CyberMind-FR
94c02c9224
Added 60+ CVE patterns for WAF filtering: 2021 CVEs: - CVE-2021-44228 (Log4Shell) - CVE-2021-41773 (Apache path traversal) - CVE-2021-26084 (Confluence OGNL) - CVE-2021-34473 (ProxyShell) - CVE-2021-21972 (VMware vCenter) - CVE-2021-22986 (F5 BIG-IP) 2022 CVEs: - CVE-2022-22963 (Spring Cloud Function) - CVE-2022-22965 (Spring4Shell) - CVE-2022-1388 (F5 Auth Bypass) - CVE-2022-26134 (Confluence OGNL) - CVE-2022-41040 (ProxyNotShell) - CVE-2022-42889 (Apache Commons Text) 2023 CVEs: - CVE-2023-34362 (MOVEit Transfer) - CVE-2023-22515/22518 (Confluence) - CVE-2023-46747 (F5 BIG-IP) - CVE-2023-27997 (Fortinet SSL VPN) - CVE-2023-20198 (Cisco IOS XE) - CVE-2023-4966 (Citrix Bleed) 2024 CVEs: - CVE-2024-3400 (PAN-OS) - CVE-2024-21887 (Ivanti) - CVE-2024-1709 (ScreenConnect) - CVE-2024-27198 (TeamCity) - CVE-2024-23897 (Jenkins) - CVE-2024-4577 (PHP-CGI) - CVE-2024-6387 (OpenSSH) - CVE-2024-55591 (FortiOS) 2025 CVEs: - CVE-2025-15467 (OpenSSL CMS) - CVE-2025-0282 (Ivanti) - CVE-2025-23006 (SonicWall) Plus CMS, Framework, Database, CI/CD, and Cloud patterns. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
85 lines
2.3 KiB
Makefile
85 lines
2.3 KiB
Makefile
include $(TOPDIR)/rules.mk
|
|
|
|
PKG_NAME:=secubox-app-mitmproxy
|
|
PKG_RELEASE:=21
|
|
PKG_VERSION:=0.5.0
|
|
PKG_ARCH:=all
|
|
PKG_MAINTAINER:=CyberMind Studio <contact@cybermind.fr>
|
|
PKG_LICENSE:=Apache-2.0
|
|
|
|
include $(INCLUDE_DIR)/package.mk
|
|
|
|
define Package/secubox-app-mitmproxy
|
|
SECTION:=utils
|
|
CATEGORY:=Utilities
|
|
PKGARCH:=all
|
|
SUBMENU:=SecuBox Apps
|
|
TITLE:=SecuBox mitmproxy HTTPS Intercepting Proxy (LXC)
|
|
DEPENDS:=wget +tar
|
|
endef
|
|
|
|
define Package/secubox-app-mitmproxy/description
|
|
mitmproxy - Interactive HTTPS proxy for SecuBox-powered OpenWrt systems.
|
|
|
|
Features:
|
|
- Intercept and inspect HTTP/HTTPS traffic
|
|
- Modify requests and responses on the fly
|
|
- Web interface (mitmweb) for easy analysis
|
|
- Export traffic for offline analysis
|
|
- Enhanced threat detection addon (v2.0):
|
|
* SQL injection, XSS, command injection
|
|
* Path traversal, SSRF, XXE, LDAP injection
|
|
* Log4Shell and known CVE detection
|
|
* Rate limiting and suspicious header detection
|
|
* CrowdSec integration for blocking
|
|
|
|
Runs in LXC container for isolation and security.
|
|
Configure in /etc/config/mitmproxy.
|
|
endef
|
|
|
|
define Package/secubox-app-mitmproxy/conffiles
|
|
/etc/config/mitmproxy
|
|
endef
|
|
|
|
define Build/Compile
|
|
endef
|
|
|
|
define Package/secubox-app-mitmproxy/install
|
|
$(INSTALL_DIR) $(1)/etc/config
|
|
$(INSTALL_CONF) ./files/etc/config/mitmproxy $(1)/etc/config/mitmproxy
|
|
|
|
$(INSTALL_DIR) $(1)/etc/init.d
|
|
$(INSTALL_BIN) ./files/etc/init.d/mitmproxy $(1)/etc/init.d/mitmproxy
|
|
|
|
$(INSTALL_DIR) $(1)/usr/sbin
|
|
$(INSTALL_BIN) ./files/usr/sbin/mitmproxyctl $(1)/usr/sbin/mitmproxyctl
|
|
|
|
# Analytics and HAProxy router addons
|
|
$(INSTALL_DIR) $(1)/srv/mitmproxy/addons
|
|
$(INSTALL_DATA) ./root/srv/mitmproxy/addons/secubox_analytics.py $(1)/srv/mitmproxy/addons/
|
|
$(INSTALL_DATA) ./root/srv/mitmproxy/addons/haproxy_router.py $(1)/srv/mitmproxy/addons/
|
|
endef
|
|
|
|
define Package/secubox-app-mitmproxy/postinst
|
|
#!/bin/sh
|
|
[ -n "$${IPKG_INSTROOT}" ] || {
|
|
echo ""
|
|
echo "mitmproxy installed."
|
|
echo ""
|
|
echo "To install and start mitmproxy:"
|
|
echo " mitmproxyctl install"
|
|
echo " /etc/init.d/mitmproxy start"
|
|
echo ""
|
|
echo "Web interface: http://<router-ip>:8081"
|
|
echo "Proxy port: 8888"
|
|
echo ""
|
|
echo "To use the proxy, configure clients with:"
|
|
echo " HTTP Proxy: <router-ip>:8888"
|
|
echo " Install CA cert from: http://<router-ip>:8081/cert"
|
|
echo ""
|
|
}
|
|
exit 0
|
|
endef
|
|
|
|
$(eval $(call BuildPackage,secubox-app-mitmproxy))
|