Docker - 使用mitmproxy对docker进行代理并解析HTTP请求
【摘要】 本文使用mitmproxy对docker 镜像登录进行代理分析
1. 下载 mitmproxy
https://www.mitmproxy.org/downloads/
2. 使用的 Fedora 版本
[root@fedora ~]# cat /etc/fedora-release
Fedora release 38 (Thirty Eight)
[root@fedora ~]# uname -a
Linux fedora 6.2.9-300.fc38.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Mar 30 22:32:58 UTC 2023 x86_64 GNU/Linux
3. 将 mitmproxy 拷贝到虚拟机并启动
[root@fedora ~]# cd /root/
[root@fedora ~]# ll
总计 73440
-rw-------. 1 root root 480 2023年 6月 1日 anaconda-ks.cfg
-rw-r--r--. 1 root root 75195684 6月 1日 00:19 mitmproxy-7.0.1-linux.tar.gz
[root@fedora ~]# tar zxvf mitmproxy-7.0.1-linux.tar.gz
mitmproxy
mitmdump
mitmweb
[root@fedora ~]# ./mitmproxy
4. 配置 Docker 的代理:
实际配置:
[Service]
... ...
Environment="HTTP_PROXY=http://127.0.0.1:8080"
Environment="HTTPS_PROXY=http://127.0.0.1:8080"
# Environment="NO_PROXY=localhost,127.0.0.1" (可选配置)
ExecStart=/usr/bin/dockerd --insecure-registry registry-1.docker.io\
--host=fd:// \
--exec-opt native.cgroupdriver=systemd \
$OPTIONS
ExecReload=... ...
5. 验证:
[root@fedora anchors]# docker login -u xiao -p xiao registry-1.docker.io
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: Get "https://registry-1.docker.io/v2/": unauthorized: incorrect username or passwordGET https://registry-1.docker.io/v2/
← 401 Unauthorized application/json 87b 961ms
1.请求
Host: registry-1.docker.io
User-Agent: docker/20.10.23 go/go1.20rc3 git-commit/%{shortcommit_moby} kernel/6.2.9-300.fc38.x86_64 os/linux
arch/amd64 UpstreamClient(Docker-Client/20.10.23 \\(linux\\))
Accept-Encoding: gzip
Connection: close
No request content
2.响应
content-type: application/json
docker-distribution-api-versio registry/2.0
www-authenticate: Bearer realm="https://auth.docker.io/token",service="registry.docker.io"
date: Thu, 01 Jun 2023 14:40:16 GMT
content-length: 87
strict-transport-security: max-age=31536000
connection: close
JSON
{
"errors": [
{
"code": "UNAUTHORIZED",
"detail": null,
"message": "authentication required"
}
]
}GET https://auth.docker.io/token?account=xiao&client_id=docker&offline_token=true&service=registry.docker.io
← 401 Unauthorized application/json 45b 759ms
1.请求
Host: auth.docker.io
User-Agent: docker/20.10.23 go/go1.20rc3 git-commit/%{shortcommit_moby} kernel/6.2.9-300.fc38.x86_64 os/linux
arch/amd64 UpstreamClient(Docker-Client/20.10.23 \\(linux\\))
Authorization: Basic eGlhbzp4aWFv
Accept-Encoding: gzip
Connection: close
Query
account: xiao
client_id: docker
offline_token: true
service: registry.docker.io
2.响应
content-type: application/json; charset=utf-8
www-authenticate: Basic realm="auth.docker.io"
x-trace-id: 9c2753e13f392157a423e4bdfda2794d
date: Thu, 01 Jun 2023 14:40:21 GMT
content-length: 45
strict-transport-security: max-age=31536000
connection: close
JSON
{
"details": "incorrect username or password"
}
【版权声明】本文为华为云社区用户原创内容,未经允许不得转载,如需转载请自行联系原作者进行授权。如果您发现本社区中有涉嫌抄袭的内容,欢迎发送邮件进行举报,并提供相关证据,一经查实,本社区将立刻删除涉嫌侵权内容,举报邮箱:
cloudbbs@huaweicloud.com
- 点赞
- 收藏
- 关注作者
评论(0)