Skip to content

Improve full payload mode #398

Description

@emanuele-f

The current implementation of the full payload option is quite limiting, as it's almost "all or nothing". With the introduction of the decryption rules, since the TLS decryption can now happen during normal monitoring, it's often necessary to review some decrypted data in full while avoiding the app from going out of memory because of the full payload.

In essence we need a more dynamic approach, here are some ideas:

  • give the user the ability to selectively enable the full payload at runtime. Also possibly evaluate to enable it always for decrypted connections
  • always keep the most recent x MB of payload in memory, so that the user can always review the most recent connections payload
  • possibly implement an alternative file-backed payload dump to overcome the ram limits

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions