Zed Attack Proxy with Tor using docker containersDocker is a great tool to test applications quick and easy. You don't have to mess with dependencies, furthermore you can download a lot of preconfigured images from https://hub.docker.com/ .
If you want to test web apps one of the best tools is The OWASP Zed Attack Proxy (ZAP) .
This tool has an interesting feature:
Intercepting ProxyYou can download a docker image from https://code.google.com/p/zaproxy/wiki/Docker and run ZAP inside a container and acting as a proxy for HTTP and HTTPS connections.
ZAP is an Intercepting Proxy. It allows you to see all of the requests you make to a web app and all of the responses you receive from it.
Amongst other things, this allows you to see AJAX calls that may not otherwise be obvious.
You can also set break points which allow you to change the requests and responses on the fly.
You can configure your browser to connect through the ZAP proxy on 127.0.0.1:8080 and start to play.
# Download the image sudo docker pull owasp/zap2docker-stable # Run ZAP GUI and listen on port 8080 sudo docker run -v /tmp/.X11-unix:/tmp/.X11-unix \ -e DISPLAY=:0 \ -u zap \ -p 8080:8080 \ -i owasp/zap2docker-stable zap.sh -port 8080 -host 0.0.0.0
Hiding your IPSometimes you need to hide your IP or use a different IP to access some web, we can use the (Tor network)( https://www.torproject.org/ ) for this.
By default, containers are isolated, but Docker can link containers to communicate between them, so we are going to use another container to access the Tor network and concatenate proxies this way
[Browser] -> [ ZAP] -> [Tor].
You only have to configure ZAP to use privoxy and you can access the web pages through the Tor network.
# Create a docker image with Tor and Privoxy git clone https://github.com/sherzberg/docker-tor-http-proxy.git cd docker-tor-http-proxy sudo docker build -t itsuugo/torproxy . # Run tor container inside docker and assign the name "ctor" # This name is needed to link containers # Privoxy 8118 # Socks4 9050 # DNS 9053 sudo docker run -d --name ctor itsuugo/torproxy # Run zaproxy and link against the ctor container sudo docker run -v /tmp/.X11-unix:/tmp/.X11-unix \ -e DISPLAY=:0 \ --name czaproxy \ --link ctor:ctor \ -u zap \ -p 8080:8080 \ -i owasp/zap2docker-stable zap.sh -port 8080 -host 0.0.0.0