GitHub/PCAPdroid
1
0
Fork 0
mirror of https://github.com/emanuele-f/PCAPdroid.git synced 2026-05-08 21:12:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add section about user addons

Browse Source
This commit is contained in:
Emanuele Faranda
2024-02-10 15:45:06 +01:00
committed by GitHub
parent f824b69bd4
commit 4f196b0597
1 changed files with 66 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tls_decryption.md
+66
View File
@@ -145,3 +145,69 @@ After installing `mitmproxy`, you need to perform the following steps:
5. Run mitmproxy in SOCKS5 mode, e.g. via `mitmproxy --mode socks5 --listen-port 8050`
PCAPdroid will now redirect all the TCP traffic to the mitmproxy server, which will proxy the connections and decrypt the TLS traffic. Please note that the PCAP generated by PCAPdroid will still contain the encrypted traffic with the original IP destinations and ports.
## 3.6 Custom Mitm Addons
Since PCAPdroid 1.7.0, you can load your custom [mitmproxy addons](https://docs.mitmproxy.org/stable/addons-overview). The following example will show how to do this to modify the HTTP response of a website.
First of all you need to specify the directory from where the addons should be loaded. To do this, create new directory on the device (`/sdcard/PCAPdroid_addons` in this example), then open PCAPdroid mitm, tap on "Addons" and then on "Set user dir".
<p align="center">
<img src="https://raw.githubusercontent.com/emanuele-f/PCAPdroid/gh-pages/images/addons_1.png" width="250" />
</p>
<p align="center">
<img src="https://raw.githubusercontent.com/emanuele-f/PCAPdroid/gh-pages/images/addons_2.png" width="250" />
</p>
Select "Allow" to grant PCAPdroid the ability to read the directory.
<p align="center">
<img src="https://raw.githubusercontent.com/emanuele-f/PCAPdroid/gh-pages/images/addons_3.png" width="250" />
</p>
In that directory, create the following script (or create on a pc and transfer via `adb push "Modify HTTP.py" /sdcard/PCAPdroid_addons`):
```python
# Modify HTTP.py
class ModifyHttp:
def response(self, flow):
if flow.request.pretty_url == "https://example.com/":
flow.response.content = flow.response.content.replace(
b"Example Domain",
b"Modified by PCAPdroid mitm")
print("HTTP response modified")
addons = [ModifyHttp()]
```
This addon will modify the HTTP response of the "https://example.com" page, by changing the "Example Domain" text with "Modified by PCAPdroid mitm".
After copying it to the addons dir, in the Addons activity click the refresh icon and the addon should appear. Now enable it via the toggle and restart the PCAPdroid capture with TLS decryption.
<p align="center">
<img src="https://raw.githubusercontent.com/emanuele-f/PCAPdroid/gh-pages/images/addons_4.png" width="250" />
</p>
The addon will only be executed on decrypted connections, so be sure to create a decryption rule either for the "example.com" domain or for your browser app.
<p align="center">
<img src="https://raw.githubusercontent.com/emanuele-f/PCAPdroid/gh-pages/images/addons_5.jpg" width="250" />
</p>
When connecting to https://example.com, you should now see the "Modified by PCAPdroid mitm" text.
<p align="center">
<img src="https://raw.githubusercontent.com/emanuele-f/PCAPdroid/gh-pages/images/addons_6.jpg" width="250" />
</p>
**Note**: the web browser may cache the HTTP reply, so be sure to flush the browser cache. To prevent this, you may consider adding `--anticache` to the "Additional mitmproxy option".
The mitm addon log will also show the "HTTP response modified" message, from the addon `print`.
<p align="center">
<img src="https://raw.githubusercontent.com/emanuele-f/PCAPdroid/gh-pages/images/addons_7.jpg" width="250" />
</p>
Check out the mitmproxy [addons](https://docs.mitmproxy.org/stable/addons-overview) and [events](https://docs.mitmproxy.org/stable/api/events.html) references to know more about the mitmproxy API to use in your addons.