self-hosted/dockerfiles
1
0
Fork 0
mirror of https://github.com/vimagick/dockerfiles.git synced 2025-01-12 04:23:04 +02:00
Code Issues Releases Activity

add sslsplit

Browse Source
This commit is contained in:
kev 2016-07-19 10:51:17 +08:00
parent e523b173ef
commit fa6197faf6
9 changed files with 142 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -154,6 +154,7 @@ A collection of delicious docker recipes.
- [x] iptables - [x] iptables
- [x] routersploit - [x] routersploit
- [x] snort :beetle: - [x] snort :beetle:
- [x] sslsplit
- [x] webgoat - [x] webgoat
## Proxy ## Proxy

37
sslsplit/Dockerfile Normal file
View File

@ -0,0 +1,37 @@
#
# Dockerfile for sslsplit
#
FROM alpine
MAINTAINER kev <noreply@easypi.info>
ENV SSLSPLIT_VERSION 0.5.0
RUN set -xe \
&& apk add --no-cache build-base \
curl \
fts \
fts-dev \
libevent \
libevent-dev \
linux-headers \
openssl \
openssl-dev \
tar \
&& mkdir sslsplit \
&& cd sslsplit \
&& curl -sSL https://github.com/droe/sslsplit/archive/${SSLSPLIT_VERSION}.tar.gz | tar xz --strip 1 \
&& sed -i '/^LIBS/s/$/ -lfts/' GNUmakefile \
&& make install \
&& cd .. \
&& rm -rf sslsplit \
&& apk del build-base \
curl \
fts-dev \
libevent-dev \
linux-headers \
openssl-dev \
tar
ENTRYPOINT ["sslsplit", "-D"]
CMD ["-h"]

43
sslsplit/README.md Normal file
View File

@ -0,0 +1,43 @@
sslsplit
========
[SSLsplit][1] is a tool for man-in-the-middle attacks against SSL/TLS encrypted
network connections.
## docker-compose.yml
```yaml
sslsplit:
image: vimagick/sslsplit
command:
-k key/ca.key -c key/ca.crt -P
-l log/cnn.log -S log
tcp 0.0.0.0 8080
ssl 0.0.0.0 8443
net: host
volumes:
- ./data:/data
working_dir: /data
restart: unless-stopped
```
## up and running
```bash
$ mkdir -p data/{key,log}
$ openssl req -x509 -newkey rsa:2048 -nodes -keyout data/key/ca.key -out data/key/ca.crt -days 365 -subj '/CN=EasyPi'
$ docker-compose up -d
```
```
sysctl -w net.ipv4.ip_forward=1
iptables -t nat -F
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 8443
```
## read more
- <https://blog.heckel.xyz/2013/08/04/use-sslsplit-to-transparently-sniff-tls-ssl-connections/>
[1]: <http://www.roe.ch/SSLsplit>

37
sslsplit/arm/Dockerfile Normal file
View File

@ -0,0 +1,37 @@
#
# Dockerfile for sslsplit-arm
#
FROM easypi/alpine-arm
MAINTAINER EasyPi Software Foundation
ENV SSLSPLIT_VERSION 0.5.0
RUN set -xe \
&& apk add --no-cache build-base \
curl \
fts \
fts-dev \
libevent \
libevent-dev \
linux-headers \
openssl \
openssl-dev \
tar \
&& mkdir sslsplit \
&& cd sslsplit \
&& curl -sSL https://github.com/droe/sslsplit/archive/${SSLSPLIT_VERSION}.tar.gz | tar xz --strip 1 \
&& sed -i '/^LIBS/s/$/ -lfts/' GNUmakefile \
&& make install \
&& cd .. \
&& rm -rf sslsplit \
&& apk del build-base \
curl \
fts-dev \
libevent-dev \
linux-headers \
openssl-dev \
tar
ENTRYPOINT ["sslsplit", "-D"]
CMD ["-h"]

12
sslsplit/arm/docker-compose.yml Normal file
View File

@ -0,0 +1,12 @@
sslsplit:
image: easypi/sslsplit-arm
command:
-k key/ca.key -c key/ca.crt -P
-l log/cnn.log -S log
tcp 0.0.0.0 8080
ssl 0.0.0.0 8443
net: host
volumes:
- ./data:/data
working_dir: /data
restart: unless-stopped

0
sslsplit/data/key/ca.crt Normal file
View File

0
sslsplit/data/key/ca.key Normal file
View File

0
sslsplit/data/log/cnn.log Normal file
View File

12
sslsplit/docker-compose.yml Normal file
View File

@ -0,0 +1,12 @@
sslsplit:
image: vimagick/sslsplit
command:
-k key/ca.key -c key/ca.crt -P
-l log/cnn.log -S log
tcp 0.0.0.0 8080
ssl 0.0.0.0 8443
net: host
volumes:
- ./data:/data
working_dir: /data
restart: unless-stopped