0xb00b5/0xb00b5-packmate
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5703a7230dc9d62bea2287b2c482212cec93ef0e
0xb00b5-packmate/docs/SETUP_EN.md

3.2 KiB
Raw Blame History

Setup

0xb00b5 team Packmate uses properties from the .env file (in the same directory as docker-compose.yml)

Primary settings

# Local IP of a server on which the traffic in directed. Used to tell incoming packets from outgoing.
PACKMATE_LOCAL_IP=10.20.1.1
# Username for the web interface
PACKMATE_WEB_LOGIN=SomeUser
# Password for the web interface
PACKMATE_WEB_PASSWORD=SomeSecurePassword
# Enable decoy flow for admin:admin login
PACKMATE_FAKE_ADMIN_ENABLED=true
# fun or fake_packets - pick the decoy flavor
PACKMATE_FAKE_ADMIN_MODE=fun

Modes of operation

0xb00b5 team Packmate supports 3 modes of operation: LIVE, FILE и VIEW.

  1. LIVE - the usual mode during a CTF. 0xb00b5 team Packmate processes live traffic and instantly displays the results.
  2. FILE - processes traffic from pcap files. Useful to analyze traffic from past CTFs where 0xb00b5 team Packmate wasn't launched, or CTFs where it's impossible to use it on the vulnbox.
  3. VIEW - 0xb00b5 team Packmate does not process any traffic, but simply shows already processed streams. Useful for post-game analyses.
LIVE setup

Set the interface through which the game traffic passes. IP address from PACKMATE_LOCAL_IP should be bound to the same interface.

# Mode: capturing
PACKMATE_MODE=LIVE
# Interface to capture on
PACKMATE_INTERFACE=game
FILE setup

Set the name of the pcap file in the pcaps directory. After the startup, in the web interface, you will see the button that activates the file processing. It's important that by this moment all services and patterns are already created (see Usage).

# Mode: pcap file anysis
PACKMATE_MODE=FILE
# Path to pcap file in the pcaps directory
PACKMATE_PCAP_FILE=dump.pcap
VIEW setup

In that mode, 0xb00b5 team Packmate simply shows already existing data.

# Mode: viewing the data
PACKMATE_MODE=VIEW

Database cleanup

On large CTFsб after some time a lot of traffic will pile up. This can slow 0xb00b5 team Packmate down and take a lot of drive space.

To optimize the workflow, it is recommended to enable periodical database cleanup of old streams. It will only work in the LIVE mode.

PACKMATE_OLD_STREAMS_CLEANUP_ENABLED=true
# Old streams removal interval (in minutes).
# It's better to use small numbers so the streams are removed in small chunks and don't overload the server.
PACKMATE_OLD_STREAMS_CLEANUP_INTERVAL=1
# How old the stream must be to be removed (in minutes before current time)
PACKMATE_OLD_STREAMS_CLEANUP_THRESHOLD=240

Additional settings

# Database password. Considering it only listens on localhost, it's not mandatory to change it, but you can do it for additional security.
PACKMATE_DB_PASSWORD=K604YnL3G1hp2RDkCZNjGpxbyNpNHTRb
# 0xb00b5 team Packmate version. Change it if you want to use a different version from the docker registry.
BUILD_TAG=latest

To use the TLS decryption, you have to put the matching private key in the rsa_keys directory.

Database files are being saved in ./data, so to reset the database, you need to delete this directory.

Reference in New Issue View Git Blame Copy Permalink