README
¶
docker 测试环境 - 自动化代理方案
我们希望能够通过一个统一的域名,来访问所有的容器,比如
- discuz72.docker.openrasp.com
- activemq50.docker.openrasp.com
- ...
市面上常用的方案,是通过不同的子网IP来访问,需要修改本机 DNS 服务器地址,感觉不太安全。这个项目采用了一个新的方案,即使用修改过的 socks5 代理,根据子域名来实现自动化的请求转发。
比如,我们目前运行着如下镜像:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3be0ad27deaf openrasp/tomcat7.0 "/bin/bash /root/sta…" 37 minutes ago Up 37 minutes 80/tcp, 10001/tcp nervous_colden
8c96b0486f4b openrasp/joomla:3.8.3 "/bin/bash /root/sta…" About an hour ago Up About an hour 80/tcp vigilant_wozniak
4f5968e8da6d openrasp/php5.4 "/bin/bash /root/sta…" 2 hours ago Up 2 hours 80/tcp cranky_mccarthy
当你访问 nervous_colden.192.168.154.200.xip.io 时,这个代理服务会提取你的目标镜像名,即 nervous_colden。然后调用 docker HTTP API 查询这个名字对应的IP。如果查到了,就修改 socks5 请求,让你的请求转发到这个IP去。转发的事后不修改你的目标端口,这样就可以实现全端口的转发。
为了实现这个,我们需要一个简单的管理界面(3081 端口),以及 socks5 代理服务(3080 端口),具体请看 golang 代码。
使用方法
假设虚拟机的 IP 为 192.168.154.200,你需要按照如下步骤使用本代理服务
-
在虚拟机里安装 docker,并设置监听端口为
127.0.0.1:2375,e.gExecStart=/usr/bin/dockerd -H fd:// -H tcp://0.0.0.0:2375 -
启动一些你需要的镜像,e.g
make -C src/base/tomcat7.0 make -C src/openrasp/php5.3 -
编译,并启动本服务,e.g
GOPATH=$PWD go build -o /tmp/docker-socks5 /tmp/docker-socks5 -
在浏览器里配置
PAC脚本,e.gfunction FindProxyForURL(url, host) { ... if (host.indexOf('.192.168.154.200.xip.io') != -1) { return 'SOCKS5 192.168.154.200:3080'; } ... } -
使用
192.168.154.200.xip.io:3081访问镜像列表页面 -
对于非HTTP协议的,可以使用
proxychains-ng访问,e.g%> cat ubuntu.conf strict_chain proxy_dns remote_dns_subnet 224 tcp_read_time_out 15000 tcp_connect_time_out 8000 [ProxyList] socks5 192.168.154.200 3080 %> proxychains -f ubuntu.conf java -cp /pentest/java/ysoserial.jar ysoserial.exploit.RMIRegistryExploit nostalgic_goldwasser.192.168.154.200.xip.io 10001 Groovy1 "cp /etc/passwd /tmp"
截图
主界面 - 镜像列表页面
应用界面 - 点击主页面的端口号进入
非 HTTP 接口使用方法 - Java RMI 漏洞远程利用
Documentation
¶
There is no documentation for this package.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
src
|
|
|
golang.org/x/net/bpf
Package bpf implements marshaling and unmarshaling of programs for the Berkeley Packet Filter virtual machine, and provides a Go implementation of the virtual machine.
|
Package bpf implements marshaling and unmarshaling of programs for the Berkeley Packet Filter virtual machine, and provides a Go implementation of the virtual machine. |
|
golang.org/x/net/context
Package context defines the Context type, which carries deadlines, cancelation signals, and other request-scoped values across API boundaries and between processes.
|
Package context defines the Context type, which carries deadlines, cancelation signals, and other request-scoped values across API boundaries and between processes. |
|
golang.org/x/net/context/ctxhttp
Package ctxhttp provides helper functions for performing context-aware HTTP requests.
|
Package ctxhttp provides helper functions for performing context-aware HTTP requests. |
|
golang.org/x/net/dict
Package dict implements the Dictionary Server Protocol as defined in RFC 2229.
|
Package dict implements the Dictionary Server Protocol as defined in RFC 2229. |
|
golang.org/x/net/dns/dnsmessage
Package dnsmessage provides a mostly RFC 1035 compliant implementation of DNS message packing and unpacking.
|
Package dnsmessage provides a mostly RFC 1035 compliant implementation of DNS message packing and unpacking. |
|
golang.org/x/net/html
Package html implements an HTML5-compliant tokenizer and parser.
|
Package html implements an HTML5-compliant tokenizer and parser. |
|
golang.org/x/net/html/atom
Package atom provides integer codes (also known as atoms) for a fixed set of frequently occurring HTML strings: tag names and attribute keys such as "p" and "id".
|
Package atom provides integer codes (also known as atoms) for a fixed set of frequently occurring HTML strings: tag names and attribute keys such as "p" and "id". |
|
golang.org/x/net/html/charset
Package charset provides common text encodings for HTML documents.
|
Package charset provides common text encodings for HTML documents. |
|
golang.org/x/net/http/httpproxy
Package httpproxy provides support for HTTP proxy determination based on environment variables, as provided by net/http's ProxyFromEnvironment function.
|
Package httpproxy provides support for HTTP proxy determination based on environment variables, as provided by net/http's ProxyFromEnvironment function. |
|
golang.org/x/net/http2
Package http2 implements the HTTP/2 protocol.
|
Package http2 implements the HTTP/2 protocol. |
|
golang.org/x/net/http2/h2i
The h2i command is an interactive HTTP/2 console.
|
The h2i command is an interactive HTTP/2 console. |
|
golang.org/x/net/http2/hpack
Package hpack implements HPACK, a compression format for efficiently representing HTTP header fields in the context of HTTP/2.
|
Package hpack implements HPACK, a compression format for efficiently representing HTTP header fields in the context of HTTP/2. |
|
golang.org/x/net/icmp
Package icmp provides basic functions for the manipulation of messages used in the Internet Control Message Protocols, ICMPv4 and ICMPv6.
|
Package icmp provides basic functions for the manipulation of messages used in the Internet Control Message Protocols, ICMPv4 and ICMPv6. |
|
golang.org/x/net/idna
Package idna implements IDNA2008 using the compatibility processing defined by UTS (Unicode Technical Standard) #46, which defines a standard to deal with the transition from IDNA2003.
|
Package idna implements IDNA2008 using the compatibility processing defined by UTS (Unicode Technical Standard) #46, which defines a standard to deal with the transition from IDNA2003. |
|
golang.org/x/net/internal/iana
Package iana provides protocol number resources managed by the Internet Assigned Numbers Authority (IANA).
|
Package iana provides protocol number resources managed by the Internet Assigned Numbers Authority (IANA). |
|
golang.org/x/net/internal/nettest
Package nettest provides utilities for network testing.
|
Package nettest provides utilities for network testing. |
|
golang.org/x/net/internal/socket
Package socket provides a portable interface for socket system calls.
|
Package socket provides a portable interface for socket system calls. |
|
golang.org/x/net/internal/socks
Package socks provides a SOCKS version 5 client implementation.
|
Package socks provides a SOCKS version 5 client implementation. |
|
golang.org/x/net/internal/sockstest
Package sockstest provides utilities for SOCKS testing.
|
Package sockstest provides utilities for SOCKS testing. |
|
golang.org/x/net/internal/timeseries
Package timeseries implements a time series structure for stats collection.
|
Package timeseries implements a time series structure for stats collection. |
|
golang.org/x/net/ipv4
Package ipv4 implements IP-level socket options for the Internet Protocol version 4.
|
Package ipv4 implements IP-level socket options for the Internet Protocol version 4. |
|
golang.org/x/net/ipv6
Package ipv6 implements IP-level socket options for the Internet Protocol version 6.
|
Package ipv6 implements IP-level socket options for the Internet Protocol version 6. |
|
golang.org/x/net/lex/httplex
Package httplex contains rules around lexical matters of various HTTP-related specifications.
|
Package httplex contains rules around lexical matters of various HTTP-related specifications. |
|
golang.org/x/net/nettest
Package nettest provides utilities for network testing.
|
Package nettest provides utilities for network testing. |
|
golang.org/x/net/netutil
Package netutil provides network utility functions, complementing the more common ones in the net package.
|
Package netutil provides network utility functions, complementing the more common ones in the net package. |
|
golang.org/x/net/proxy
Package proxy provides support for a variety of protocols to proxy network data.
|
Package proxy provides support for a variety of protocols to proxy network data. |
|
golang.org/x/net/publicsuffix
Package publicsuffix provides a public suffix list based on data from http://publicsuffix.org/.
|
Package publicsuffix provides a public suffix list based on data from http://publicsuffix.org/. |
|
golang.org/x/net/route
Package route provides basic functions for the manipulation of packet routing facilities on BSD variants.
|
Package route provides basic functions for the manipulation of packet routing facilities on BSD variants. |
|
golang.org/x/net/trace
Package trace implements tracing of requests and long-lived objects.
|
Package trace implements tracing of requests and long-lived objects. |
|
golang.org/x/net/webdav
Package webdav provides a WebDAV server implementation.
|
Package webdav provides a WebDAV server implementation. |
|
golang.org/x/net/webdav/internal/xml
Package xml implements a simple XML 1.0 parser that understands XML name spaces.
|
Package xml implements a simple XML 1.0 parser that understands XML name spaces. |
|
golang.org/x/net/websocket
Package websocket implements a client and server for the WebSocket protocol as specified in RFC 6455.
|
Package websocket implements a client and server for the WebSocket protocol as specified in RFC 6455. |
|
golang.org/x/net/xsrftoken
Package xsrftoken provides methods for generating and validating secure XSRF tokens.
|
Package xsrftoken provides methods for generating and validating secure XSRF tokens. |
Click to show internal directories.
Click to hide internal directories.