Switch branches/tags
Clone or download
Latest commit 0284639 Oct 28, 2017
Failed to load latest commit information.
cmd fix Oct 26, 2017
.gitignore Initial commit Apr 11, 2014
.travis.yml only for tip Mar 8, 2016
LICENSE Initial commit Apr 11, 2014
README.md Update README.md Aug 23, 2015
beautify.go refactor to 2.0 Apr 7, 2015
config.go add reproxy after direct dial timeout Dec 2, 2016
direct.go fix wait deadlock Oct 28, 2017
http.go update Feb 21, 2016
logger.go fix Apr 7, 2015
mallory.json update list Apr 10, 2015
server.go add reproxy after direct dial timeout Dec 2, 2016
singleflight.go update Feb 21, 2016
ssh.go fix(ssh): set HostKeyCallback to nil Jul 25, 2017



HTTP/HTTPS proxy over SSH.


  • Local machine: go get github.com/justmao945/mallory/cmd/mallory
  • Remote server: need our old friend sshd


Config file

Default path is $HOME/.config/mallory.json, can be set when start program

mallory -config path/to/config.json


  • id_rsa is the path to our private key file, can be generated by ssh-keygen
  • local_smart is the local address to serve HTTP proxy with smart detection of destination host
  • local_normal is similar to local_smart but send all traffic through remote SSH server without destination host detection
  • remote is the remote address of SSH server
  • blocked is a list of domains that need use proxy, any other domains will connect to their server directly
  "id_rsa": "$HOME/.ssh/id_rsa",
  "local_smart": ":1315",
  "local_normal": ":1316",
  "remote": "ssh://user@vm.me:22",
  "blocked": [

Blocked list in config file will be reloaded automatically when updated, and you can do it manually:

# send signal to reload
kill -USR2 <pid of mallory>

# or use reload command by sending http request
mallory -reload

System config

  • Set both HTTP and HTTPS proxy to localhost with port 1315 to use with block list
  • Set env var http_proxy and https_proxy to localhost:1316 for terminal usage

Get the right suffix name for a domain

mallory -suffix www.google.com

A simple command to forward all traffic for the given port

# install it: go get github.com/justmao945/mallory/cmd/forward

# all traffic through port 20022 will be forwarded to destination.com:22
forward -network tcp -listen :20022 -forward destination.com:22

# you can ssh to destination:22 through localhost:20022
ssh root@localhost -p 20022


  • return http error when unable to dial
  • add host to list automatically when unable to dial
  • support multiple remote servers