Using a proxy with NodeZero
If your organization utilizes a proxy for external traffic you will need to setup your NodeZero host to make use of that proxy in order to reach the NodeZero infrastructure. With these changes in place all traffic between the NodeZero container and cloud infrastructure will use the proxy and internal traffic will not.
Recommended If using the NodeZero OVA there is the built in n0 utility can assist with setting up the proxy.
If running your own NodeZero host, steps are outlined for setting a proxy on an Ubuntu OS, all other OS's may or may not have similar setups for configuring a proxy.
Configure a network proxy on the NodeZero OVA
Socks Proxies
Socks type proxies are not supported with NodeZero, Please use HTTP/HTTPS proxies only
To use NodeZero with a proxy download and configure the NodeZero Host VM (OVA) located at Downloads.
The NodeZero host VM (OVA) comes with n0 a utility script that helps with management of the system.
To setup a proxy with n0, start by entering n0 into the command prompt and entering option 4. In the example shown the proxy server is setup on 10.0.0.1:8888 with no authentication.
For Changes To Take Effect
After setting the proxy, the user must logout and back in before the changes takes effect.
The NodeZero OVA host is now set up to utilize a proxy for your NodeZero pentests.
Manually configure a network proxy on non-OVA host
We officially support Ubuntu as the NodeZero host, and steps for Ubuntu are described below. Other versions of Linux may also work, but the configuration steps may vary. This guide also assumes all prerequisite libraries have been installed such as docker.
Proxy Format
Ensure the proxy is formatted as follows: https://username:password@proxy-web-or-IP-address:port-number
There are 4 files that need to be updated in order to support a proxy and NodeZero
/etc/environment
/etc/docker/daemon.json
/etc/systemd/system/docker.service.d/http-proxy.conf
~/.docker/config.json
Configure /etc/environment
This sets the env variables for your shell environment. Make the proxy available in the shell interface by adding the following to /etc/environment
HTTP_PROXY="your proxy settings"
HTTPS_PROXY="your proxy settings"
NO_PROXY="localhost,127.0.0.1,::1,172.17.0.0/16"
http_proxy="your proxy settings"
https_proxy="your proxy settings"
no_proxy="localhost,127.0.0.1,::1,172.17.0.0/16"
Configure /etc/docker/daemon.json
Create and fill out /etc/docker/daemon.json
sudo vim /etc/docker/daemon.json
/etc/docker/daemon.json should look like the following.
{
"proxies": {
"http-proxy": "your proxy settings",
"https-proxy": "your proxy settings",
"no-proxy": "localhost,127.0.0.1,::1,172.16.0.0/16,10.0.0.0/8,192.168.0.0/16"
}
}
Configure /etc/systemd/system/docker.service.d/http-proxy.conf
Create and fill out /etc/systemd/system/docker.service.d/http-proxy.conf
sudo mkdir -p /etc/systemd/system/docker.service.d
sudo vim /etc/systemd/system/docker.service.d/http-proxy.conf
The contents of http-proxy.conf should look like the following.
[Service]
Environment="HTTP_PROXY=your proxy settings"
Environment="HTTPS_PROXY=your proxy settings"
Environment="NO_PROXY=localhost,127.0.0.1,::1,172.17.0.0/16"
Environment="http_proxy=your proxy settings"
Environment="https_proxy=your proxy settings"
Environment="no_proxy=localhost,127.0.0.1,::1,172.17.0.0/16"
Reload and restart the docker service.
sudo systemctl daemon-reload
sudo systemctl restart docker
Configure ~/.docker/config.json
Setup the config.json in the local .docker directory.
Running as root?
If running nodezero from root change the directory that is modified to /root/.docker/config.json
The following command will create the necessary directory and file if it is not present and make the current $USER the owner.
mkdir -p ~/.docker && touch ~/.docker/config.json
sudo chown -R $USER:$USER ~/.docker
Fill out ~/.docker/config.json by adding
{
"proxies": {
"default": {
"httpProxy": "your proxy setting",
"httpsProxy": "your proxy setting",
"noProxy":"localhost,127.0.0.1,::1,172.16.0.0/16,10.0.0.0/8,192.168.0.0/16"
}
}
}
The NodeZero host is now configured to use a proxy with NodeZero.