From b8526fe40848ec44e33af75ec426d2c8b89f43ae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Janosch=20Gr=C3=A4f?= Date: Thu, 11 Jul 2024 04:22:56 +0200 Subject: [PATCH] Basic instructions how to run the proxy --- README.md | 22 +++++++++++++++++++++- skunk-cli/src/app.rs | 5 ++++- skunk-cli/src/args.rs | 10 ++++++---- 3 files changed, 31 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 42ffbf2..415674b 100644 --- a/README.md +++ b/README.md @@ -11,9 +11,27 @@ It's useful for API reverse engineering among other things. ## Development -Useful environment variables: +### Generate root certificate + +In order for `skunk` to decrypt TLS traffic, you have to install a certificate as trusted root certificate on the device you're intercepting. + +To generate the root certificate, run `cargo run --bin skunk -- generate-cert`. `skunk` will output the location of the certificate (if you have logging set to `INFO`). + +### Build UI + +To build the UI, you'll need [`trunk`][3] and [`stylance`][4]. Then run `trunk build` (optionally with `--watch` flag) in the `skunk-ui` directory. +You do not need to use `trunk serve`, as `skunk-cli` serves the UI itself (with auto-reload support). + +### Running the proxy + +To run the proxy, run `cargo run --bin skunk -- proxy --socks --api`. + +### Useful environment variables ``` +# Set global logging level to WARN, and for skunk crates to DEBUG. +RUST_LOG=warn,skunk=debug + # Path to configuration directory. Defaults to `~/.local/feralsec/skunk`. # This can also be set using the `-c` or `--config` command-line argument. SKUNK_CONFIG=./my_test_config/ @@ -27,3 +45,5 @@ HOSTAPD_CC=US [1]: https://en.wikipedia.org/wiki/Man-in-the-middle_attack [2]: https://github.com/jgraef/skunk/issues +[3]: https://trunkrs.dev/ +[4]: https://github.com/basro/stylance-rs diff --git a/skunk-cli/src/app.rs b/skunk-cli/src/app.rs index b60d561..0b6a9ad 100644 --- a/skunk-cli/src/app.rs +++ b/skunk-cli/src/app.rs @@ -65,7 +65,7 @@ impl App { /// Runs the given command-line command. pub async fn run(&mut self, command: Command) -> Result<(), Error> { match command { - Command::Ca { force } => { + Command::GenerateCert { force } => { self.generate_ca(force).await?; } Command::Proxy(args) => { @@ -161,6 +161,7 @@ impl App { // [`Connect`][skunk::connect::Connect] (i.e. // [`ConnectTcp`][skunk::connect::ConnectTcp]) is used. let mut listener = args.socks.builder()?.listen().await?; + tracing::info!("SOCKS server listening on: {}", args.socks.bind_address); let mut join_set = JoinSet::default(); @@ -239,6 +240,8 @@ impl App { .fallback_service(serve_ui); let listener = tokio::net::TcpListener::bind(args.api.bind_address).await?; + tracing::info!(bind_address = ?args.api.bind_address, "UI and API being served at: http://{}", args.api.bind_address); + axum::serve(listener, router) .with_graceful_shutdown(shutdown.cancelled_owned()) .await?; diff --git a/skunk-cli/src/args.rs b/skunk-cli/src/args.rs index bca04fb..99b56ed 100644 --- a/skunk-cli/src/args.rs +++ b/skunk-cli/src/args.rs @@ -59,7 +59,7 @@ impl Args { pub enum Command { /// Generates key and root certificate for the certificate authority used to /// intercept TLS traffic. - Ca { + GenerateCert { /// Overwrite existing files. #[clap(short, long)] force: bool, @@ -116,11 +116,13 @@ pub struct SocksArgs { } impl SocksArgs { - pub fn builder(self) -> Result { + pub fn builder(&self) -> Result { let mut builder = socks::Builder::default().with_bind_address(self.bind_address); - match (self.username, self.password) { - (Some(username), Some(password)) => builder = builder.with_password(username, password), + match (&self.username, &self.password) { + (Some(username), Some(password)) => { + builder = builder.with_password(username.clone(), password.clone()) + } (None, None) => {} _ => bail!("Either both username and password or neither must be specified"), }