PbProxy Documentation
Prerequisites
- JDK 1.6
- Apache ant > 1.7
JVM configuration for HTTPS support
In order to support HTTPS interception, you need to customize the JVM to enable strong cryptographic support. Following the instructions listed by executing the following:
ant patchJVM
Building
We assume pb was checked out into a users home directory.
cd ~/pb/pb ant
Static Configuration
TODO: describe pb.properties file
Starting
=== Under Unix===
To start:
cd ~/pb/pb ant start
To stop:
cd ~/pb/pb ant stop
MS-Windows Under Cygwin
First, make sure that the CYGWIN environment variable is set to something, e.g.,
export CYGWIN="ntsec tty"
To start:
cd ~/pb/jetty ./start
To stop:
cd ~/pb/jetty ./stop
MS-Windows Under CMD
To start:
cd ~/pb/jetty start.bat
To stop, use the task manager to kill the java process.
Runtime Configuration
Access https://127.0.0.1:9444 to get access to the administration console.
Plugins
TODO
Regenerating PhishBouncer CA certificate
Follow these steps on a Unix platform with a JDK 1.6 install that has bouncy castle added as a JCE provider.
To add bounce castle to the JDK install, add the following to JRE_HOME/lib/security/java.security
security.provider.5=org.bouncycastle.jce.provider.BouncyCastleProvider
Next, copy pb/redist/bcprov-jdk16-*.jar to ${JRE_HOME}/lib/ext
Finally, make sure you download the unlimited strength policy files from java.sun.com and place them into ${JRE_HOME}jre_home/lib/security.
To generate the CA's keystore (PB_CA.bks and PB_CA.jks) and the pb.crt file for import into browsers, call
> cd jetty/etc > ./runCACertGenerator
You can now import jett/etc/pb.crt into your browser (firefox).
Regenerating Admin Page certificate
To generate the SSL site certificate for the Admin console, call
> cd jetty/etc > ./runAdminCertGenerator
Presentations
Papers
- November 2009: Poster on PbProxy? and Its Applications (source:trunk/docs/CATCH_Poster.pdf])
- November 2009: PbProxy? on one slide (source:trunk/docs/PbProxyMiddleware.pdf])
- NCA 09
- CrossTalk 08
