Welcome to JumpBox
For details about this project, please see the doc directory which contains the original Design specification and also the SECURECOMM 2014 paper and the related presentation in PDF and PowerPoint formats.
This code requires libfutil and optionally (default off) also SRI's rendezvous library.
These code libraries have to be placed in ../libfutil and ../rendezvous respectively.
A Debian makefile is included which depends on all the proper dependencies. Creating the package thus automatically fetches these.
For Rendezvous one needs the "pbc" library from Stanford's Crypto department and also the libjansson library.
Fortunately, these are available in Homebrew:
brew install pbc
brew install jansson
Use the following command, which should have been also performed by homebrew installation
xcode-select --install
to ensure the Apple XCode Command Line Tools (CLT) are installed.
The following DJB_FORCED_* environment variables override either the preferences
as they are configured or the result retrieved from ACS and thus allows easier
testing by bypassing various components.
-
DJB_FORCED_HOSTNAMEdefines the hostname that we force connections to (DJB-URI) -
DJB_FORCED_JUMPBOXADDRESSdefines the 'JumpBox Address' to be used for StegoTorus this can be used to bypass the DJB Proxy while being able to start from DJB. -
DJB_FORCED_STEGMETHODdefines the Steg Method (json|http) to be used for StegoTorus -
DJB_FORCED_SHAREDSECRETdefines the Shared Secret to be used for StegoTorus
Generic (libfutil):
SAFDEF_LOG_LEVELdefines the logging level (debug is very verbose).
Testing JumpBox with StegoTorus can be achieved by the following steps.
In Chrome/Chromium open the extensions page:
chrome://extensions
Then select 'unpack and load' and select the JumpBox plugin directory (plugin/chrome/)
or if already correctly installed, hit "Reload" to update to the current version.
Start DJB:
export DJB_FORCED_HOSTNAME=127.0.0.1:8080
export SAFDEF_LOG_LEVEL=debug
server/djb run
In Chrome/Chromium configure the Plugin by clicking on the JumpBox button and selecting "Preferences", fill in the rendezvous server and select the amount of circuits.
Then start a Stegotorus client in persist JSON mode (can also be performed from the Plugin).
./stegotorus --log-min-severity=warn chop socks --trace-packets --persist-mode 127.0.0.1:1080 127.0.0.1:6543 json
That lets StegoTorus be a SOCKS server on 127.0.0.1:1080 while connecting to JumpBox at 6543.
Then start the Stegotorus server in non-persist mode (this typically runs behind DGW):
./stegotorus --log-min-severity=warn chop server --trace-packets 192.0.2.1:443 127.0.0.1:8080 json
That lets ST accept HTP at 127.0.0.1:8080 (matching DJB_FORCED_HOSTNAME above) and makes
it use 192.0.2.1:443 as a Tor Bridge
Configure the Tor client with:
SocksPort 9060 # local client applications (SOCKS port for WebBrowsers etc)
SocksListenAddress 127.0.0.1 # accept connections only from localhost
SafeLogging 0
Log info file ./info.log
Log debug file ./debug.log
# Where the SOCKS proxy is (StegoTorus client)
Socks4Proxy 127.0.0.1:1080
# A fake Bridge line, gets overruled by StegoTorus)
Bridge 127.0.0.1:9060
UseBridges 1
and start a Tor client:
bin/tor -f etc/tor/torrc
That should make things move.
Connections will get lost and lldb does not like those SIGPIPEs, to make it continue use:
process handle SIGUSR2 -n true -p true -s false