When decrypting PCAP/Pcapng, the HTTP/2 replies would be mismatched
when HTTP/2 multiplexing was used and replies were received out of order.
To fix this, keep track of the HTTP/2 stream IDs to correcly match HTTP
requests to replies
A new "Decrypt PCAP file" entry has been added to the main menu,
which allows loading a PCAP+keylog or a Pcapng with secrets and
show the decrypted data in PCAPdroud.
The decryption itself is performed by Wireshark, which is built as
the standalone shared library libushark.so, thanks to ushark.
The shared library is loaded via dlopen to allow proper
re-initialization of the static variables in Wireshark. This also
provides the benefit to avoud unnecessary overhead and possible
inteferences when not used.
HTTP/2 reassembly is properly supported (implemented in ushark)
and content decoding works as expected.
See #351
When loading a PCAP file, if there is a PCAPdroid trailer available,
use its uid to associate the connections to the originating app.
Currently this assumes that the uid mapping has not changed, e.g. the
app for a specific uid has not been uninstalled.
In VPN mode, it's now possible to redirect the traffic of specific
ports towards another host and port. This makes it possible to
integrate PCAPdroid with other apps, by forwarding the traffic to
a local server.
Closes#274
The UAF could be triggered with a on_connection_close followed by a
conns_clear and by a zdtun_lookup on the connection. Fixed in zdtun,
which now doesn't return closed connections.
The getParameterCount is only available since API level 26. Using a
patched MaxMind-DB-Reader-java to avoid crashing.
https://developer.android.com/reference/java/lang/reflect/Method#getParameterCount()
java.lang.NoSuchMethodError: No virtual method getParameterCount()I in class Ljava/lang/reflect/Constructor; or its super classes (declaration of 'java.lang.reflect.Constructor' appears in /system/framework/core-oj.jar)
at com.maxmind.db.Decoder.decodeMapIntoObject(Decoder.java:397)
at com.maxmind.db.Decoder.decodeMap(Decoder.java:342)
at com.maxmind.db.Decoder.decodeByType(Decoder.java:162)
at com.maxmind.db.Decoder.decode(Decoder.java:151)
at com.maxmind.db.Decoder.decode(Decoder.java:76)
at com.maxmind.db.Reader.<init>(Reader.java:133)
at com.maxmind.db.Reader.<init>(Reader.java:90)
at com.emanuelef.remote_capture.Geolocation.openDb(Geolocation.java:67)
Periodic tasks are now based on a monotonic timer. The timestamp in
the exported PCAP now corresponds to the original timestamp when using
root. Moreover, in-app first/last seen time now displays the milliseconds.
Closes#89
Connections with random ports sometimes appeared while capturing packets
as root, in particular while exporting data via the UDP exporter. These
were actually IP fragments, whose data was misinterpreted due to the
lack of L4 headers.
emanuele-f