Researcher Rogan Dawes demonstrates protocol interception tool at Black Hat Asia

A tool for creating proxies for arbitrary protocols was demonstrated at Black Hat Asia in Singapore earlier today.

The framework, called Mallet, was presented by Rogan Dawes of SensePost, who developed the tool to make it easier for users to intercept less-common protocols.

Mallet is built on the Netty framework and is similar to more familiar intercepting proxies, such as Burp Suite and Zap, in that it allows the user to both view and modify traffic passing through it.

The main difference is that it supports arbitrary protocols beyond HTTP and WebSockets, such as MQTT and COAP, which are increasingly being used in IoT devices.

“Mallet is not the first tool of its kind,” Dawes told The Daily Swig.

“Prior art includes tools such as Martin Holst Swende’s HatKit Proxy built using the OWASP Proxy library that I wrote around 2008, and Intrepidus Group’s Mallory, which was released in 2010. But the common thread with the existing tools is that they have been hard to use and have limited protocol support.

“Mallory, for instance, required running a virtual machine, and messing around with routing tables to get traffic into Mallory. It also only supported HTTP, SSL, SSH, and DNS protocols.”

Mallet is designed to be easily customizable, so that the user can implement their intended protocol, which is made possible thanks to the existing implementations provided by the Netty Project.

“It is intended to provide the tooling and infrastructure that any intercepting proxy requires, such as a listening socket for receiving inbound connections, and a user interface for viewing and manipulating the data flowing through it,” Dawes said.

The primary repository of the open source tool can be found under the SensePost umbrella on GitHub.

“I have stood upon the shoulders of giants to get where I am, from Nmap to Nessus and a myriad of other projects,” he said, discussing his decision to make Mallet open source.

“This is my small contribution.”