GitHub/PCAPdroid
1
0
Fork 0
mirror of https://github.com/emanuele-f/PCAPdroid.git synced 2026-05-08 21:12:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add ability to disable blocking of private DNS

Browse Source 
Closes #164
This commit is contained in:
emanuele-f
2022-05-27 16:59:08 +02:00
parent ec9bc2fc33
commit 7433dcf9de
7 changed files with 41 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/src/main/java/com/emanuelef/remote_capture/CaptureService.java
+1 -1
View File
@@ -611,7 +611,7 @@ public class CaptureService extends VpnService implements Runnable {
boolean opportunistic_mode = !strict_mode && linkProperties.isPrivateDnsActive();
Log.d(TAG, "Private DNS: " + (strict_mode ? "strict" : (opportunistic_mode ? "opportunistic" : "off")));
if(!mSettings.root_capture) {
if(!mSettings.root_capture && mSettings.auto_block_private_dns) {
mDnsEncrypted = strict_mode;
/* Private DNS can be in one of these modes:
app/src/main/java/com/emanuelef/remote_capture/activities/SettingsActivity.java
+4
View File
@@ -125,6 +125,7 @@ public class SettingsActivity extends BaseActivity implements PreferenceFragment
private SwitchPreference mBlockQuic;
private SwitchPreference mFullPayloadEnabled;
private SwitchPreference mRootCaptureEnabled;
private SwitchPreference mAutoBlockPrivateDNS;
private EditTextPreference mSocks5ProxyIp;
private EditTextPreference mSocks5ProxyPort;
private Preference mTlsHelp;
@@ -251,6 +252,7 @@ public class SettingsActivity extends BaseActivity implements PreferenceFragment
@SuppressWarnings("deprecation")
private void setupTrafficInspectionPrefs() {
mTlsHelp = requirePreference("tls_how_to");
mAutoBlockPrivateDNS = requirePreference("auto_block_private_dns");
mTlsDecryption = requirePreference(Prefs.PREF_TLS_DECRYPTION_KEY);
mTlsDecryption.setOnPreferenceChangeListener((preference, newValue) -> {
@@ -365,6 +367,7 @@ public class SettingsActivity extends BaseActivity implements PreferenceFragment
private void rootCaptureHideShow(boolean enabled) {
if(enabled) {
mTlsDecryption.setVisible(false);
mAutoBlockPrivateDNS.setVisible(false);
mSocks5Enabled.setVisible(false);
mSocks5ProxyIp.setVisible(false);
mSocks5ProxyPort.setVisible(false);
@@ -373,6 +376,7 @@ public class SettingsActivity extends BaseActivity implements PreferenceFragment
mBlockQuic.setVisible(false);
} else {
mTlsDecryption.setVisible(true);
mAutoBlockPrivateDNS.setVisible(true);
fullPayloadHideShow(mTlsDecryption.isChecked());
mBlockQuic.setVisible(mTlsDecryption.isChecked());
socks5ProxyHideShow(mTlsDecryption.isChecked(), mSocks5Enabled.isChecked());
app/src/main/java/com/emanuelef/remote_capture/model/CaptureSettings.java
+3
View File
@@ -21,6 +21,7 @@ public class CaptureSettings implements Serializable {
public boolean pcapdroid_trailer;
public boolean full_payload;
public boolean block_quic;
public boolean auto_block_private_dns;
public String capture_interface;
public String pcap_uri;
public int snaplen = 0;
@@ -44,6 +45,7 @@ public class CaptureSettings implements Serializable {
tls_decryption = Prefs.getTlsDecryptionEnabled(prefs);
full_payload = Prefs.getFullPayloadMode(prefs);
block_quic = Prefs.blockQuic(prefs);
auto_block_private_dns = Prefs.isPrivateDnsBlockingEnabled(prefs);
}
public CaptureSettings(Intent intent) {
@@ -66,6 +68,7 @@ public class CaptureSettings implements Serializable {
tls_decryption = getBool(intent, Prefs.PREF_TLS_DECRYPTION_KEY, false);
full_payload = false;
block_quic = getBool(intent, Prefs.PREF_BLOCK_QUIC, false);
auto_block_private_dns = getBool(intent, Prefs.PREF_AUTO_BLOCK_PRIVATE_DNS, true);
}
private static String getString(Intent intent, String key, String def_value) {
app/src/main/java/com/emanuelef/remote_capture/model/Prefs.java
+2
View File
@@ -65,6 +65,7 @@ public class Prefs {
public static final String PREF_TLS_DECRYPTION_SETUP_DONE = "tls_decryption_setup_ok";
public static final String PREF_FULL_PAYLOAD = "full_payload";
public static final String PREF_BLOCK_QUIC = "block_quic";
public static final String PREF_AUTO_BLOCK_PRIVATE_DNS = "auto_block_private_dns";
public enum DumpMode {
NONE,
@@ -125,4 +126,5 @@ public class Prefs {
public static boolean isTLSDecryptionSetupDone(SharedPreferences p) { return(p.getBoolean(PREF_TLS_DECRYPTION_SETUP_DONE, false)); }
public static boolean getFullPayloadMode(SharedPreferences p) { return(p.getBoolean(PREF_FULL_PAYLOAD, false)); }
public static boolean blockQuic(SharedPreferences p) { return(getTlsDecryptionEnabled(p) && p.getBoolean(PREF_BLOCK_QUIC, false)); }
public static boolean isPrivateDnsBlockingEnabled(SharedPreferences p) { return(p.getBoolean(PREF_AUTO_BLOCK_PRIVATE_DNS, true)); }
}
app/src/main/res/values/strings.xml
+2
View File
@@ -342,4 +342,6 @@
<string name="no_root_firewall">No-root firewall</string>
<string name="block_quick">Block QUIC</string>
<string name="block_quick_summary">Block QUIC connections to possibly fallback to TLS. Some apps may stop working</string>
<string name="block_private_dns">Block private DNS</string>
<string name="block_private_dns_summary">Detect and possibly block private DNS to inspect DNS traffic. Disabling this can hinder detection</string>
</resources>
app/src/main/res/xml/root_preferences.xml
+7
View File
@@ -45,6 +45,13 @@
</PreferenceCategory>
<PreferenceCategory app:title="@string/traffic_inspection" app:iconSpaceReserved="false" app:key="traffic_inspection">
<SwitchPreference
android:key="auto_block_private_dns"
app:title="@string/block_private_dns"
app:summary="@string/block_private_dns_summary"
app:iconSpaceReserved="false"
app:defaultValue="true" />
<Preference
android:key="geolocation"
app:title="@string/geolocation"
docs/app_api.md
+22 -20
View File
@@ -69,28 +69,30 @@ Applications interfacing with PCAPdroid should use the `startActivityForResult`
As shown above, the capture settings can be specified by using intent extras. The updated list of all the supported parameters is available in
[CaptureSettings.java](https://github.com/emanuele-f/PCAPdroid/blob/master/app/src/main/java/com/emanuelef/remote_capture/model/CaptureSettings.java).
| Parameter | Type | Ver | Value |
|-------------------------|--------|-----|--------------------------------------------------------------------|
| pcap_dump_mode | string | | none \| http_server \| udp_exporter \| pcap_file |
| app_filter | string | | the package name of the app to capture |
| collector_ip_address | string | | the IP address of the collector in udp_exporter mode |
| collector_port | int | | the UDP port of the collector in udp_exporter mode |
| http_server_port | int | | the HTTP server port in http_server mode |
| pcap_uri | string | | the URI for the PCAP dump in pcap_file mode |
| socks5_enabled | bool | | true to redirect the TCP connections to a SOCKS5 proxy |
| socks5_proxy_ip_address | string | | the IP address of the SOCKS5 proxy |
| socks5_proxy_port | int | | the TCP port of the SOCKS5 proxy |
| ipv6_enabled | bool | | true to enable IPv6 support in non-root mode |
| root_capture | bool | | true to capture packets in root mode, false to use the VPNService |
| pcapdroid_trailer | bool | | true to enable the PCAPdroid trailer |
| capture_interface | string | | @inet \| any \| ifname - network interface to use in root mode |
| snaplen | int | 43 | max size in bytes for each individual packet in the PCAP dump |
| max_pkts_per_flow | int | 43 | only dump the first max_pkts_per_flow packets per flow |
| max_dump_size | int | 43 | max size in bytes for the PCAP dump |
| tls_decryption | bool | 49 | true to enable the built-in TLS decryption |
| block_quic | bool | 51 | true to block QUIC traffic |
| Parameter | Type | Ver | Mode | Value |
|-------------------------|--------|-----|------|--------------------------------------------------------------------|
| pcap_dump_mode | string | | | none \| http_server \| udp_exporter \| pcap_file |
| app_filter | string | | | the package name of the app to capture |
| collector_ip_address | string | | | the IP address of the collector in udp_exporter mode |
| collector_port | int | | | the UDP port of the collector in udp_exporter mode |
| http_server_port | int | | | the HTTP server port in http_server mode |
| pcap_uri | string | | | the URI for the PCAP dump in pcap_file mode |
| socks5_enabled | bool | | vpn | true to redirect the TCP connections to a SOCKS5 proxy |
| socks5_proxy_ip_address | string | | vpn | the IP address of the SOCKS5 proxy |
| socks5_proxy_port | int | | vpn | the TCP port of the SOCKS5 proxy |
| ipv6_enabled | bool | | vpn | true to enable IPv6 support |
| root_capture | bool | | | true to capture packets in root mode, false to use the VPNService |
| pcapdroid_trailer | bool | | | true to enable the PCAPdroid trailer |
| capture_interface | string | | root | @inet \| any \| ifname - network interface to use in root mode |
| snaplen | int | 43 | | max size in bytes for each individual packet in the PCAP dump |
| max_pkts_per_flow | int | 43 | | only dump the first max_pkts_per_flow packets per flow |
| max_dump_size | int | 43 | | max size in bytes for the PCAP dump |
| tls_decryption | bool | 49 | vpn | true to enable the built-in TLS decryption |
| block_quic | bool | 51 | vpn | true to block QUIC traffic |
| auto_block_private_dns | bool | 51 | vpn | true to detect and possibly block private DNS to inspect traffic |
The `Ver` column indicates the minimum PCAPdroid version required to use the given parameter. The PCAPdroid version can be queried via the `get_status` action as explained below.
The `Mode` column indicates if the option applies to any mode or only to the VPN or root mode.
*NOTE*: due to [file storage restrictions](https://developer.android.com/about/versions/11/privacy/storage), the `pcap_uri` must point to an app internal directory, e.g. `file:///data/user/0/com.emanuelef.remote_capture/cache/dump.pcap`.