Will docker let us pwn the network ?

[tux-mind]

The usage of Docker is a very good idea, users and testers do not have to install a single package, just to start our container. No more bugs for edge cases software versions ( like the rm tool that do not accept the -rf option :sweat: ).

But I wonder if it still allow us to do our jobs right: can we put devices in monitor mode, sniff wifi packets, perform ARP poisoning... ??

From a quick search I found that by using pipework --direct-phys eth1 $CONTAINERID 192.168.1.2/24 we can assign a physical network interface to our container, but I'm in doubt about this approach as it can create troubles to other programs that uses that interface.

@DeveloppSoft can you play a little with Docker ? finding out if aircrack, nmap, arppoison and all our loved tools works fine ?

Thank you in advance for your contributions, I'll assign this issue to a note on the cSploit core project.

[ETeissonniere]

@tux-mind, users should use --privileged, and --net=host, it will let them run nmap, play with raw sockets etc...

From the official doc:

When the operator executes docker run --privileged, Docker will enable to access to all devices on the host as well as set some configuration in AppArmor or SELinux to allow the container nearly all the same access to the host as processes running outside containers on the host. Additional information about running with --privileged is available on the Docker Blog.

The --net=host option will allow the container to access host's network devices.

Please note users should disable monitor mode before exiting the container.