Skip to content

Using a proxy with NodeZero

If your organization utilizes a proxy for external traffic you will need to setup your NodeZero host to make use of that proxy in order to reach the NodeZero infrastructure. With these changes in place all traffic between the NodeZero container and cloud infrastructure will use the proxy and internal traffic will not.

Recommended If using the NodeZero OVA there is the built in n0 utility can assist with setting up the proxy.

If running your own NodeZero host, steps are outlined for setting a proxy on an Ubuntu OS, all other OS's may or may not have similar setups for configuring a proxy.

Configure a network proxy on the NodeZero OVA

Socks Proxies

Socks type proxies are not supported with NodeZero, Please use HTTP/HTTPS proxies only

To use NodeZero with a proxy download and configure the NodeZero Host VM (OVA) located at Downloads.

The NodeZero host VM (OVA) comes with n0 a utility script that helps with management of the system. To setup a proxy with n0, start by entering n0 into the command prompt and entering option 4. In the example shown the proxy server is setup on 10.0.0.1:8888 with no authentication.

Screenshot

For Changes To Take Effect

After setting the proxy, the user must logout and back in before the changes takes effect.

The NodeZero OVA host is now set up to utilize a proxy for your NodeZero pentests.

Manually configure a network proxy on non-OVA host

We officially support Ubuntu as the NodeZero host, and steps for Ubuntu are described below. Other versions of Linux may also work, but the configuration steps may vary. This guide also assumes all prerequisite libraries have been installed such as docker.

Proxy Format

Ensure the proxy is formatted as follows: https://username:password@proxy-web-or-IP-address:port-number

There are 4 files that need to be updated in order to support a proxy and NodeZero

/etc/environment
/etc/docker/daemon.json
/etc/systemd/system/docker.service.d/http-proxy.conf
~/.docker/config.json

Configure /etc/environment

This sets the env variables for your shell environment. Make the proxy available in the shell interface by adding the following to /etc/environment

HTTP_PROXY="your proxy settings"
HTTPS_PROXY="your proxy settings"
NO_PROXY="localhost,127.0.0.1,::1,172.17.0.0/16"
http_proxy="your proxy settings"
https_proxy="your proxy settings"
no_proxy="localhost,127.0.0.1,::1,172.17.0.0/16"

Configure /etc/docker/daemon.json

Create and fill out /etc/docker/daemon.json

sudo vim /etc/docker/daemon.json
The contents of /etc/docker/daemon.json should look like the following.
{
    "proxies": {
        "http-proxy": "your proxy settings",
        "https-proxy": "your proxy settings",
        "no-proxy": "localhost,127.0.0.1,::1,172.16.0.0/16,10.0.0.0/8,192.168.0.0/16"
    }
}

Configure /etc/systemd/system/docker.service.d/http-proxy.conf

Create and fill out /etc/systemd/system/docker.service.d/http-proxy.conf

sudo mkdir -p /etc/systemd/system/docker.service.d
sudo vim /etc/systemd/system/docker.service.d/http-proxy.conf

The contents of http-proxy.conf should look like the following.

[Service]

Environment="HTTP_PROXY=your proxy settings"
Environment="HTTPS_PROXY=your proxy settings"
Environment="NO_PROXY=localhost,127.0.0.1,::1,172.17.0.0/16"
Environment="http_proxy=your proxy settings"
Environment="https_proxy=your proxy settings"
Environment="no_proxy=localhost,127.0.0.1,::1,172.17.0.0/16"

Reload and restart the docker service.

sudo systemctl daemon-reload
sudo systemctl restart docker

Configure ~/.docker/config.json

Setup the config.json in the local .docker directory.

Running as root?

If running nodezero from root change the directory that is modified to /root/.docker/config.json

The following command will create the necessary directory and file if it is not present and make the current $USER the owner.

mkdir -p ~/.docker && touch ~/.docker/config.json
sudo chown -R $USER:$USER ~/.docker

Fill out ~/.docker/config.json by adding

{
    "proxies": {
        "default": {
            "httpProxy": "your proxy setting",
            "httpsProxy": "your proxy setting",
            "noProxy":"localhost,127.0.0.1,::1,172.16.0.0/16,10.0.0.0/8,192.168.0.0/16"
        }
    }
}

The NodeZero host is now configured to use a proxy with NodeZero.