secubox-openwrt

gandalf/secubox-openwrt

Fork 0

Commit Graph

Author	SHA1	Message	Date
CyberMind-FR	d3b7b8ba9b	fix(mitmproxy): Fix alerts display by reading from correct log path The RPCD was looking for alerts in /tmp/secubox-mitm-alerts.json but the analytics addon writes to /var/log/crowdsec/secubox-mitm.log in JSONL format (one JSON object per line). Changes: - RPCD: Read from container's /var/log/crowdsec/secubox-mitm.log - RPCD: Convert JSONL to JSON array using awk - JS: Handle new field names (source_ip, timestamp, request) Alerts now display correctly in LuCI dashboard. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-31 18:37:21 +01:00
CyberMind-FR	92f73fc3d2	feat(mitmproxy): Add HAProxy backend inspection and token auth - Add HAProxy → mitmproxy → Backend inspection chain for filtering all vhost traffic through mitmproxy with threat detection - Add haproxy_router.py addon for Host-based request routing - Add mitmproxyctl commands: sync-routes, haproxy-enable, haproxy-disable - Add auth token to status response for Web UI auto-authentication - Add HAProxy Backend Inspection section to LuCI status page with enable/disable/sync controls - Add HAProxy Router settings section to LuCI settings page - LXC container now supports dual-port mode (8888 + 8889 for HAProxy) - Token displayed with copy button in dashboard Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-31 15:49:05 +01:00
CyberMind-FR	a6d2b75db8	feat(mitmproxy): Enhanced threat detection analytics v2.0 Analytics addon enhancements: - SQL injection detection (25+ patterns) - XSS detection (30+ patterns) - Command injection detection (20+ patterns) - Path traversal detection (12+ patterns) - SSRF detection (10+ patterns) - XXE/LDAP injection detection - Log4Shell (CVE-2021-44228) detection - Known CVE patterns (Spring4Shell, MOVEit, etc.) - Rate limiting and bot detection - CrowdSec integration with severity levels LuCI interface rewrite (KISS): - Simplified status view with threat monitor - Security alerts table with severity badges - Service controls (start/stop/restart) - RPCD backend with alerts/threat_stats endpoints - Clean settings form Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-31 15:39:36 +01:00

Author

SHA1

Message

Date

CyberMind-FR

d3b7b8ba9b

fix(mitmproxy): Fix alerts display by reading from correct log path

The RPCD was looking for alerts in /tmp/secubox-mitm-alerts.json but
the analytics addon writes to /var/log/crowdsec/secubox-mitm.log in
JSONL format (one JSON object per line).

Changes:
- RPCD: Read from container's /var/log/crowdsec/secubox-mitm.log
- RPCD: Convert JSONL to JSON array using awk
- JS: Handle new field names (source_ip, timestamp, request)

Alerts now display correctly in LuCI dashboard.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-01-31 18:37:21 +01:00

CyberMind-FR

92f73fc3d2

feat(mitmproxy): Add HAProxy backend inspection and token auth

- Add HAProxy → mitmproxy → Backend inspection chain for filtering
  all vhost traffic through mitmproxy with threat detection
- Add haproxy_router.py addon for Host-based request routing
- Add mitmproxyctl commands: sync-routes, haproxy-enable, haproxy-disable
- Add auth token to status response for Web UI auto-authentication
- Add HAProxy Backend Inspection section to LuCI status page with
  enable/disable/sync controls
- Add HAProxy Router settings section to LuCI settings page
- LXC container now supports dual-port mode (8888 + 8889 for HAProxy)
- Token displayed with copy button in dashboard

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-01-31 15:49:05 +01:00

CyberMind-FR

a6d2b75db8

feat(mitmproxy): Enhanced threat detection analytics v2.0

Analytics addon enhancements:
- SQL injection detection (25+ patterns)
- XSS detection (30+ patterns)
- Command injection detection (20+ patterns)
- Path traversal detection (12+ patterns)
- SSRF detection (10+ patterns)
- XXE/LDAP injection detection
- Log4Shell (CVE-2021-44228) detection
- Known CVE patterns (Spring4Shell, MOVEit, etc.)
- Rate limiting and bot detection
- CrowdSec integration with severity levels

LuCI interface rewrite (KISS):
- Simplified status view with threat monitor
- Security alerts table with severity badges
- Service controls (start/stop/restart)
- RPCD backend with alerts/threat_stats endpoints
- Clean settings form

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-01-31 15:39:36 +01:00

3 Commits