Brief Intro to Mallory

MiTM(Man in The Middle) is a good way analysing protocols, especially when there’s an SSL.
To analyse HTTP/HTTPS protocol, we have Charles Proxy. Posts on my blog can be found (there’s another MiTM proxy, ‘mitmproxy’, and, will try later.)
For others, mallory is recommended.


Mallory is an extensible TCP/UDP man in the middle proxy that is designed to be run as a gateway. Unlike other tools of its kind, Mallory supports modifying non-standard protocols on the fly.

We have mallory from and


I’m using a Ubuntu 13.10 x86_64 virtual machine.

Just do not use brought by mallory.
Let’s install it manually instead.

Open a terminal/shell:


Let’s run in GUI mode.
Here we need another terminal/shell (do not forget the desktop :P)

Terminal 1:

Terminal 2:

If you see this photo, just check if you are running as root
see more below in the ‘Trouble Shooting’ section.

Here is what it likes:


After these, set up a PPTP server following Notes: PPTP/L2TP Server on Ubuntu, as the PPTP is the ‘easiest’ way for our MiTM study, said by mallory:

The goal is to man in the middle traffic for testing purposes. The ideal
setup for Mallory is to have a “LAN” or “Victim” network that mallory
acts as the gateway for.

Option 1: PPTP:
The easiest and quickest way to get up and going is to setup a pptp
server and have victims log into it. This works great with mobile devices
as most of them support a PPTP VPN client.

I tried to analyse Xunlei’s iOS client, which I tried Charles Proxy, some requests were not recorded.
Then the mallory with default settings, requests are all recorded, only Application Layer packets of TCP are found in ‘Streams’ tab, and the HTTP POST body is not full recorded which makes the Send/Auto Send fails.

Trouble Shooting

If you don’t have running when trying to launch GUI, error like below will be raised.

If you don’t have mallory running under root, you may see these:

You may also see these messages:

as there’s a library = cdll.LoadLibrary(“”) hardcoded in pynetfilter_conntrack-0.4.2-py2.7.egg/pynetfilter_conntrack/
To fix this, do:

Brief Intro to Mallory by @sskaje:

Incoming search terms: