CyberMind-FR
0dd6b28d1a
The sync-routes command was failing to generate routes for most vhosts due to: - Subshell bug: pipe in while loop caused variable changes to be lost - Only supported old-style backends (inline .server field) - Did not support new-style backends with separate =server sections Changes: - Rewrite sync-routes to avoid subshell by using temp file - Add support for both backend styles (inline and separate server sections) - Use original_backend field when vhosts are in inspection mode - Skip luci/fallback/mitmproxy_inspector backends in route generation Now properly generates 13+ routes for HAProxy backend inspection. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
85 lines
2.3 KiB
Makefile
85 lines
2.3 KiB
Makefile
include $(TOPDIR)/rules.mk
|
|
|
|
PKG_NAME:=secubox-app-mitmproxy
|
|
PKG_RELEASE:=19
|
|
PKG_VERSION:=0.5.0
|
|
PKG_ARCH:=all
|
|
PKG_MAINTAINER:=CyberMind Studio <contact@cybermind.fr>
|
|
PKG_LICENSE:=Apache-2.0
|
|
|
|
include $(INCLUDE_DIR)/package.mk
|
|
|
|
define Package/secubox-app-mitmproxy
|
|
SECTION:=utils
|
|
CATEGORY:=Utilities
|
|
PKGARCH:=all
|
|
SUBMENU:=SecuBox Apps
|
|
TITLE:=SecuBox mitmproxy HTTPS Intercepting Proxy (LXC)
|
|
DEPENDS:=wget +tar
|
|
endef
|
|
|
|
define Package/secubox-app-mitmproxy/description
|
|
mitmproxy - Interactive HTTPS proxy for SecuBox-powered OpenWrt systems.
|
|
|
|
Features:
|
|
- Intercept and inspect HTTP/HTTPS traffic
|
|
- Modify requests and responses on the fly
|
|
- Web interface (mitmweb) for easy analysis
|
|
- Export traffic for offline analysis
|
|
- Enhanced threat detection addon (v2.0):
|
|
* SQL injection, XSS, command injection
|
|
* Path traversal, SSRF, XXE, LDAP injection
|
|
* Log4Shell and known CVE detection
|
|
* Rate limiting and suspicious header detection
|
|
* CrowdSec integration for blocking
|
|
|
|
Runs in LXC container for isolation and security.
|
|
Configure in /etc/config/mitmproxy.
|
|
endef
|
|
|
|
define Package/secubox-app-mitmproxy/conffiles
|
|
/etc/config/mitmproxy
|
|
endef
|
|
|
|
define Build/Compile
|
|
endef
|
|
|
|
define Package/secubox-app-mitmproxy/install
|
|
$(INSTALL_DIR) $(1)/etc/config
|
|
$(INSTALL_CONF) ./files/etc/config/mitmproxy $(1)/etc/config/mitmproxy
|
|
|
|
$(INSTALL_DIR) $(1)/etc/init.d
|
|
$(INSTALL_BIN) ./files/etc/init.d/mitmproxy $(1)/etc/init.d/mitmproxy
|
|
|
|
$(INSTALL_DIR) $(1)/usr/sbin
|
|
$(INSTALL_BIN) ./files/usr/sbin/mitmproxyctl $(1)/usr/sbin/mitmproxyctl
|
|
|
|
# Analytics and HAProxy router addons
|
|
$(INSTALL_DIR) $(1)/srv/mitmproxy/addons
|
|
$(INSTALL_DATA) ./root/srv/mitmproxy/addons/secubox_analytics.py $(1)/srv/mitmproxy/addons/
|
|
$(INSTALL_DATA) ./root/srv/mitmproxy/addons/haproxy_router.py $(1)/srv/mitmproxy/addons/
|
|
endef
|
|
|
|
define Package/secubox-app-mitmproxy/postinst
|
|
#!/bin/sh
|
|
[ -n "$${IPKG_INSTROOT}" ] || {
|
|
echo ""
|
|
echo "mitmproxy installed."
|
|
echo ""
|
|
echo "To install and start mitmproxy:"
|
|
echo " mitmproxyctl install"
|
|
echo " /etc/init.d/mitmproxy start"
|
|
echo ""
|
|
echo "Web interface: http://<router-ip>:8081"
|
|
echo "Proxy port: 8888"
|
|
echo ""
|
|
echo "To use the proxy, configure clients with:"
|
|
echo " HTTP Proxy: <router-ip>:8888"
|
|
echo " Install CA cert from: http://<router-ip>:8081/cert"
|
|
echo ""
|
|
}
|
|
exit 0
|
|
endef
|
|
|
|
$(eval $(call BuildPackage,secubox-app-mitmproxy))
|