Mallory SSL error

[Etienne Stalmans]

Hi 

I've been bashing my head against a wall, literally, for the last few days. I've got Mallory up and running like a dream

inside a VM and doing MiTM attack using a wireless access point. The problem comes in when trying to MiTM

SSL, I receive the following error:

SSLError: [Errno 8] _ssl.c:480: EOF occurred in violation of protocol

The full trace looks as follows:

[*] [2012-02-08 08:42:37,427] DEBUG:SSLProto: Client Closed SSL Connection

Traceback (most recent call last):

  File "/root/mallory/mallory/src/protocol/sslproto.py", line 51, in configure_client_socket

    ssl_version=ssl.PROTOCOL_SSLv23)

  File "/usr/lib/python2.6/ssl.py", line 350, in wrap_socket

    suppress_ragged_eofs=suppress_ragged_eofs)

  File "/usr/lib/python2.6/ssl.py", line 118, in __init__

    self.do_handshake()

  File "/usr/lib/python2.6/ssl.py", line 293, in do_handshake

    self._sslobj.do_handshake()

SSLError: [Errno 8] _ssl.c:480: EOF occurred in violation of protocol

Any ideas/help/solutions?

Thanks in advance!!

[Rajendra Umadas]

Did you install the CA cert on the client?

 

Raj

[Etienne Stalmans]

ca.cer found in mallory/src/ca correct?

I've tried it on both iPhone and Android and get the same problem. 

[Rajendra Umadas]

That is the correct certificate. Did you install it on both devices?

[Etienne Stalmans]

Yes I did, it was working on the iphone previously. I'm going to try reload the cert and try again. 

Could be that i've messed up somewhere along the line. 

Thanks!

[Rajendra Umadas]

Hum... Weird.. It might be possible that you deleted the ca.cer at some point.. and mallory regenerated it. If this happend the ca.cer would be regenerated. 

[Etienne Stalmans]

Thanks for the speedy response.

I think this might be the problem. I've reloaded the cert on the Android without luck, but I think this might be a problem with the device itself. 

I'll try the iphone again when I can get my hands on it. 

Thanks

[Rajendra Umadas]

For the android.. what version of android are you using?

[esta...@gmail.com]

Hi Raj

I've done some more testing with some other MiTM proxies and it appears that the problem lies with android. Using an early build of ICS 4.0, think the support isnt quite there yet.

Thanks for the help (and for Mallory! ;) )

[Rajendra Umadas]

Welcome. Thanks for using it. I hope i can start developing for it soon. One last thing.. for ICS... you need to import certs in a totally different manner. I know that there is a directory of cacerts now. You will need to look into importing the ca cert into ICS. might need to google that. 

[Matt Stofko]

Hi there,
I'm getting a very similar error, except I never get a timeout (or I haven't waited long enough to get one). I hit control-C to kill the thread and Mallory continues on. Here's what it looks like:

Traceback (most recent call last):

  File "/home/mallory/mallory/mallory/src/protocol/sslproto.py", line 45, in configure_client_socket

    ssl_version=ssl.PROTOCOL_SSLv23)

  File "/usr/lib/python2.6/ssl.py", line 350, in wrap_socket

    suppress_ragged_eofs=suppress_ragged_eofs)

  File "/usr/lib/python2.6/ssl.py", line 118, in __init__

    self.do_handshake()

  File "/usr/lib/python2.6/ssl.py", line 293, in do_handshake

    self._sslobj.do_handshake()

KeyboardInterrupt

This is with anything I try. Android, iPhone, OS X. I do have the cert installed on all of those machines. I also don't encounter this issue when using the VMware file downloaded directly from the mallory site, this is on a PC I am running Ubuntu 10 on. Any ideas or help would be appreciated.