AttainIT Technologies Blog AttainIT Technologies

This article will explain the process of reflashing a Sonoff S31 with Tasmota firmware. A quick device tear-down of the smart plug along with some simple soldering allows you to replace the firmware on the device, thereby allowing it to easily join a management system for control, monitoring, and automation.

DISCLAIMER: Electricity is dangerous and can cause personal injury or death as well as other property loss or damage if not used or constructed properly. Do not attempt any wiring of any kind if you lack the relevant knowledge and understanding required; Instead hire a qualified specialist to perform the work for you.

What is a Sonoff S31?

The S31 is a 15amp Wi-Fi smart plug with onboard power monitoring and overload protection. It tracks the real-time use of power, current, and voltage, as well as measuring electrical consumption for a specified time period. For safety purposes, it also allows maximums to be specified (power, current, or voltage) and will automatically turn off connected devices when reaching any one of the set values.

Disassembly

Disassembling the S31 is a simple process. First pop-off the dark grey end cap which will then allow the two rounded edges to slide out.

Remove the three screws which are now exposed in order to extract the back panel.

On the bottom edge of the PCB you can see a row of six solder pads. For the purposes of this article, only four will be used: VCC, GND, TX, and RX. There are actually two pairs of RX/TX pins; You will use the pair closest to the VCC pin.

FTDI USB Adapter Connections

A FTDI adapter is a USB to Serial converter which allows for a simple way to connect TTL interface devices to USB. Adapters come in a few flavors (3.3V, 5.0V, or both), so make sure you get one that supports 3.3V. In our case, we used a Moyina and set the voltage selector to 3.3V.

WARNING: Using 5V on the S31 will brick the device, double-check you are operating at 3.3V.

We also used the jumper cables which shipped with the adapter, connecting only the four pins required for reprogramming.

Four short pieces of 20AWG wire were then used to solder to the S31 board pads. When connecting to the jumper wires, ensure to cross-wire the communication lines:

VCC -> VCC
RX -> TX
TX -> RX
GND -> GND

Once the device is wired, press the power button on middle of the PCB while simultaneously plugging the USB adapter into your computer. Leave the button depressed for approximately 5 seconds to ensure the device has been placed into “programming mode.”

Reflashing the Sonoff S31 with Tasmota

Now that the device is connected and in programming mode, we will use the open-source firmware Tasmota to flash the device firmware. Tasmota is written by Theo Arends and licensed under the GNU General Public License v3.0. It features local control over MQTT as well as options for automation using timers or rules.

The web installer can be located here:

Once connected, the web installer will upload the new firmware to the S31. After the programming process has completed, disconnect the FTDI adapter from your computer, de-solder the temporary connection wires, and reassemble the S31 plug.

Joining the Network and Configuration

At this point, the device has been flashed, but has not yet been joined to your Wi-Fi network. The following steps will vary somewhat based on your local network and devices, but the process steps will remain the same.

Power on the S31 (plug it in to the wall)
Open the Wi-Fi settings on your Mobile Device/Computer
Wait until you see a Wi-Fi network that starts with tasmota and join it. For example “tasmota-acebe4”
Connect via a flavor of “Sign in to this network” prompt
You’ll be presented with a list of Wi-Fi networks, select yours and type in the password.
Take note of the IP address that you are presented with.

After the module has joined the network, you can access it via its IP address through any browser. Click the “Configuration” button and set Module Type parameters to “Sonoff S31” to allow Tasmota to know exactly what type of device it is controlling. Also click “Configure Other” and update the Device Name and Friendly Name, then click “Save.”

MQTT Configuration

MQTT is commonly used to connect smart plugs to the Home Assistant platform. Setting up a Home Assistant Installation with MQTT is outside of the scope of this article. However, if you are supporting that type of installation, below are the final steps required for the device to fully join your automated environment.

Navigate to the S31 IP address
Click “Configure MQTT” and fill in the following details:
- Host – The IP address of you MQTT instance. (starting on Tasmota 12.1.1, you can also use homeassistant.local).
- Client – This must be unique for the user. The default value will work.
- User – Use the MQTT user you previously configured
- Password – Use MQTT password you previously configured
Click Save

Static IP Address

Usually, the device does not need a static IP address. Most local networks will be behind a router and you will access the S31 via a DHCP assigned address. However, if needed, use the following steps to set a static address.

Connect to the S31 console via a browser
- http://s31-ip-address-goes-here/cs
- NOTE: see here for a full list of commands available
ipaddress1: device ip
ipaddress2: gateway
ipaddress3: network mask
ipaddress4: dns
restart 1

Consider a Label

In order to track or inventory your devices, consider printing a label and affixing it to the bottom of the device.

Building Apache Tomcat from Source

By chris

On August 27, 2022

In Java, Virtual Machines, WWW

Building Apache Tomcat from source is easy, and is the first step to building your own Tomcat mods. Comprehensive instructions are provided by Apache in the BUILDING.txt file. This article will augment those steps with screenshots and a few helper scripts to make the job a bit easier. If you haven’t already done so, provision a plain Linux virtual machine. Directions for this process can be found in this article.

What is Apache Tomcat?

If you are reading this article and do not already know the answer to this question, you are probably in the wrong place. Apache Tomcat is a web container. It is a free open source implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Annotations and Jakarta Authentication specifications. In a nutshell, Tomcat provides an HTTP web server environment for hosting Java code.

Virtual Machine Setup

As mentioned earlier, directions for creating an Ubuntu virtual machine can be found here. We will use that same process to create a standard Linux workstation with the following specifications:

OS: Ubuntu 22 LTS (although any modern version will be fine)
- Minimal installation
RAM: 4GB
Drive: 20GB

Next we install the tools needed to compile Tomcat by cloning a helper repository maintained by AttainIT Technologies.

$ cd ~
$ sudo apt install git -y
$ git clone https://github.com/AttainIT-Technologies/vm-bootstrap-ubuntu.git
$ cd tomcat-dev

Finally we run the bootstrap script which will install java and ant, as well as download the source and setup the Tomcat build directory. The setup script is small and can be viewed here.

$ ./bootstrap

At this point we have completed our workstation setup and are ready to build Apache Tomcat from source.

Building Apache Tomcat from Source

Now that we have our workstation, we can build the source. Since we cloned the default branch, we have the main branch of Tomcat (most recent updates). Depending on your needs, you could replace this code with one of the other branches for Tomcat v8.x or 9.x releases.

Compile the source by running the following commands:

$ cd $TOMCAT_SRC
$ ant

The build is a bit like jumping into a time machine, as it still uses Apache Ant for its build tool. Depending on your workstation’s horsepower, the build could take up to several minutes to complete.

Once complete, you can change into the output directory and see the results.

Looking at the build directory should look very familiar, as it is a standard Tomcat distribution as you would normally download directly from Apache.

Since our source code has been compiled into executable binaries, lets continue on and launch our web container.

Running Apache Tomcat

Before launching our server, we should first check our version:

$ ./version.sh

Buried in the results above you can see that we have built Apache Tomcat version 10.1.0-M18-dev. Launch the server by running startup:

$ ./startup.sh

Finally, open the console in a browser:

https://localhost:8080

Congratulations, you have built the latest milestone release of Apache Tomcat.

Inspecting the Apache Tomcat Source

The bootstrap script also installs a recent copy of Microsoft Visual Studio Code. Use that IDE to inspect the Tomcat source code by running the following commands:

$ cd $TOMCAT_SRC
$ code .

Zero Trust Architecture Overview

By chris

On May 12, 2022

In Cybersecurity

Zero Trust Architecture is one of the internet’s most highly overused buzzwords. At its core, it is a set of recommendations to secure an organization by:

removing implicit trust
enforcing least privileged access, and
applying continuous risk evaluation and monitoring.

NIST 800-207 formally documents the architecture. In this post we will attempt to simplify the complexity by focusing only on high-level concepts.

What is it?

In traditional security models, anything connected to an organization’s network was implicitly trusted. Not so long ago, when networks were smaller, more static, and easier to manage, this model was reliable.

Fast forward to today. Organizations now include a mix of on-premise equipment, clouds, mobile devices, IoT, and constantly evolving applications, protocols and threats. This complexity makes the old models impractical and insufficient.

As of May 2022, most major vendors are now offering products and services to support zero trust architecture. However, this is not something a single product can solve. Each vendor sells a piece of the puzzle. Every organization will have differing needs based on their attack surface, business model, and customer relationships. Implementing zero trust is as much about company’s governance and practices as it is about the technology itself. Next, we’ll focus in on the major influencing factors.

Three Pillars of Zero Trust

Frequently summarized as “never trust, always verify,” the three pillars of zero trust architecture are:

Zero Trust designs to secure modern environments by:

removing implicit network trust (and adding segmentation),
using least privilege authentication and authorization methods, and
intense monitoring and auditing.

In the next sections, we will take a brief look at each of these topics.

Never Trust A Network

Would you ever check-in to a hotel and start using the shared computer in the lobby to access your bank? Most of us would cringe at the thought, but conversely wouldn’t think twice about banking from your office computer. And yet IT staffs are continually under-staffed, under-budgeted, and over-worked. Having complete trust in your network’s security is now a luxury reserved only for the largest of companies or government agencies. And even they are fighting a losing battle against insider threats.

The current rate of cyberattacks is unprecedented, and assuming that your network is secure is dangerous. Even if you do everything right in advance (and few do), you are still vulnerable to 0-day attacks. At this point, it is simply more practical to assume your network is insecure, and move forward with planning from that perspective.

Now that we have a healthy distrust of our network, next up is to control the access to data and assets on the network.

Enforce Least Privilege Access

We need to protect high-value data and assets. To accomplish this goal, the principle of least privilege recommends that you only assign the minimum necessary rights to a subject (users, networks, systems, files, etc.) in order to function. Ideally, these restrictions should also factor in time, granting permissions only when needed and for minimal durations.

Through careful access delegation, any potential damage posed via an activity is limited, regardless of whether it is sanctioned, unsanctioned, intentional or unintentional.

Laziness often works against the principle of least privilege. Granting bulk permissions beyond the scope of the necessary rights is convenient, but can come with disastrous effects when a breach occurs.

Audit and Monitor Everything

The days of “set it and forget it” are over. Perform continuous risk evaluation and monitoring vigilantly; Without this, you have no hope of minimizing your attack surface against ever evolving threats.

A dry run is the best way to determine if your monitoring and auditing posture is sufficient; Assume a network breach. Next run through your audit logs and determine whether there is enough information to find an attacker’s footprint.

How to Trim Vector Art

By chris

On April 10, 2022

In Graphics

This article is a quick tutorial on how to trim vector art using a legacy version of Adobe Illustrator. As an example, we will focusing on trimming a portion of the AttainIT Technologies logo. We maintain the full logo as a scalable vector graphic (SVG). To generate a social media icon, we will trim the stylized letter A graphic seen below.

AttainIT Logo Letter A

Trim Vector using Adobe Illustrator

For this example we are using a legacy version of Adobe Illustrator. Mileage may vary on the location of these menu options in newer Creative Cloud editions of the software.

First open the file containing the letter A. Using the line tool, create a line above the logo where the break should occur, as seen below.

Create a Breaking Line

With the breaking line selected, choose the menu Objects | Path | Divide Objects Below.

Path Divide Objects

This action will delete the breaking line as well as trim the vector into multiple paths as seen below. If you look closely, you can see the two line breaks in light blue.

Logo with Broken Paths

Finally select the line segments that you no longer need and delete them. The end result is a stylized letter A trimmed to a smaller size.

Trimmed Logo

Use the File | Save for Web menu to save the image in Portable Network Graphics (PNG) format to allow for a transparent background.

Continue to the next section if you also need to export this modified file as an SVG.

Exporting a New SVG File

Where PNGs and JPGs are useful for small images, it is always preferable to maintain an SVG which will scale to any size. In order to export this file, we need to reduce the art board size to the dimensions of the artwork.

First select all paths by using the CTRL-A key combination on a PC (Macs will use the command key). With the paths selected, choose the File | Document Setup menu, then click the button for Edit Artboards.

Document Setup Menu

When the Edit Artboards button is pressed, a presets option will appear in the Adobe Illustrator main menu bar. Choose the Fit to Selected Art option.

We have now sized the artboard so that it only contains the selected artwork.

Resized Artboard

Finally, export the graphics using the File | Save As menu.

Send email from Spring Boot using Microsoft 365

Send Email using Spring Boot

By chris

On March 30, 2022

In Java, Spring Boot

This article is documents how to send email using Spring Boot over Microsoft 365 (formerly Office 365). Spring provides an easy to use interface called JavaMailSender that wraps the native JavaMail API. This example demonstrates sending both plain and HTML messages, as well as adding attachments.

Microsoft 365

Microsoft 365 subscriptions come with Outlook email access via browser or by native Office client applications. The Microsoft email solution (Outlook and Exchange) is ubiquitous for business users; It also offers the ability to connect from external clients for both sending and receiving messages. We will leverage this capability to send messages from a custom Java application.

JavaMailSender

Spring Boot provides this extended interface for JavaMail that supports MIME messages and completely handles session management. Messages containing attachments typically use this interface in conjunction with the MimeMessageHelper class.

Spring Boot Properties

Spring Boot pulls the mail settings from your default application.properties file (or YAML depending on your local setup). First set the properties to reference a Microsoft 365 (formerly Office 365) SMTP email host and enable security. Our GitHub repository should not contain sensitive property values, so externalize those variables.

// application.properties

spring.mail.host=smtp.office365.com
spring.mail.port=587
spring.mail.properties.mail.smtp.port=587
spring.mail.properties.mail.transport.protocol=smtps
spring.mail.properties.mail.smtp.auth=true
spring.mail.properties.mail.smtp.starttls.enable=true
spring.mail.properties.mail.smtp.starttls.required=true
spring.mail.properties.mail.smtp.ssl.enable=false
spring.mail.properties.mail.smtp.timeout=15000
spring.mail.properties.mail.smtp.connectiontimeout=15000
spring.mail.properties.mail.smtp.socketFactory.fallback=true
spring.mail.properties.mail.mail.debug=true

spring.config.import=sensitive.properties

Next add a spring.config.import statement to import sensitive.properties file, then provide the alternate file.

// sensitive.properties

spring.mail.username=my-user@mydomain.com
spring.mail.password=my-secure-password
prototype.o365.email.from=webmaster@mydomain.com
prototype.o365.email.to=destination-user@your-domain.com

Finally, to prevent sensitive.properties from finding its way to GitHub, be sure to update the .gitignore file to exclude it.

# .gitignore

### SENSITIVE PROPERTIES ###
sensitive*.properties

Send Email using Spring Boot

The final step is to craft and send your email. Use a SimpleMailMessage to send a plaintext email:

SimpleMailMessage msg = new SimpleMailMessage();
msg.setTo(emailTo);
msg.setFrom(emailFrom);
msg.setSubject("plain email at " + new Date().toString());
msg.setText("Hello World\n" + new Date().toString());

try
{
    javaMailSender.send(msg);
}
catch(MailException e)
{
    log.error("error sending plaintext email", e);
}

Use a MIME message to send HTML email content or include attachments:

MimeMessage msg = javaMailSender.createMimeMessage();
try
{
    MimeMessageHelper helper = 
        new MimeMessageHelper(msg, true);

    helper.setTo(emailTo);
    helper.setFrom(emailFrom);
    helper.setSubject("html email at " + new Date().toString());
    helper.setText("<h1>check attachment for the logo</h1>", true);

    helper.addAttachment("logo.png", 
        new ClassPathResource("logo.png"));
}
catch(MessagingException e)
{
    log.error("error preparing email", e);
}

try
{
    javaMailSender.send(msg);
}
catch(MailException e)
{
    log.error("error sending mime email", e);
}

Source Code

This article’s full source code is available on GitHub.

Installing Ubuntu on Hyper-V

By chris

On March 20, 2022

In Virtual Machines

This article will look at the steps required for installing Ubuntu on Hyper-V. We will focus on a vanilla build using Ubuntu LTS 20.04. This virtual machine could be used for a variety of purposes as-is. In later articles we will build on this simple foundation to create an open source intelligence (osint) platform for performing research on the internet with privacy. If you are interested in cybersecurity, you could follow this article to build a Kali Linux attack machine and use Ubuntu as the target.

Installation Overview

Installing Ubuntu on a Windows 10 workstation using Hyper-V involves the following steps:

Download the Ubuntu ISO image
Configure a new Hyper-V Virtual Machine
Install and Configure Ubuntu Operating System
Login to the Ubuntu Linux VM

Next we will download the operating system.

Downloading Ubuntu 20.04 LTS

Ubuntu can be downloaded from here. For this article we will be using the most recent long-term support (LTS) version available. After installation we will update and upgrade to apply the most recent security patches.

Configure a new Hyper-V Virtual Machine

If you have not done so already, please follow the Microsoft documentation for enabling Hyper-V. Run the Hyper-V application, then right-click your workstation and select “New | Virtual Machine.”

create new hyper-v vm — Creating a new Hyper-V VM

You must complete several screens of options in order to configure the VM. Several steps worth noting include:

Specify Name and Location
Specify Generation: 2
Assign Memory: 4096MB
Configure Networking: Default Switch
Connect Virtual Hard Disk: 25GB
Installation Options: configure to use the downloaded ISO image

Finally press “Finish” on the summary page to create the virtual machine.

Disable Secure Boot Option

Since we selected a second generation vm in the last section, there is one more step to complete. Open the vm settings, and uncheck the “Enable Secure Boot” option under Security. Without completing this step, the Linux OS will not boot from the ISO.

Secure Boot is a feature available with generation 2 virtual machines that helps prevent unauthorized firmware, operating systems, or Unified Extensible Firmware Interface (UEFI) drivers (also known as option ROMs) from running at boot time. Secure Boot is enabled by default.
microsoft

Install and Configure Ubuntu on Hyper-V

Right-click on the newly created VM and select Connect followed by Start. Select the option for “Install Ubuntu“.

There are several configuration screens that follow. Fortunately most steps can use default values on your own preferences. We will show the non-default values below.

For updates and other software, choose either a normal or minimal installation. Either will work, but a minimum will allow you to install only the features you need. Also be sure to check the box for installing third-party software.

For the “Who are you” page, be sure to select a username and strong password. We entered “osint” across the board because our vm was disposable. This simple scheme is not recommended for a long-living virtual machine.

After completing the setup pages, you will be prompted to restart the machine.

Configure Personal Settings

Previously you rebooted the vm and are back at a login screen. Finish out your personal settings to complete your installation of ubuntu on Hyper-V. Your settings will depend entirely on how you intend to use the vm. If you are using this as a personal workstation, feel free to configure the settings for your accounts. Since we will be updating this virtual machine in future blog articles, we will not be including any personal information.

Building a Windows 10 VM on Hyper-V

By chris

On March 19, 2022

In Virtual Machines

This article will look at the steps required for building a Windows 10 VM on Hyper-V. Love it or hate it, at some point you will find yourself needing a Windows 10 workstation. Maybe to use as a cybersecurity target, testing a new software install, or for installing business software that will not run on your favorite Linux distro. If this VM will used as a target, see our instructions on building a Kali Linux attack machine in this article on our blog.

Downloading a Windows ISO

Microsoft publishes free Windows virtual machines for testing browser compatibility. Where the intent is to offer browsers for testing, the reality is that they can be repurposed to any need. The caveat is that they are 90 day OS licenses, so don’t plan on maintaining a long-term project on these ISOs. The variants can be downloaded directly from Microsoft here.

Installing a Windows 10 VM on Hyper-V

After downloading your preferred distro in the last section, you are now ready to build the virtual machine. First start by opening the Hyper-V Manager and choosing the option to import a virtual machine.

Use the following settings to start the wizard:

Locate Folder: this will usually be your downloads folder
Select Virtual Machine: this will only have one option

The next few steps are important to making a functional vm. For the “Import Type” you should select the “Copy” option.

The next two pages of options deal with the vm destination. Mileage may vary based on your host, but most users tend to install their virtual machines on a larger secondary drive.

Finally click “Finish” on the Summary tab to kick-off the installation.

Logging In

After the virtual machine has completed installation, you can select the “Connect To” and “Start” options from the Hyper-V Manager to launch Windows. This will bring you to the login screen which requires a password.

The password is predefined in the ISO and displayed on the original download page from Microsoft. At this time of writing this blog article, the default password to your new virtual machine is “Passw0rd!”

As a final step, is always good to make sure networking is functioning properly. After a quick ping test, you are good to go…

Installing Metasploitable on Hyper-V

By chris

On February 27, 2022

In Cybersecurity, Virtual Machines

Metasploitable is an intentionally vulnerable Linux virtual machine that can be used to conduct security training, test security tools, and practice penetration testing. This article will look at the steps required for installing Metasploitable on Hyper-V.

Downloading Metasploitable

There are a number of versions available for download. We will be using the download available directly from Rapid7 found here. Note that you will need to register an email address before receiving the free download link.

Converting the Image

Metasploitable is packaged in a VMware format. We must first convert it to be Hyper-V compatible. As of 2022, there are a lot of online links to documentation using Microsoft Virtual Machine Converter for this task. Unfortunately, Microsoft abandoned that utility and it is no longer available. We will instead use the free StarWind Converter found here. First unzip the Metasploitable download; Then use the following options for the wizard and finally press “Convert”:

Local File
Provide Source Image
Local File
Microsoft Virtual Hard Disk (VHD/VHDX)
VHD Growable Image
Destination File

This conversion will generate an image which can be directly imported into Hyper-V in the next step.

Installing Metasploitable on Hyper-V

Following the previous section should result in an image ready to be installed.

In the Hyper-V application, right click and choose “Import Virtual Machines”. Use the following settings in the wizard:

Specify Name and Location
Specify Generation 1
Assign Memory 2048MB
Configure Networking: Default Switch
Connect Virtual Hard Disk: Choose Existing

For the last step in the wizard, select the VHD that you previously converted. Finally press “Finish” on the summary page to create the virtual machine.

Changing the VM Network Adapter

The virtual machine will start but will not connect to a network as configured by default. The setup process creates a network adapter which is not compatible with Metasploitable. To resolve this problem, open the virtual machine settings. First remove the default network adapter and then create a “Legacy Network Adapter” as seen in the images below.

Verifying the Metasploitable Hyper-V VM

Now that your VM is fully configured, start it from Hyper-V. Once the Linux instance has launched, the username and password are both msfadmin.

After login you can issue a ping to google to ensure that networking is working correctly.

Your VM is now complete and ready to hack. Rapid7 maintains an exploitation guide found here. Finally, read our guide on installing Kali Linux to build a VM for attacking Metasploitable.

How to Upgrade Kali Linux to 2022.1

By chris

On February 21, 2022

In Cybersecurity, Virtual Machines

In this brief article we will upgrade Kali Linux to release 2022.1. This upgrade demonstration is on a Hyper-V virtual machine. The steps, however, are not specific to Hyper-V VMs and will work on other platforms. Kali 2022.1 was released on Feburary 14th 2022 with the full release notes located here. If you would like to create a Kali VM on Hyper-V please follow the process documented here.

Verifying the Virtual Machine

Start by opening a terminal window. Then issue the following command:

grep VERSION /etc/os-release

As you can see below, we are running the previous release from 2021 and need to upgrade.

Upgrading Kali Linux to 2022.1

Start by opening a terminal window. Then issue the following commands:

$ echo "deb http://http.kali.org/kali kali-rolling main non-free contrib" | sudo tee /etc/apt/sources.list
$ sudo apt update && sudo apt -y full-upgrade
$ cp -rbi /etc/skel/. ~
$ [ -f /var/run/reboot-required ] && sudo reboot -f

If prompted, accept and details and make sure the vm reboots at the end.

Verifying the Upgrade

Start by opening a terminal window. Then issue the following command:

grep VERSION /etc/os-release

The virtual machine’s version is now up-to-date.

Using Bootstrap Icons

By chris

On February 20, 2022

In WWW

Bootstrap 5 Icons is a “free, high quality, open source icon library with over 1,600 icons.” It is provided by the same Twitter team who built Bootstrap. Since the icons are SVGs you can include them into your HTML in several different ways. This allows for flexibility to support how your project is setup. Using this library we will create a bootstrap button with icon.

Installing Icons

The icon set can be downloaded here. However, there is no need to pull in the whole package. Just copy in the icons you need for your project.

Embedding Icons as SVG

On our projects, we like to import the icons directly as SVG. The following example shows the phone-fill icon being added in a hidden block.

At this point, the icon is embedded in the page but not visible.

Creating a Bootstrap Button with Icon

Once the icon is embedded it is ready to use. Below is an example of using the embedded icon as part of a button.

<button type="submit" class="btn"><svg style="margin-right: 5px;" class="bi" width="1.5em" height="1.5em"><use xlink:href="#phone-fill"/></svg> Contact Us</button>

This will result in a very plain looking rendered button. Next we will customize the coloring for dark backgrounds.

Customizing the Bootstrap 5 Icon Color

The are a number of ways to customize the icon color, some are documented on the Bootstrap Usage page. A more direct route which offers more flexibility is to directly update the SVG path. This direct manipulation allows each path to be colored differently. Below the SVG is being updated to a white fill so it will stand out on a dark background.

<symbol id="az-sort" viewBox="0 0 16 16">
    <path fill="#ffffff" d=. . .
</symbol>

When paired with a dark button this will result in a modern and stylish button.