Closed a4501150 closed 4 months ago
WireGuard runs over UDP, so I guess that requires some special treatment: https://stackoverflow.com/questions/27596409/how-do-i-publish-a-udp-port-on-docker
In either case, this is very likely Docker idiosyncrasies and not a mitmproxy bug.
Hey @mhils thanks for quick reference,
after change to
docker run --rm -it -v $(pwd):/workspace -p 51820:51820/udp -p 127.0.0.1:8081:8081 mitmproxy/mitmproxy mitmweb --web-host 0.0.0.0 --set block_global=false --set listen_host=0.0.0.0 --mode wireguard -s /workspace/response.py
then got this error in console output:
Failed to process a WireGuard handshake packet: InvalidAeadTag
I still guess it is something related to how wireguard server in mitm handling the udp is somehow not correct when running under docker
Do try running it without your script, perhaps it is responsible for causing this issue.
the script is working fine when running directly
I see, but have you tried running without the script in the container?
Yes it's the same error @sujaldev
I believe it's the error with the private key validations
https://docs.rs/boringtun/latest/src/boringtun/noise/handshake.rs.html
Try adding --set confdir=/root/.mitmproxy
to the mitmweb
command and add make your config persist by adding this to your docker command -v $(pwd)/.mitmproxy:/root/.mitmproxy/
(or use home if you prefer that), like so:
docker run --rm -it -v $(pwd):/workspace -v $(pwd)/.mitmproxy:/root/.mitmproxy/ -p 51820:51820/udp -p 127.0.0.1:8081:8081 mitmproxy/mitmproxy mitmweb --web-host 0.0.0.0 --set block_global=false --set listen_host=0.0.0.0 --mode wireguard -s /workspace/response.py --set confdir=/root/.mitmproxy
And then update your client with the new config.
Problem Description
Wireguard client unable to connect to proxy server when MITM is running with docker.
Steps to reproduce the behavior:
docker run --rm -it --expose 8081 --expose 51820 -v $(pwd):/workspace -p 51820:51820 -p 127.0.0.1:8081:8081 mitmproxy/mitmproxy mitmweb --web-host 0.0.0.0 --set
block_global=false--set listen_host=0.0.0.0 --mode wireguard
The the following output should be there:
System Information