gui and https traffic
286 views
Skip to first unread message
tmdb
Mar 25, 2011, 2:57:20 PM3/25/11
to Mallory Proxy
I've got Mallory running and the GUI is displaying traffic--but only
HTTP traffic. HTTPS sites, nothing. I've tried commenting out the
"nonstandard port" lines (trying anything!) separately and together
with and without CLI parameters--both -p sslproto.SSLProtocol and -p
https.HTTPS when starting Mallory. A lot of variations to try and none
of them work--no HTTPS traffic in the GUI. It does show up in the
trafficdb files so I know it is capturing it but as far as the GUI
goes--Nothing works! Days and days of trying. I'm setting this up for
a user who needs the GUI functionality, plus it is way easier to
read!
I followed the very good guide from the website, plus the bit about
the GUI Tuning from the Mallory Minimal guide on bitbucket.org/
IntrepidusGroup/mallory. A side note is that the images don't flip
either but my main priority is getting all of the traffic through the
GUI.
oh--do have the Mallory cert on the phone
Any help would be greatly appreciated.
tmdb
HTTP traffic. HTTPS sites, nothing. I've tried commenting out the
"nonstandard port" lines (trying anything!) separately and together
with and without CLI parameters--both -p sslproto.SSLProtocol and -p
https.HTTPS when starting Mallory. A lot of variations to try and none
of them work--no HTTPS traffic in the GUI. It does show up in the
trafficdb files so I know it is capturing it but as far as the GUI
goes--Nothing works! Days and days of trying. I'm setting this up for
a user who needs the GUI functionality, plus it is way easier to
read!
I followed the very good guide from the website, plus the bit about
the GUI Tuning from the Mallory Minimal guide on bitbucket.org/
IntrepidusGroup/mallory. A side note is that the images don't flip
either but my main priority is getting all of the traffic through the
GUI.
oh--do have the Mallory cert on the phone
Any help would be greatly appreciated.
tmdb
Jeremy Allen
Mar 27, 2011, 10:46:06 AM3/27/11
to Mallory Proxy
If you have the HTTPS protocol running the traffic will not show in
the GUI. Are you sure the rules are set up to have one default "Debug"
rule and no others? It *should* be capturing the HTTPS traffic using
the SSLProtocol. Only TCPProtocol and SSLProtocol can send traffic to
the GUI. All other protocols are essentially Python implementations
that "decode" data and let you manipulate the data in Python. I
recommend editing mallory.py and turning on SSLProtocol on the port of
interest, setting up your default Debug rule and then turning in
"Intercept" and seeing if the traffic shows up.
If it does not, you can drop a sanitized log in here and we can
troubleshoot from there.
Thanks,
the GUI. Are you sure the rules are set up to have one default "Debug"
rule and no others? It *should* be capturing the HTTPS traffic using
the SSLProtocol. Only TCPProtocol and SSLProtocol can send traffic to
the GUI. All other protocols are essentially Python implementations
that "decode" data and let you manipulate the data in Python. I
recommend editing mallory.py and turning on SSLProtocol on the port of
interest, setting up your default Debug rule and then turning in
"Intercept" and seeing if the traffic shows up.
If it does not, you can drop a sanitized log in here and we can
troubleshoot from there.
Thanks,
tmdb
Mar 29, 2011, 10:00:50 AM3/29/11
to Mallory Proxy
Thanks so much for the reply. I will try again today--i thought i was
sure about the rules but as I write this, hmmmm--I have kept "Default"
or I have kept "Default" and the 2 "debug" rules. Are you saying to
keep one of the "debug" rules and not the "Default" rule?
I will also re-try with just the SSLProtocol--again, to clarify: in
mallory.py, comment out all the mallory.configure_protocol lines at
the bottom of the file and start Mallory with "python mallory.py -p
sslproto.SSLProtocol." then "python launchgui.py." OR edit mallory.py
as you said (uncomment the SSLProtocol) and launching it without the
parameter in the command.
Sorry for so many questions/clarifications--I sooo want to get this
working today.
I will send sanitized log if nec.
thanks again
tmdb
sure about the rules but as I write this, hmmmm--I have kept "Default"
or I have kept "Default" and the 2 "debug" rules. Are you saying to
keep one of the "debug" rules and not the "Default" rule?
I will also re-try with just the SSLProtocol--again, to clarify: in
mallory.py, comment out all the mallory.configure_protocol lines at
the bottom of the file and start Mallory with "python mallory.py -p
sslproto.SSLProtocol." then "python launchgui.py." OR edit mallory.py
as you said (uncomment the SSLProtocol) and launching it without the
parameter in the command.
Sorry for so many questions/clarifications--I sooo want to get this
working today.
I will send sanitized log if nec.
thanks again
tmdb
tmdb
Apr 6, 2011, 11:50:13 AM4/6/11
to Mallory Proxy
thanks again for the reply. and sorry for the delay in reporting
success. i was able to see traffic in the GUI when visiting https
websites, following your advice. thank you. but now i am trying the
same with apps. i get an ssl error after i have put in the pwd.
mallory reports--"error connecting to remote" and cites a few files,
and the iphone reports that it can't connect to the remote server and
to check the date and time settings! needless to say, nothing happens
after that. time is set on 24 hour.
any ideas? i have to run but wanted to get this question in before i
left.
thanks
tmdb
success. i was able to see traffic in the GUI when visiting https
websites, following your advice. thank you. but now i am trying the
same with apps. i get an ssl error after i have put in the pwd.
mallory reports--"error connecting to remote" and cites a few files,
and the iphone reports that it can't connect to the remote server and
to check the date and time settings! needless to say, nothing happens
after that. time is set on 24 hour.
any ideas? i have to run but wanted to get this question in before i
left.
thanks
tmdb
Reply all
Reply to author
Forward
0 new messages