Load custom mitmproxy addons from a directory

Question

Load custom mitmproxy addons from a directory

emanuele-f opened this issue a year ago · comments

As suggested in emanuele-f/PCAPdroid#326 (comment), this gives users the ability to write their own scripts and load them without the need to modify the app, unless custom python dependencies are required.

As the first integration, we just need the ability to:

scan user directory for custom addons (requires READ_EXTERNAL_STORAGE)
show the found addons in the app UI
add ability to enable/disable an addon
the Js Injector addon would be an internal addon, shipped with the app
maybe add an error message below the addon if it fails to load

Later this could be extended to allow the addons to create their own UI via the chaquopy api. This should be evaluated in more detail

Add link to the PCAPdroid docs, with an example addon
In PCAPdroid, show the names of the addon executed on a particular connection (similar to JS injector scripts)
Show an error in the UI in case loading an addon fails
Possible reorganize folder structure to support other files (e.g. js scripts)

sachinjsd commented a year ago

Need help

Emanuele Faranda · Answer 1 · Mon Jun 26 2023 04:51:10 GMT+0800 (China Standard Time)

It's now possible to load addons from the device storage, and toggle them on/off.

Due to the changes in Android SAF API, in recent Android versions it's not possible anymore to read a public directory such as /storage/emulated/0/PCAPdroid-mitm via this path. Instead, the user is expected to select the directory, and the app can only access such files via the ContentResolver. Even after the user gives the permission, Python still cannot import such files via their absolute path (leads to "permission denied"). The workaround used here is to copy the files to the app private dir, which can then be accessed normally by python.

TODO:

Show an error in the UI in case loading an addon fails
Possible reorganize folder structure to support other files (e.g. js scripts)
In PCAPdroid, show the names of the addon executed on a particular connection (similar to JS injector scripts)
Add link to the PCAPdroid docs, with an example addon

Emanuele Faranda · Answer 2 · Sat Feb 10 2024 23:32:30 GMT+0800 (China Standard Time)

This is now available in PCAPdroid 1.7.0. Documented in https://emanuele-f.github.io/PCAPdroid/tls_decryption#36-custom-mitmproxy-addons