PCAPdroid icon indicating copy to clipboard operation
PCAPdroid copied to clipboard

Published 20 hours ago verified publisher icon emanuele-f

Improve full payload mode

Open emanuele-f opened this issue 1 year ago • 1 comments

The current implementation of the full payload option is quite limiting, as it's almost "all or nothing". With the introduction of the decryption rules, since the TLS decryption can now happen during normal monitoring, it's often necessary to review some decrypted data in full while avoiding the app from going out of memory because of the full payload.

In essence we need a more dynamic approach, here are some ideas:

  • give the user the ability to selectively enable the full payload at runtime. Also possibly evaluate to enable it always for decrypted connections
  • always keep the most recent x MB of payload in memory, so that the user can always review the most recent connections payload
  • possibly implement an alternative file-backed payload dump to overcome the ram limits

emanuele-f avatar Jan 14 '24 09:01 emanuele-f

For local storage backend, I have been using Stream on iOS to do sniffing, it's easy to save and review history data, maybe you can have a try to get some inspiration.

narumi147 avatar Feb 04 '24 22:02 narumi147