There have been many attempts at making a generic intercepting proxy. Few have actually gained any traction, and become pervasively useful. This may be for many reasons, but I believe that amongst them are the following:
It is too difficult to understand what the tool is doing at a low levelI
t is too difficult to customise the tool to focus on your specific need
Trying to wedge a TCP connection into an HTTP proxy (e.g. Burp extensions for TCP proxying)
Existing tools have fallen out of maintenance (possibly due to lack of uptake!)
In this talk, I will focus on a new open-source intercepting proxy named Mallet, based on the mature and high-performance Netty framework, that wraps it with a drag and drop graph-based graphical user interface and a datastore. In doing so, we gain access to an existing library of protocol implementations, including TLS (and SNI), various compression algorithms, HTTP, HTTP/2, MQTT, REDIS, and many others, and most important, an existing community of developers creating new protocol decoders and encoders, and the associated body of knowledge in this area.
The Mallet user interface closely follows the Netty model, making it simple to construct a pipeline of encoders and decoders by dragging existing codecs, or adding your own codecs or script blocks to a palette, taking the researcher from a simple TCP intercept-and-forward proxy, to a full-blown protocol stack with scriptable processing, with every change being recorded for review and replay in a subsequent connection.
One of the biggest challenges of an arbitrary proxy is dealing with timeouts. Mallet addresses this by making it easy to script the modifications desired, reducing the necessity to hold a message for manual modifications. Of course, if the protocol is not subject to short timeouts, manual editing is entirely possible.
As Netty supports a variety of transports, from the common TCP and UDP to SCTP, Serial Port and File, as well as native kqueue and epoll transports, Mallet can be used to intercept all sorts of data, however you may find it.
A significantly updated tool will be released at HITB2018AMS that I have been working on in private since the last public update.