Juice Shop有一个易受攻击的应用程序,可用作docker映像。我正在Windows10上测试它。我能够用以下命令运行应用程序:
docker pull bkimminich/juice-shop
docker run --rm -p 3000:3000 bkimminich/juice-shop
现在,Burp不允许在127.0.0.1:3000上设置侦听器,可能是因为docker正在该端口上侦听。我无法检查代理侦听器上的运行选项。
如果我首先检查Burp上的侦听器,那么docker运行失败,并显示:
docker run -p 127.0.0.1:3000:3000 bkimminich/juice-shop
docker: Error response from daemon: driver failed programming external connectivity on endpoint stupefied_poincare (003588db40943cf7607c7c5dc20ad9f51eaef7bc81c7cf470fa6a2d20fcbd398): Error starting userland proxy: listen tcp 127.0.0.1:3000: bind: Only one usage of each socket address (protocol/network address/port) is normally permitted.
如何修复?
我认为您需要用不同的Port启动Burp,并设置docker将其用作~/.docker/config.json文件中的proxy:
{
"proxies":
{
"default":
{
"httpProxy": "http://THEHOSTIPFORBURP:3001"
}
}
}