Feature Request: Import the sslkeylogfile.txt when opening pcap files #351
Comments
|
Hi, please note that the decryption itself is currently performed by mitmproxy (from the PCAPdroid mitm addon), so this will probably require the implementation of the decryption logic in PCAPdroid |
|
Do you have any plans to develop this enhancement? |
|
In order to proceed, I first need get a good idea on how to perform the decryption |
A new "Decrypt PCAP file" entry has been added to the main menu, which allows loading a PCAP+keylog or a Pcapng with secrets and show the decrypted data in PCAPdroud. The decryption itself is performed by Wireshark, which is built as the standalone shared library libushark.so, thanks to ushark. The shared library is loaded via dlopen to allow proper re-initialization of the static variables in Wireshark. This also provides the benefit to avoud unnecessary overhead and possible inteferences when not used. HTTP/2 reassembly is properly supported (implemented in ushark) and content decoding works as expected. See #351
|
@qkmaosjtu @ItsIgnacioPortal this is now implemented as an experimental feature, you can test it in the following apk: https://pcapdroid.org/fdroid/repo/PCAPdroid_1.7.2-754c6572.apk . For more details, check out 177d5b3 and https://t.me/pcapdroidnews/4 .
|
On newer Android versions, the uri does not contain the ".pcapng" extension See #351
This is needed to properly show the decrypted status and data See #351
|
Here is a new apk with the following fixes:
https://pcapdroid.org/fdroid/repo/PCAPdroid_1.7.2-b5a594cc.apk |
|
I've now confirmed that the feature works. @emanuele-f Thank you for implementing it! |
In recent versions, pcapdroid has received an upgrade that allows it to open pcap files. This is great, but it's missing the feature of importing the decryption keys. Without importing the decryption keys, pcapdroid can't decrypt the HTTPS traffic from pcap files.
The text was updated successfully, but these errors were encountered: