Learn, hack!

URL

https://media.blackhat.com/bh-us-10/presentations/Umadas_Alleny/BlackHat-USA-2010-Umadas-Allen-Network-Stream_Debugging-with-Mallory-slides.pdf

File name

BlackHat-USA-2010-Umadas-Allen-Network-Stream_Debugging-with-Mallory-slides.pdf

File size

3.3 MB

MD5

744b1651e0b2fac2b4d6e6ade11ff951

SHA1

34b25575cd20b5729709964477fe438b1800b9da

Using the same techniques that governments use to surreptitiously read private email and SSL encrypted traffic, you can easily find more bugs in all types of client and server apps! Sometimes the easiest way to quickly understand a client, a server, or just the protocol they use to communicate with, is to become the "man in the middle." Many client side proxies - such as Burp, Paros, and WebScarab - already exist to let you tamper with HTTP and proxy aware clients. But sometimes your client might not be proxy aware, nor your protocol as simple as HTTP or HTTPS. What to do? You can start with Wireshark, but be limited to viewing traffic on the wire and not tampering with it. You can debug the client or server, which can be effective, but also time consuming. Or you can try becoming the "man in the middle" with tools like Ettercap, or the Middler, which might work - but might also fail. Or you can use our new tool, named Mallory. Mallory is a MITM capable of intercepting any TCP or UDP base network stream. Why is Mallory different? Well first of all, you don't need to configure it. Just turn her on, and she starts intercepting traffic. Mallory is designed to be an undetectable, transparent proxy, capable of intercepting any known or unknown application protocol, just like those super-duper SSL MITM devices documented in the "Certified Lies" paper. The same techniques that allow over bearing governments to snoop on private email, we've been using to easily own up tons of mobile applications running on arbitrary platforms. And did we mention how much fun it is to MITM SSH?