Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Read PCAPdroid extensions metadata from Pcapng #479

Open
emanuele-f opened this issue Jan 4, 2025 · 0 comments
Open

Read PCAPdroid extensions metadata from Pcapng #479

emanuele-f opened this issue Jan 4, 2025 · 0 comments
Labels
enhancement New feature or request
Milestone
1.8.0

Comments

@emanuele-f
Copy link
Owner

4a28879 introduced the ability to dump app metadata to the Pcapng file. However, currently such a data can only be consumed by external tools like Wireshark.

Similarly to what is already implemented when reading from PCAP, it's necessary to add the ability to load the app info from the Pcapng format. However, this requires some major rework on how packets are captured.

  1. Rework the capture to read the packets directly from the PCAP/Pcapng, instead of relying on pcapd (libpcap). See pcapng_to_keylog. This allows reading the raw Pcapng blocks
  2. Read the UID from the Pcapng metadata and set it in the connection data, like done for the PCAP file
  3. Additionally, if the app for the given UID is uninstalled, create a virtual app, using the package name and app name from the Pcapng dump
  4. Evaluate dumping the app icon too
@emanuele-f emanuele-f added the enhancement New feature or request label Jan 4, 2025
@emanuele-f emanuele-f added this to the 1.8.0 milestone Jan 4, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
1.8.0
Development

No branches or pull requests
1 participant
@emanuele-f