Basic instructions how to run the proxy

README.md

@@ -11,9 +11,27 @@ It's useful for API reverse engineering among other things.
 
 ## Development
 
-Useful environment variables:
+### Generate root certificate
+
+In order for `skunk` to decrypt TLS traffic, you have to install a certificate as trusted root certificate on the device you're intercepting.
+
+To generate the root certificate, run `cargo run --bin skunk -- generate-cert`. `skunk` will output the location of the certificate (if you have logging set to `INFO`).
+
+### Build UI
+
+To build the UI, you'll need [`trunk`][3] and [`stylance`][4]. Then run `trunk build` (optionally with `--watch` flag) in the `skunk-ui` directory.
+You do not need to use `trunk serve`, as `skunk-cli` serves the UI itself (with auto-reload support).
+
+### Running the proxy
+
+To run the proxy, run `cargo run --bin skunk -- proxy --socks --api`.
+
+### Useful environment variables
 
 ```
+# Set global logging level to WARN, and for skunk crates to DEBUG.
+RUST_LOG=warn,skunk=debug
+
 # Path to configuration directory. Defaults to `~/.local/feralsec/skunk`.
 # This can also be set using the `-c` or `--config` command-line argument.
 SKUNK_CONFIG=./my_test_config/
@@ -27,3 +45,5 @@ HOSTAPD_CC=US
 
 [1]: https://en.wikipedia.org/wiki/Man-in-the-middle_attack
 [2]: https://github.com/jgraef/skunk/issues
+[3]: https://trunkrs.dev/
+[4]: https://github.com/basro/stylance-rs

skunk-cli/src/app.rs

@@ -65,7 +65,7 @@ impl App {
     /// Runs the given command-line command.
     pub async fn run(&mut self, command: Command) -> Result<(), Error> {
         match command {
-            Command::Ca { force } => {
+            Command::GenerateCert { force } => {
                 self.generate_ca(force).await?;
             }
             Command::Proxy(args) => {
@@ -161,6 +161,7 @@ impl App {
                 // [`Connect`][skunk::connect::Connect] (i.e.
                 // [`ConnectTcp`][skunk::connect::ConnectTcp]) is used.
                 let mut listener = args.socks.builder()?.listen().await?;
+                tracing::info!("SOCKS server listening on: {}", args.socks.bind_address);
 
                 let mut join_set = JoinSet::default();
 
@@ -239,6 +240,8 @@ impl App {
                     .fallback_service(serve_ui);
 
                 let listener = tokio::net::TcpListener::bind(args.api.bind_address).await?;
+                tracing::info!(bind_address = ?args.api.bind_address, "UI and API being served at: http://{}", args.api.bind_address);
+
                 axum::serve(listener, router)
                     .with_graceful_shutdown(shutdown.cancelled_owned())
                     .await?;

skunk-cli/src/args.rs

@@ -59,7 +59,7 @@ impl Args {
 pub enum Command {
     /// Generates key and root certificate for the certificate authority used to
     /// intercept TLS traffic.
-    Ca {
+    GenerateCert {
         /// Overwrite existing files.
         #[clap(short, long)]
         force: bool,
@@ -116,11 +116,13 @@ pub struct SocksArgs {
 }
 
 impl SocksArgs {
-    pub fn builder(self) -> Result<socks::Builder, Error> {
+    pub fn builder(&self) -> Result<socks::Builder, Error> {
         let mut builder = socks::Builder::default().with_bind_address(self.bind_address);
 
-        match (self.username, self.password) {
-            (Some(username), Some(password)) => builder = builder.with_password(username, password),
+        match (&self.username, &self.password) {
+            (Some(username), Some(password)) => {
+                builder = builder.with_password(username.clone(), password.clone())
+            }
             (None, None) => {}
             _ => bail!("Either both username and password or neither must be specified"),
         }