2025-08-08 20:36:44 -07:00
|
|
|
#!/bin/bash
|
|
|
|
|
set -e
|
|
|
|
|
|
2026-01-16 03:40:09 -08:00
|
|
|
CAIDO_PORT=48080
|
|
|
|
|
CAIDO_LOG="/tmp/caido_startup.log"
|
|
|
|
|
|
|
|
|
|
if [ ! -f /app/certs/ca.p12 ]; then
|
|
|
|
|
echo "ERROR: CA certificate file /app/certs/ca.p12 not found."
|
|
|
|
|
exit 1
|
2025-08-08 20:36:44 -07:00
|
|
|
fi
|
|
|
|
|
|
2026-07-10 00:38:29 -04:00
|
|
|
# Caido enforces a Host allowlist (DNS-rebinding protection) and rejects requests
|
|
|
|
|
# whose Host header is a hostname it doesn't recognize. To reach Caido over a
|
|
|
|
|
# hostname (rather than an IP literal), set STRIX_CAIDO_ALLOWED_DOMAINS to a
|
|
|
|
|
# comma-separated list of hostnames to allow. Unset by default.
|
|
|
|
|
# See https://docs.caido.io/app/guides/domain_allowlist
|
|
|
|
|
CAIDO_UI_DOMAIN_ARGS=()
|
|
|
|
|
if [ -n "${STRIX_CAIDO_ALLOWED_DOMAINS:-}" ]; then
|
|
|
|
|
IFS=',' read -ra _caido_domains <<< "${STRIX_CAIDO_ALLOWED_DOMAINS}"
|
|
|
|
|
for _d in "${_caido_domains[@]}"; do
|
|
|
|
|
[ -n "$_d" ] && CAIDO_UI_DOMAIN_ARGS+=(--ui-domain "$_d")
|
|
|
|
|
done
|
|
|
|
|
fi
|
|
|
|
|
|
2026-02-23 18:24:29 -08:00
|
|
|
caido-cli --listen 0.0.0.0:${CAIDO_PORT} \
|
2025-08-08 20:36:44 -07:00
|
|
|
--allow-guests \
|
|
|
|
|
--no-logging \
|
|
|
|
|
--no-open \
|
2026-07-10 00:38:29 -04:00
|
|
|
"${CAIDO_UI_DOMAIN_ARGS[@]}" \
|
2025-08-08 20:36:44 -07:00
|
|
|
--import-ca-cert /app/certs/ca.p12 \
|
2026-01-16 03:40:09 -08:00
|
|
|
--import-ca-cert-pass "" > "$CAIDO_LOG" 2>&1 &
|
|
|
|
|
|
|
|
|
|
CAIDO_PID=$!
|
|
|
|
|
echo "Started Caido with PID $CAIDO_PID on port $CAIDO_PORT"
|
2025-08-08 20:36:44 -07:00
|
|
|
|
|
|
|
|
echo "Waiting for Caido API to be ready..."
|
2026-01-16 03:40:09 -08:00
|
|
|
CAIDO_READY=false
|
2025-08-08 20:36:44 -07:00
|
|
|
for i in {1..30}; do
|
2026-01-16 03:40:09 -08:00
|
|
|
if ! kill -0 $CAIDO_PID 2>/dev/null; then
|
|
|
|
|
echo "ERROR: Caido process died while waiting for API (iteration $i)."
|
|
|
|
|
echo "=== Caido log ==="
|
|
|
|
|
cat "$CAIDO_LOG" 2>/dev/null || echo "(no log available)"
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if curl -s -o /dev/null -w "%{http_code}" http://localhost:${CAIDO_PORT}/graphql/ | grep -qE "^(200|400)$"; then
|
|
|
|
|
echo "Caido API is ready (attempt $i)."
|
|
|
|
|
CAIDO_READY=true
|
2025-08-08 20:36:44 -07:00
|
|
|
break
|
|
|
|
|
fi
|
|
|
|
|
sleep 1
|
|
|
|
|
done
|
|
|
|
|
|
2026-01-16 03:40:09 -08:00
|
|
|
if [ "$CAIDO_READY" = false ]; then
|
|
|
|
|
echo "ERROR: Caido API did not become ready within 30 seconds."
|
|
|
|
|
echo "Caido process status: $(kill -0 $CAIDO_PID 2>&1 && echo 'running' || echo 'dead')"
|
|
|
|
|
echo "=== Caido log ==="
|
|
|
|
|
cat "$CAIDO_LOG" 2>/dev/null || echo "(no log available)"
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
|
2025-08-08 20:36:44 -07:00
|
|
|
sleep 2
|
|
|
|
|
|
2026-04-25 14:23:56 -07:00
|
|
|
echo "Caido is up — host bootstraps the guest token + project via the Python SDK."
|
2025-08-08 20:36:44 -07:00
|
|
|
|
|
|
|
|
echo "Configuring system-wide proxy settings..."
|
|
|
|
|
|
|
|
|
|
cat << EOF | sudo tee /etc/profile.d/proxy.sh
|
|
|
|
|
export http_proxy=http://127.0.0.1:${CAIDO_PORT}
|
|
|
|
|
export https_proxy=http://127.0.0.1:${CAIDO_PORT}
|
|
|
|
|
export HTTP_PROXY=http://127.0.0.1:${CAIDO_PORT}
|
|
|
|
|
export HTTPS_PROXY=http://127.0.0.1:${CAIDO_PORT}
|
|
|
|
|
export ALL_PROXY=http://127.0.0.1:${CAIDO_PORT}
|
2026-04-25 14:33:38 -07:00
|
|
|
export NO_PROXY=localhost,127.0.0.1
|
2025-08-08 20:36:44 -07:00
|
|
|
export REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
|
|
|
|
|
export SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
|
|
|
|
|
EOF
|
|
|
|
|
|
|
|
|
|
cat << EOF | sudo tee /etc/environment
|
|
|
|
|
http_proxy=http://127.0.0.1:${CAIDO_PORT}
|
|
|
|
|
https_proxy=http://127.0.0.1:${CAIDO_PORT}
|
|
|
|
|
HTTP_PROXY=http://127.0.0.1:${CAIDO_PORT}
|
|
|
|
|
HTTPS_PROXY=http://127.0.0.1:${CAIDO_PORT}
|
|
|
|
|
ALL_PROXY=http://127.0.0.1:${CAIDO_PORT}
|
2026-04-25 14:33:38 -07:00
|
|
|
NO_PROXY=localhost,127.0.0.1
|
2025-08-08 20:36:44 -07:00
|
|
|
EOF
|
|
|
|
|
|
|
|
|
|
cat << EOF | sudo tee /etc/wgetrc
|
|
|
|
|
use_proxy=yes
|
|
|
|
|
http_proxy=http://127.0.0.1:${CAIDO_PORT}
|
|
|
|
|
https_proxy=http://127.0.0.1:${CAIDO_PORT}
|
|
|
|
|
EOF
|
|
|
|
|
|
|
|
|
|
echo "source /etc/profile.d/proxy.sh" >> ~/.bashrc
|
|
|
|
|
echo "source /etc/profile.d/proxy.sh" >> ~/.zshrc
|
|
|
|
|
|
|
|
|
|
source /etc/profile.d/proxy.sh
|
|
|
|
|
|
|
|
|
|
echo "✅ System-wide proxy configuration complete"
|
|
|
|
|
|
|
|
|
|
echo "Adding CA to browser trust store..."
|
|
|
|
|
sudo -u pentester mkdir -p /home/pentester/.pki/nssdb
|
|
|
|
|
sudo -u pentester certutil -N -d sql:/home/pentester/.pki/nssdb --empty-password
|
|
|
|
|
sudo -u pentester certutil -A -n "Testing Root CA" -t "C,," -i /app/certs/ca.crt -d sql:/home/pentester/.pki/nssdb
|
|
|
|
|
echo "✅ CA added to browser trust store"
|
|
|
|
|
|
2026-05-25 21:28:36 -07:00
|
|
|
mkdir -p /workspace/.agent-browser-screenshots
|
|
|
|
|
|
2026-01-16 03:40:09 -08:00
|
|
|
echo "✅ Container ready"
|
2025-08-08 20:36:44 -07:00
|
|
|
|
2026-01-16 03:40:09 -08:00
|
|
|
cd /workspace
|
2025-08-08 20:36:44 -07:00
|
|
|
exec "$@"
|