Welcome to JumpBox
For details about this project, please see the doc directory which contains the original Design specification and also the SECURECOMM 2014 paper and the related presentation in PDF and PowerPoint formats.
libfutil / rendezvous
This code requires libfutil and optionally (default off) also SRI's rendezvous library.
These code libraries have to be placed in
A Debian makefile is included which depends on all the proper dependencies. Creating the package thus automatically fetches these.
Fortunately, these are available in Homebrew:
brew install pbc brew install jansson
Use the following command, which should have been also performed by homebrew installation
to ensure the Apple XCode Command Line Tools (CLT) are installed.
DJB_FORCED_* environment variables override either the preferences
as they are configured or the result retrieved from ACS and thus allows easier
testing by bypassing various components.
DJB_FORCED_HOSTNAMEdefines the hostname that we force connections to (DJB-URI)
DJB_FORCED_JUMPBOXADDRESSdefines the 'JumpBox Address' to be used for StegoTorus this can be used to bypass the DJB Proxy while being able to start from DJB.
DJB_FORCED_STEGMETHODdefines the Steg Method (json|http) to be used for StegoTorus
DJB_FORCED_SHAREDSECRETdefines the Shared Secret to be used for StegoTorus
SAFDEF_LOG_LEVELdefines the logging level (debug is very verbose).
Running with StegoTorus
Testing JumpBox with StegoTorus can be achieved by the following steps.
In Chrome/Chromium open the extensions page:
Then select 'unpack and load' and select the JumpBox plugin directory (plugin/chrome/)
or if already correctly installed, hit "Reload" to update to the current version.
export DJB_FORCED_HOSTNAME=127.0.0.1:8080 export SAFDEF_LOG_LEVEL=debug server/djb run
In Chrome/Chromium configure the Plugin by clicking on the JumpBox button and selecting "Preferences", fill in the rendezvous server and select the amount of circuits.
Then start a Stegotorus client in persist JSON mode (can also be performed from the Plugin).
./stegotorus --log-min-severity=warn chop socks --trace-packets --persist-mode 127.0.0.1:1080 127.0.0.1:6543 json
That lets StegoTorus be a SOCKS server on 127.0.0.1:1080 while connecting to JumpBox at 6543.
Then start the Stegotorus server in non-persist mode (this typically runs behind DGW):
./stegotorus --log-min-severity=warn chop server --trace-packets 192.0.2.1:443 127.0.0.1:8080 json
That lets ST accept HTP at 127.0.0.1:8080 (matching
DJB_FORCED_HOSTNAME above) and makes
it use 192.0.2.1:443 as a Tor Bridge
Configure the Tor client with:
SocksPort 9060 # local client applications (SOCKS port for WebBrowsers etc) SocksListenAddress 127.0.0.1 # accept connections only from localhost SafeLogging 0 Log info file ./info.log Log debug file ./debug.log # Where the SOCKS proxy is (StegoTorus client) Socks4Proxy 127.0.0.1:1080 # A fake Bridge line, gets overruled by StegoTorus) Bridge 127.0.0.1:9060 UseBridges 1
and start a Tor client:
bin/tor -f etc/tor/torrc
That should make things move.
Running with StegoTorus (debug)
Connections will get lost and lldb does not like those SIGPIPEs, to make it continue use:
process handle SIGUSR2 -n true -p true -s false