# SecuBox mitmproxy App LXC container with mitmproxy for HTTPS traffic inspection and threat detection. ## Multi-Instance Support SecuBox supports multiple mitmproxy instances for different traffic flows: | Instance | Purpose | Proxy Port | Web Port | Mode | |----------|---------|------------|----------|------| | **out** | LAN → Internet (outbound proxy) | 8888 | 8089 | transparent | | **in** | WAN → Services (WAF/reverse) | 8889 | 8090 | upstream | ### Instance Commands ```bash # List all instances mitmproxyctl list-instances # Status of specific instance mitmproxyctl status out mitmproxyctl status in # Shell into instance mitmproxyctl shell in # Start/stop instances (via init.d) /etc/init.d/mitmproxy start /etc/init.d/mitmproxy stop ``` ### UCI Configuration Instances are configured in `/etc/config/mitmproxy`: ``` config instance 'out' option enabled '1' option description 'LAN->Internet Proxy' option container_name 'mitmproxy-out' option proxy_port '8888' option web_port '8089' option mode 'transparent' config instance 'in' option enabled '1' option description 'WAF/Reverse Proxy' option container_name 'mitmproxy-in' option proxy_port '8889' option web_port '8090' option mode 'upstream' option haproxy_backend '1' ``` ## Components | Component | Description | |-----------|-------------| | **LXC Containers** | Debian-based containers with mitmproxy (one per instance) | | **secubox_analytics.py** | Threat detection addon for mitmproxy | | **haproxy_router.py** | HAProxy backend routing addon | | **CrowdSec Integration** | Threat logging for automatic IP banning | ## Threat Detection Patterns ### Attack Types Detected | Category | Patterns | |----------|----------| | **SQL Injection** | UNION SELECT, OR 1=1, SLEEP(), BENCHMARK() | | **XSS** | `