Hi,

I have been testing friTap on Pixel 6a with Android 13. The device is rooted using magisk. Although I'm able to capture "full_capture" as it is done via tcpdump, none of the plaintext traffic is being captured for some reason.

Initial investigation made me realise that it is due to the fact that none of the "datalog" entries are being forwarded. message["contentType"] = "datalog". Could this mean that the hooks on native SSL libraries does not work for Android 13?

The full_capture has the purpose to have a full PCAP with all its data without the decrypted Payload. Normally this feature should only invoked when the keys are exported. The usually workflow is to use the logged keys later to decrypt the PCAP for instance in Wireshark.

To avoid confusion we will update the usage in a way, that the user receives infos while trying a full capture. Therefore thx for reporting this :-)

Just to clarify:

• --full_capture means full packet capture with tcpdump therefore no plaintext pcap. To decrypt it the keys from -k <keylog> can be used
• -p <pcap> means we will only get a plaintext pcap with the plaintext data from the identified TLS traffic.

Depending on the app it still works on Android 13 although there are some apps where it doesn't work on Android.

So it actually depends on the used app and its used TLS library :-)

Because I can't reproduce the issue in general I will close this issue. If you encounter this problem with different Android Apps on Android 13 I will have a look into this.