Android app that intercepts and decrypts local Home Connect appliance traffic by spoofing mDNS and proxying WebSocket connections.
HomeCap discovers Home Connect appliances on the local network via mDNS (_homeconnect._tcp.local.), then redirects the official Home Connect app's traffic through a local proxy by spoofing mDNS responses. The proxy relays WebSocket frames bidirectionally while optionally decrypting and logging the payload.
graph LR
App[HC App] -- "WebSocket<br/>(masked)" --> Proxy[HomeCap Proxy]
Proxy -- "WebSocket" --> HA[Real Appliance]
HA -- "WebSocket" --> Proxy
Proxy -- "WebSocket<br/>(relayed)" --> App
Proxy -- "Sniff Thread" --> Decrypt[Decrypt + Log<br/>AES-CBC / TLS plaintext]
Decrypt --> Export[JSON Export<br/>Downloads/]
mDNS[mDNS Spoof] -. "cache-flush<br/>overrides real IP" .-> App
style Proxy fill:#4CAF50,color:#fff
style mDNS fill:#FF9800,color:#fff
sequenceDiagram
participant App as HC App
participant HC as HomeCap
participant HA as Appliance
Note over HC: mDNS Discovery
HA->>HC: mDNS response (real IP)
HC->>HC: Store appliance info
Note over HC: User starts capture
App->>HC: mDNS query (_homeconnect._tcp)
HC->>App: Spoofed mDNS (appliance hostname -> proxy IP)
Note over HC: Proxy session
App->>HC: WebSocket upgrade
HC->>HA: Forward upgrade verbatim
HA->>HC: 101 Switching Protocols
HC->>App: Forward 101
loop Bidirectional relay
App->>HC: WS frame (masked)
HC->>HA: Forward raw bytes
HC->>HC: Sniff + decrypt (AES/TLS)
HA->>HC: WS frame (unmasked)
HC->>App: Forward raw bytes
HC->>HC: Sniff + decrypt
end
| Mode | Port | Encryption | Proxy class |
|---|---|---|---|
| AES | 80 | AES-256-CBC with HMAC-SHA256 chain | WebSocketProxy |
| TLS | 443 | TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 (TLSv1.2) | TlsPskProxy |
- mDNS discovery of Home Connect appliances on the local network
- mDNS spoofing (reactive + proactive) redirects only the selected appliance
- WebSocket MITM proxy with transparent handshake forwarding
- AES-CBC decryption with per-session decryptor (CBC state isolation)
- TLS-PSK MITM using Conscrypt for
ECDHE_PSK_WITH_CHACHA20_POLY1305 - VPN-based NAT fallback for clients with cached DNS entries
- Live notification with green icon on active connection, vibration on first connect, message/session counters
- JSON export of decoded messages to
Downloads/ - Profile import from Home Connect Profile Downloader ZIP files
- Credential persistence per appliance in SharedPreferences
- Android 11+ (API 30)
- Device connected to the same Wi-Fi network as the Home Connect appliances
- AES key + IV or TLS PSK for the target appliance (obtainable via homeconnect-profile-downloader)
./gradlew assembleDebug- Start the app -- mDNS discovery begins automatically
- Select an appliance from the discovery list
- Enter credentials (AES key/IV or TLS PSK) or load from a Profile Downloader ZIP
- Start Capture -- the proxy starts, mDNS spoofing activates, VPN NAT is established
- Open the Home Connect app -- traffic is intercepted and decoded in real time
- Export captured messages as JSON to the Downloads folder
Licensed under the Apache License, Version 2.0. See LICENSE for details.