Install essential build tools
apt update && apt -y install git cmake Cone repo including submodules (this will get latest master version)
git clone https://github.com/astibal/smithproxy.git --depth 1 --recurse-submodulesRun utility build scripts
cd smithproxy && ./tools/linux-deps.sh && ./tools/linux-build.sh# download SCT logs (Certificate Transparency)
sx_download_ctlog
# interactive CA generator script (say Y to first question)
sx_regencerts
# enable services, restart them
systemctl enable sx-network@default
systemctl enable sx-core@default
systemctl restart sx-network@default
systemctl restart sx-core@defaultsx_cliYou will get:
root@sx-host:/smithproxy# sx_cli
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
--==[ Smithproxy command line utility ]==--
smithproxy(sx-host)>
Gain enable (privileged access), see config and diag possibilities
smithproxy(sx-host)> enable
smithproxy(sx-host)# config term
smithproxy(sx-host) (config)# edit ?
settings - edit settings
debug - edit debug
proto_objects - edit proto_objects
address_objects - edit address_objects
port_objects - edit port_objects
detection_profiles - edit detection_profiles
content_profiles - edit content_profiles
tls_profiles - edit tls_profiles
auth_profiles - edit auth_profiles
alg_dns_profiles - edit alg_dns_profiles
routing - edit routing
captures - edit captures
policy - edit policy
starttls_signatures - edit starttls_signatures
detection_signatures - edit detection_signatures
CLI is quite powerful, you can do vast majority changes there.
Only very limited set of changes requiresx-core@defaultrestart.
smithproxy(sx-host)# diag proxy
policy proxy policy commands
session proxy session commands
io proxy I/O related commands
Please don't forget to read also final Notes section!
We don't want to be intrusive. Allow connecting to everything, and don't replace content if there is a problem.
Also, log SSLKEYLOG to /var/log/smithproxy/sslkeylog.default.log (optional).
configure terminal
edit tls_profiles
edit default
set allow_untrusted_issuers true
set allow_invalid_certs true
set allow_self_signed true
set ct_enable false
set failed_certcheck_replacement false
set sslkeylog true
end
end
exit
save config
Enable and customize global capturing options.
Most convenient is to use GRE and send traffic from sx-host to your workstation (ie. running wireshark).
There is also an option to save files locally, but once you try remote GRE, you will not use it :)
configure terminal
edit captures
edit remote
set tun_dst <replace with your workstation IP>
set tun_ttl 16
set enabled true
end
end
exit
Content profile default is used in pre-installed policies.
Important note: only policies using this content_profile will capture traffic.
configure terminal
edit content_profiles
edit default
set write_payload true
end
end
exit
save config
-
File locations
/etc/smithproxy/- all configurations
/var/smithproxy/- local capture files (bit nonstandard directory, sorry)
/var/log/smithproxy/- log files, includingSSLKEYLOG -
Not all traffic routed via
sx-hostis diverted tosmithproxy.
By default, only traffic from interfaces not having default route associated are diverted.
This can be changed insmithproxy.startup.cfg. (requiressx-network@defaultrestart).
# SMITH_INTERFACE='-' # '-' : enable on downlink interfaces (without default route applied)
# '*' : enable on ALL interfaces