIgnacioPortal
Copy link
Author

I've now confirmed that the feature works. @emanuele-f Thank you for implementing it!

emanuele-f added a commit that referenced this issue Dec 28, 2024
A new "Decrypt PCAP file" entry has been added to the main menu,
which allows loading a PCAP+keylog or a Pcapng with secrets and
show the decrypted data in PCAPdroud.

The decryption itself is performed by Wireshark, which is built as
the standalone shared library libushark.so, thanks to ushark.

The shared library is loaded via dlopen to allow proper
re-initialization of the static variables in Wireshark. This also
provides the benefit to avoud unnecessary overhead and possible
inteferences when not used.

HTTP/2 reassembly is properly supported (implemented in ushark)
and content decoding works as expected.

See #351
emanuele-f added a commit that referenced this issue Dec 28, 2024
On newer Android versions, the uri does not contain the ".pcapng" extension

See #351
emanuele-f added a commit that referenced this issue Dec 28, 2024
This is needed to properly show the decrypted status and data

See #351
@emanuele-f emanuele-f added this to the 1.8.0 milestone Jan 4, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

3 participants