Mallory is More than a Proxy
Raj Umadas and Mike Zusman of Intrepidus Group gave an amazing talk on Mallory last night at the Philadelphia OWASP chapter meeting. At first glance Mallory seems like a simple tool, just a proxy application that sits on the wire. Closer inspection, however, reveals that Mallory offers functionality above and beyond traditional tools for packet inspection. Mallory looks like an exceptional tool that could be a valuable part of any software security assessor's toolkit. The ability of Mallory to pause, tamper, and play data makes it especially effective for monkeying with black box applications, but it also makes for a really fun tool!
Raj Umadas and Mike Zusman of Intrepidus Group gave an amazing talk on Mallory last night at the Philadelphia OWASP chapter meeting. At first glance Mallory seems like a simple tool, just a proxy application that sits on the wire. Closer inspection, however, reveals that Mallory offers exceptional functionality above and beyond traditional tools for packet inspection. The presentation was framed as strategies for inspecting mobile applications, and Mallory's uses for this purpose were quite clear, but I felt that limiting Mallory to a discussion of mobile app assessment sold the product short.