Friday, February 6, 2015

Docker Zed Attack Proxy with Tor

Zed Attack Proxy with Tor using docker containers

Docker is a great tool to test applications quick and easy. You don't have to mess with dependencies, furthermore you can download a lot of preconfigured images from https://hub.docker.com/ .
If you want to test web apps one of the best tools is The OWASP Zed Attack Proxy (ZAP) .
This tool has an interesting feature:
Intercepting Proxy
ZAP is an Intercepting Proxy. It allows you to see all of the requests you make to a web app and all of the responses you receive from it.
Amongst other things, this allows you to see AJAX calls that may not otherwise be obvious.
You can also set break points which allow you to change the requests and responses on the fly.
You can download a docker image from https://code.google.com/p/zaproxy/wiki/Docker and run ZAP inside a container and acting as a proxy for HTTP and HTTPS connections.
# Download the image
sudo docker pull owasp/zap2docker-stable
# Run ZAP GUI and listen on port 8080
sudo docker run -v /tmp/.X11-unix:/tmp/.X11-unix \
        -e DISPLAY=:0 \
        -u zap \
        -p 8080:8080 \
        -i owasp/zap2docker-stable zap.sh -port 8080 -host 0.0.0.0
You can configure your browser to connect through the ZAP proxy on 127.0.0.1:8080 and start to play.

Hiding your IP

Sometimes you need to hide your IP or use a different IP to access some web, we can use the (Tor network)( https://www.torproject.org/ ) for this.
By default, containers are isolated, but Docker can link containers to communicate between them, so we are going to use another container to access the Tor network and concatenate proxies this way
[Browser] -> [ ZAP] -> [Tor].
# Create a docker image with Tor and Privoxy 
git clone https://github.com/sherzberg/docker-tor-http-proxy.git
cd docker-tor-http-proxy
sudo docker build -t itsuugo/torproxy .

# Run tor container inside docker and assign the name "ctor"
# This name is needed to link containers
# Privoxy 8118
# Socks4 9050
# DNS 9053
sudo docker run -d --name ctor itsuugo/torproxy

# Run zaproxy and link against the ctor container
sudo docker run -v /tmp/.X11-unix:/tmp/.X11-unix \
        -e DISPLAY=:0                           \
        --name czaproxy                         \
        --link ctor:ctor                        \
        -u zap                                  \
        -p 8080:8080                            \
        -i owasp/zap2docker-stable zap.sh -port 8080 -host 0.0.0.0
You only have to configure ZAP to use privoxy and you can access the web pages through the Tor network.