Mobile Proxy

144 views

Skip to first unread message

Kevin Hulin

unread,

Jun 14, 2012, 1:42:00 PM6/14/12

to mallor...@googlegroups.com

Hi, I've recently begun doing some analysis of network traffic in mobile devices and was wondering what other people were using to accomplish this.

I've installed Mallory in an Ubuntu 11.10 VM using the set up script mentioned somewhere here, so it appears I have the latest version (I don't see a version number).

So far, I've been unsuccessful at actually getting any streams to show up in the GUI, so any help in correctly configuring my VM / network / etc would be appreciated :)

I do however see quite a bit of text in the console (I've enabled debug text in Mallory.py) (see below)

My setup is as follows:

My desktop (Win7 x64) receives internet via a hard wire connection (Readltek PCIe GBE Family Controller). In the VM, this interface is bridged to VMnet0 which is used as the outbound interface in Mallory.

I also have a USB wireless adapter (Belkin Play Wireless USB Adapter) through which I have created a hosted network (netsh wlan set hostednetwork ssid=coffee_shop key=password mode=allow; netsh wlan start hostednetwork) which I can connect to with my mobile device.

In the VM, the virtual adapter (Microsoft Virtual WiFi Miniport Adapter) is bridged to VMnet2 which is used in the VM as the MitM interface.

Now, on my mobile device, I set the IP statically to an unused network IP and configure the gateway to point to Mallory. Using Wireshark, I can see packets being sent from all components (Mallory, mobile device, and host PC) but it doesn't look like any traffic is being proxied / shown as streams in the GUI :(

(Below, Host is .1, Mallory is .236, Mobile device is .11)

[*] [2012-06-14 10:34:07,188] DEBUG:Matched UDP Rule: <class Rule Debug All -- addr:* port:* proto:* direction:* payload:* passthru:False (<rule.Debug object at 0x2c5c9d0>)>

[*] [2012-06-14 10:34:07,188] DEBUG:UDPProtocol[m]: sending data from ('192.168.173.11', 28916) to ('192.168.173.236', 53)

[*] [2012-06-14 10:34:07,188] DEBUG:UDPProtocol[m]: self.getssion returned 0

[*] [2012-06-14 10:34:07,189] DEBUG:UDPProtocol[m]: main thrd sending data to 192.168.173.236,53

[*] [2012-06-14 10:34:07,189] DEBUG:UDPProtocol[m]: no session found for caddr ('192.168.173.11', 28916). Creating one on sport=54242

[*] [2012-06-14 10:34:07,189] DEBUG:UDPProtocol[m]: Waiting for data

[*] [2012-06-14 10:34:07,190] INFO:UDPProtocol[t]: Starting receive thread for caddr=('192.168.173.11', 28916)using sport=54242

[*] [2012-06-14 10:34:07,335] DEBUG:UDPProtocol[t]: Terminating thread for [46638](192.168.173.11,9757) No more data

[*] [2012-06-14 10:34:07,371] DEBUG:UDPProtocol[m]: ('192.168.173.11', 63164) sent us '\xf2\xdd\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04pins\x06amazon\x03com\x00\x00\x01\x00'

[*] [2012-06-14 10:34:07,372] DEBUG:Matched UDP Rule: <class Rule Debug All -- addr:* port:* proto:* direction:* payload:* passthru:False (<rule.Debug object at 0x2c5c9d0>)>

[*] [2012-06-14 10:34:07,372] DEBUG:UDPProtocol[m]: sending data from ('192.168.173.11', 63164) to ('192.168.173.236', 53)

[*] [2012-06-14 10:34:07,373] DEBUG:UDPProtocol[m]: self.getssion returned 0

[*] [2012-06-14 10:34:07,373] DEBUG:UDPProtocol[m]: main thrd sending data to 192.168.173.236,53

[*] [2012-06-14 10:34:07,373] DEBUG:UDPProtocol[m]: no session found for caddr ('192.168.173.11', 63164). Creating one on sport=48607

[*] [2012-06-14 10:34:07,373] DEBUG:UDPProtocol[m]: Waiting for data

[*] [2012-06-14 10:34:07,373] INFO:UDPProtocol[t]: Starting receive thread for caddr=('192.168.173.11', 63164)using sport=48607

[*] [2012-06-14 10:34:07,718] DEBUG:UDPProtocol[m]: ('192.168.173.1', 137) sent us '\xba\xc9\x01\x10\x00\x01\x00\x00\x00\x00\x00\x00 EDEBFDFDEJEFCNFAEDC'

[*] [2012-06-14 10:34:07,720] DEBUG:Matched UDP Rule: <class Rule Debug All -- addr:* port:* proto:* direction:* payload:* passthru:False (<rule.Debug object at 0x2c5c9d0>)>

[*] [2012-06-14 10:34:07,721] DEBUG:UDPProtocol[m]: sending data from ('192.168.173.1', 137) to ('192.168.173.255', 137)

[*] [2012-06-14 10:34:07,721] DEBUG:UDPProtocol[m]: self.getssion returned 0

[*] [2012-06-14 10:34:07,721] DEBUG:UDPProtocol[m]: main thrd sending data to 192.168.173.255,137

[*] [2012-06-14 10:34:07,722] DEBUG:UDPProtocol[m]: no session found for caddr ('192.168.173.1', 137). Creating one on sport=45373

[*] [2012-06-14 10:34:07,722] DEBUG:UDPProtocol[m]: Waiting for data

[*] [2012-06-14 10:34:07,722] INFO:UDPProtocol[t]: Starting receive thread for caddr=('192.168.173.1', 137)using sport=45373

[*] [2012-06-14 10:34:08,467] DEBUG:UDPProtocol[m]: ('192.168.173.1', 137) sent us '\xba\xc9\x01\x10\x00\x01\x00\x00\x00\x00\x00\x00 EDEBFDFDEJEFCNFAEDC'

[*] [2012-06-14 10:34:08,473] DEBUG:Matched UDP Rule: <class Rule Debug All -- addr:* port:* proto:* direction:* payload:* passthru:False (<rule.Debug object at 0x2c5c9d0>)>

[*] [2012-06-14 10:34:08,473] DEBUG:UDPProtocol[m]: sending data from ('192.168.173.1', 137) to ('192.168.173.255', 137)

[*] [2012-06-14 10:34:08,473] DEBUG:UDPProtocol[m]: self.getssion returned 45373

[*] [2012-06-14 10:34:08,474] DEBUG:UDPProtocol[m]: Waiting for data

[*] [2012-06-14 10:34:08,476] DEBUG:UDPProtocol[m]: ('192.168.173.11', 44063) sent us '\xa88\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x0btodo-ta-g7g\x06amazon\x03'

[*] [2012-06-14 10:34:08,478] DEBUG:Matched UDP Rule: <class Rule Debug All -- addr:* port:* proto:* direction:* payload:* passthru:False (<rule.Debug object at 0x2c5c9d0>)>

[*] [2012-06-14 10:34:08,479] DEBUG:UDPProtocol[m]: sending data from ('192.168.173.11', 44063) to ('192.168.173.236', 53)

[*] [2012-06-14 10:34:08,480] DEBUG:UDPProtocol[m]: self.getssion returned 0

[*] [2012-06-14 10:34:08,480] DEBUG:UDPProtocol[m]: main thrd sending data to 192.168.173.236,53

[*] [2012-06-14 10:34:08,480] DEBUG:UDPProtocol[m]: no session found for caddr ('192.168.173.11', 44063). Creating one on sport=54687

[*] [2012-06-14 10:34:08,480] DEBUG:UDPProtocol[m]: Waiting for data

[*] [2012-06-14 10:34:08,480] INFO:UDPProtocol[t]: Starting receive thread for caddr=('192.168.173.11', 44063)using sport=54687

[*] [2012-06-14 10:34:08,483] DEBUG:UDPProtocol[t]: Terminating thread for [58959](192.168.173.11,26392) No more data

[*] [2012-06-14 10:34:08,500] DEBUG:UDPProtocol[t]: Terminating thread for [48539](192.168.173.11,38176) No more data

[*] [2012-06-14 10:34:08,687] DEBUG:UDPProtocol[m]: ('192.168.173.11', 51868) sent us '\xc6\xba\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x07atv-ext\x06amazon\x03com\x00'

[*] [2012-06-14 10:34:08,689] DEBUG:Matched UDP Rule: <class Rule Debug All -- addr:* port:* proto:* direction:* payload:* passthru:False (<rule.Debug object at 0x2c5c9d0>)>

[*] [2012-06-14 10:34:08,689] DEBUG:UDPProtocol[m]: sending data from ('192.168.173.11', 51868) to ('192.168.173.236', 53)

[*] [2012-06-14 10:34:08,689] DEBUG:UDPProtocol[m]: self.getssion returned 0

[*] [2012-06-14 10:34:08,689] DEBUG:UDPProtocol[m]: main thrd sending data to 192.168.173.236,53

[*] [2012-06-14 10:34:08,689] DEBUG:UDPProtocol[m]: no session found for caddr ('192.168.173.11', 51868). Creating one on sport=40294

[*] [2012-06-14 10:34:08,689] DEBUG:UDPProtocol[m]: Waiting for data

[*] [2012-06-14 10:34:08,690] INFO:UDPProtocol[t]: Starting receive thread for caddr=('192.168.173.11', 51868)using sport=40294

[*] [2012-06-14 10:34:08,702] DEBUG:UDPProtocol[t]: Terminating thread for [45977](192.168.173.11,50012) No more data

[*] [2012-06-14 10:34:09,022] DEBUG:UDPProtocol[t]: Terminating thread for [45518](192.168.173.11,44974) No more data

[*] [2012-06-14 10:34:09,052] DEBUG:UDPProtocol[m]: ('192.168.173.11', 27276) sent us 'f\x8b\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x05mtalk\x06google\x03com\x00\x00\x01'

[*] [2012-06-14 10:34:09,054] DEBUG:Matched UDP Rule: <class Rule Debug All -- addr:* port:* proto:* direction:* payload:* passthru:False (<rule.Debug object at 0x2c5c9d0>)>

[*] [2012-06-14 10:34:09,055] DEBUG:UDPProtocol[m]: sending data from ('192.168.173.11', 27276) to ('192.168.173.236', 53)

[*] [2012-06-14 10:34:09,055] DEBUG:UDPProtocol[m]: self.getssion returned 0

[*] [2012-06-14 10:34:09,055] DEBUG:UDPProtocol[m]: main thrd sending data to 192.168.173.236,53

[*] [2012-06-14 10:34:09,055] DEBUG:UDPProtocol[m]: no session found for caddr ('192.168.173.11', 27276). Creating one on sport=40444

[*] [2012-06-14 10:34:09,055] DEBUG:UDPProtocol[m]: Waiting for data

[*] [2012-06-14 10:34:09,060] INFO:UDPProtocol[t]: Starting receive thread for caddr=('192.168.173.11', 27276)using sport=40444

[*] [2012-06-14 10:34:09,174] DEBUG:UDPProtocol[m]: ('192.168.173.11', 15667) sent us '92\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x07atv-ext\x06amazon\x03com\x00'

[*] [2012-06-14 10:34:09,176] DEBUG:Matched UDP Rule: <class Rule Debug All -- addr:* port:* proto:* direction:* payload:* passthru:False (<rule.Debug object at 0x2c5c9d0>)>

[*] [2012-06-14 10:34:09,177] DEBUG:UDPProtocol[m]: sending data from ('192.168.173.11', 15667) to ('192.168.173.236', 53)

[*] [2012-06-14 10:34:09,177] DEBUG:UDPProtocol[m]: self.getssion returned 0

[*] [2012-06-14 10:34:09,177] DEBUG:UDPProtocol[m]: main thrd sending data to 192.168.173.236,53

[*] [2012-06-14 10:34:09,177] DEBUG:UDPProtocol[m]: no session found for caddr ('192.168.173.11', 15667). Creating one on sport=47383

[*] [2012-06-14 10:34:09,177] DEBUG:UDPProtocol[m]: Waiting for data

[*] [2012-06-14 10:34:09,178] INFO:UDPProtocol[t]: Starting receive thread for caddr=('192.168.173.11', 15667)using sport=47383

[*] [2012-06-14 10:34:09,218] DEBUG:UDPProtocol[m]: ('192.168.173.1', 137) sent us '\xba\xc9\x01\x10\x00\x01\x00\x00\x00\x00\x00\x00 EDEBFDFDEJEFCNFAEDC'

[*] [2012-06-14 10:34:09,220] DEBUG:Matched UDP Rule: <class Rule Debug All -- addr:* port:* proto:* direction:* payload:* passthru:False (<rule.Debug object at 0x2c5c9d0>)>

[*] [2012-06-14 10:34:09,221] DEBUG:UDPProtocol[m]: sending data from ('192.168.173.1', 137) to ('192.168.173.255', 137)

[*] [2012-06-14 10:34:09,221] DEBUG:UDPProtocol[m]: self.getssion returned 45373

[*] [2012-06-14 10:34:09,222] DEBUG:UDPProtocol[m]: Waiting for data

[*] [2012-06-14 10:34:10,292] DEBUG:UDPProtocol[m]: ('192.168.173.1', 137) sent us '\xba\xd0\x01\x10\x00\x01\x00\x00\x00\x00\x00\x00 EDEBFDFDEJEFCNFAEDC'

[*] [2012-06-14 10:34:10,296] DEBUG:Matched UDP Rule: <class Rule Debug All -- addr:* port:* proto:* direction:* payload:* passthru:False (<rule.Debug object at 0x2c5c9d0>)>

[*] [2012-06-14 10:34:10,296] DEBUG:UDPProtocol[m]: sending data from ('192.168.173.1', 137) to ('192.168.173.255', 137)

[*] [2012-06-14 10:34:10,296] DEBUG:UDPProtocol[m]: self.getssion returned 45373

[*] [2012-06-14 10:34:10,297] DEBUG:UDPProtocol[m]: Waiting for data

[*] [2012-06-14 10:34:11,042] DEBUG:UDPProtocol[m]: ('192.168.173.1', 137) sent us '\xba\xd0\x01\x10\x00\x01\x00\x00\x00\x00\x00\x00 EDEBFDFDEJEFCNFAEDC'

[*] [2012-06-14 10:34:11,044] DEBUG:Matched UDP Rule: <class Rule Debug All -- addr:* port:* proto:* direction:* payload:* passthru:False (<rule.Debug object at 0x2c5c9d0>)>

[*] [2012-06-14 10:34:11,044] DEBUG:UDPProtocol[m]: sending data from ('192.168.173.1', 137) to ('192.168.173.255', 137)

[*] [2012-06-14 10:34:11,044] DEBUG:UDPProtocol[m]: self.getssion returned 45373

[*] [2012-06-14 10:34:11,045] DEBUG:UDPProtocol[m]: Waiting for data

[*] [2012-06-14 10:34:11,165] DEBUG:UDPProtocol[m]: ('192.168.173.1', 67) sent us '\x02\x01\x06\x004\x89\xa9:\x00\x00\x80\x00\xc0\xa8\xad\xec\xc0\xa8\xad\xec\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0c)Q'

[*] [2012-06-14 10:34:11,167] DEBUG:Matched UDP Rule: <class Rule Debug All -- addr:* port:* proto:* direction:* payload:* passthru:False (<rule.Debug object at 0x2c5c9d0>)>

[*] [2012-06-14 10:34:11,167] DEBUG:UDPProtocol[m]: sending data from ('192.168.173.1', 67) to ('255.255.255.255', 68)

[*] [2012-06-14 10:34:11,167] DEBUG:UDPProtocol[m]: self.getssion returned 0

[*] [2012-06-14 10:34:11,167] DEBUG:UDPProtocol[m]: main thrd sending data to 255.255.255.255,68

[*] [2012-06-14 10:34:11,171] DEBUG:UDPProtocol[m]: no session found for caddr ('192.168.173.1', 67). Creating one on sport=59210

[*] [2012-06-14 10:34:11,173] DEBUG:UDPProtocol[m]: Waiting for data

[*] [2012-06-14 10:34:11,173] INFO:UDPProtocol[t]: Starting receive thread for caddr=('192.168.173.1', 67)using sport=59210

[*] [2012-06-14 10:34:11,792] DEBUG:UDPProtocol[m]: ('192.168.173.1', 137) sent us '\xba\xd0\x01\x1

Reply all

Reply to author

Forward

0 new messages