无法将 Docker 配置为在 Catalina 上使用 Burp Suite 代理
[英]Can't configure Docker to use Burp Suite proxy on Catalina
问题描述
I'm trying to use Docker with a proxy server that has its own CA cert.
我正在尝试将 Docker 与具有自己的 CA 证书的代理服务器一起使用。 I can't figure out how to configure the proxy for all containers running under my user without installing the certificate on each one.如果没有在每个容器上安装证书,我无法弄清楚如何为我的用户下运行的所有容器配置代理。 Any help with this would be much appreciated!对此的任何帮助将不胜感激!
I'm using Docker Desktop Docker version 19.03.13, build 4484c46d9d, on OS X Catalina 10.15.4.我在 OS X Catalina 10.15.4 上使用 Docker Desktop Docker 版本 19.03.13,构建 4484c46d9d。 Burp Suite proxies all the HTTP requests on my computer. Burp Suite代理我电脑上的所有 HTTP 请求。 I have the Burp Suite CA certificate installed in my OS X Login and System keychains.我在 OS X 登录和系统钥匙串中安装了 Burp Suite CA 证书。 When I configure the proxy in my ~/.docker/config.json file, it points to the correct proxy but I get an error:当我在~/.docker/config.json文件中配置代理时,它指向正确的代理,但出现错误:
Errno::ECONNREFUSED: Failed to open TCP connection to 127.0.0.1:8080
When I install the Burp Suite certificate directly in the Docker container, I'm able to proxy requests with no additional config necessary (including environment variables or config.json changes).当我直接在 Docker 容器中安装 Burp Suite 证书时,我能够代理请求而无需额外的配置(包括环境变量或 config.json 更改)。 However, I run a lot of Docker containers, most of them standardised for multiple dev environments, and don't want to modify every Dockerfile when only my machine needs this.但是,我运行了很多 Docker 容器,其中大多数是针对多个开发环境进行标准化的,并且不想在只有我的机器需要时修改每个 Dockerfile。
This is the relevant part of my ~/.docker/config.json file:这是我的~/.docker/config.json文件的相关部分:
{
"proxies": {
"default": {
"httpProxy": "http://127.0.0.1:8080",
"httpsProxy": "https://127.0.0.1:8080"
}
}
}
And this is my Dockerfile:这是我的 Dockerfile:
FROM ruby:2
RUN gem install ronin-support
COPY rails_rce.rb .
Finally, this is the total output when I run docker build .最后,这是我运行docker build .时的总输出docker build . : :
Sending build context to Docker daemon 11.26kB
Step 1/3 : FROM ruby:2
---> 343d2dc24f38
Step 2/3 : RUN gem install ronin-support
---> Running in 150bf40c6ad8
ERROR: Could not find a valid gem 'ronin-support' (>= 0), here is why:
Unable to download data from https://rubygems.org/ - Errno::ECONNREFUSED: Failed to open TCP connection to 127.0.0.1:8080 (Connection refused - connect(2) for "127.0.0.1" port 8080) (https://rubygems.org/specs.4.8.gz)
The command '/bin/sh -c gem install ronin-support' returned a non-zero code: 2
I'm new to creating my own Dockerfiles and config so I'm sorry if this is extremely basic - I've googled for hours and come up with nothing helpful.我是创建自己的 Dockerfiles 和配置的新手,所以如果这是非常基本的,我很抱歉 - 我已经用谷歌搜索了几个小时,但没有任何帮助。
1 个解决方案
解决方案1
1 已采纳 2020-11-10 00:17:17
It's same thing when you need to connect from the container to the host on Mac .当您需要从容器连接到 Mac 上的主机时,情况也是如此。
You should use host.docker.internal instead of localhost您应该使用host.docker.internal而不是localhost
So the config will be所以配置将是
{
"proxies": {
"default": {
"httpProxy": "http://host.docker.internal:8080",
"httpsProxy": "http://host.docker.internal:8080"
}
}
}
Also, you need to add BurpSuite CA to your container.此外,您需要将 BurpSuite CA 添加到您的容器中。
Firstly, convert it to PEM.首先,将其转换为 PEM。
openssl x509 -inform der -in cacert.der -out burp_cert.crt
Then add one to trusted CAs in the container with Dockerfile然后使用 Dockerfile 向容器中的可信 CA 添加一个
FROM ruby:2
COPY burp_cert.crt /usr/local/share/ca-certificates/burp.crt
RUN update-ca-certificates
RUN gem install ronin-support
COPY rails_rce.rb
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.