c88b2bbb99
AGENT_BROWSER_ARGS parser splits on commas, so any flag value containing one (--disable-features=A,B, --window-size=1920,1080, --lang=en-US,en) shredded into garbage positionals and Chromium rejected the launch with "Multiple targets are not supported in headless mode". Reduce to a comma-separated list of comma-free flags that keeps the AutomationControlled anti-detection bit. Default screenshot path now resolves inside the workspace root so view_image accepts it; entrypoint pre-creates the dir at runtime (the build-time mkdir is shadowed by the /workspace mount). Skill examples updated to favor the no-arg form, plus brief fallback guidance when view_image is unavailable on text-only models and a viewport-resize note for sites that gate on real desktop dims. Also drop the stale STRIX_DISABLE_BROWSER doc entry — no code reference exists.
99 lines
2.9 KiB
Bash
99 lines
2.9 KiB
Bash
#!/bin/bash
|
|
set -e
|
|
|
|
CAIDO_PORT=48080
|
|
CAIDO_LOG="/tmp/caido_startup.log"
|
|
|
|
if [ ! -f /app/certs/ca.p12 ]; then
|
|
echo "ERROR: CA certificate file /app/certs/ca.p12 not found."
|
|
exit 1
|
|
fi
|
|
|
|
caido-cli --listen 0.0.0.0:${CAIDO_PORT} \
|
|
--allow-guests \
|
|
--no-logging \
|
|
--no-open \
|
|
--import-ca-cert /app/certs/ca.p12 \
|
|
--import-ca-cert-pass "" > "$CAIDO_LOG" 2>&1 &
|
|
|
|
CAIDO_PID=$!
|
|
echo "Started Caido with PID $CAIDO_PID on port $CAIDO_PORT"
|
|
|
|
echo "Waiting for Caido API to be ready..."
|
|
CAIDO_READY=false
|
|
for i in {1..30}; do
|
|
if ! kill -0 $CAIDO_PID 2>/dev/null; then
|
|
echo "ERROR: Caido process died while waiting for API (iteration $i)."
|
|
echo "=== Caido log ==="
|
|
cat "$CAIDO_LOG" 2>/dev/null || echo "(no log available)"
|
|
exit 1
|
|
fi
|
|
|
|
if curl -s -o /dev/null -w "%{http_code}" http://localhost:${CAIDO_PORT}/graphql/ | grep -qE "^(200|400)$"; then
|
|
echo "Caido API is ready (attempt $i)."
|
|
CAIDO_READY=true
|
|
break
|
|
fi
|
|
sleep 1
|
|
done
|
|
|
|
if [ "$CAIDO_READY" = false ]; then
|
|
echo "ERROR: Caido API did not become ready within 30 seconds."
|
|
echo "Caido process status: $(kill -0 $CAIDO_PID 2>&1 && echo 'running' || echo 'dead')"
|
|
echo "=== Caido log ==="
|
|
cat "$CAIDO_LOG" 2>/dev/null || echo "(no log available)"
|
|
exit 1
|
|
fi
|
|
|
|
sleep 2
|
|
|
|
echo "Caido is up — host bootstraps the guest token + project via the Python SDK."
|
|
|
|
echo "Configuring system-wide proxy settings..."
|
|
|
|
cat << EOF | sudo tee /etc/profile.d/proxy.sh
|
|
export http_proxy=http://127.0.0.1:${CAIDO_PORT}
|
|
export https_proxy=http://127.0.0.1:${CAIDO_PORT}
|
|
export HTTP_PROXY=http://127.0.0.1:${CAIDO_PORT}
|
|
export HTTPS_PROXY=http://127.0.0.1:${CAIDO_PORT}
|
|
export ALL_PROXY=http://127.0.0.1:${CAIDO_PORT}
|
|
export NO_PROXY=localhost,127.0.0.1
|
|
export REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
|
|
export SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
|
|
EOF
|
|
|
|
cat << EOF | sudo tee /etc/environment
|
|
http_proxy=http://127.0.0.1:${CAIDO_PORT}
|
|
https_proxy=http://127.0.0.1:${CAIDO_PORT}
|
|
HTTP_PROXY=http://127.0.0.1:${CAIDO_PORT}
|
|
HTTPS_PROXY=http://127.0.0.1:${CAIDO_PORT}
|
|
ALL_PROXY=http://127.0.0.1:${CAIDO_PORT}
|
|
NO_PROXY=localhost,127.0.0.1
|
|
EOF
|
|
|
|
cat << EOF | sudo tee /etc/wgetrc
|
|
use_proxy=yes
|
|
http_proxy=http://127.0.0.1:${CAIDO_PORT}
|
|
https_proxy=http://127.0.0.1:${CAIDO_PORT}
|
|
EOF
|
|
|
|
echo "source /etc/profile.d/proxy.sh" >> ~/.bashrc
|
|
echo "source /etc/profile.d/proxy.sh" >> ~/.zshrc
|
|
|
|
source /etc/profile.d/proxy.sh
|
|
|
|
echo "✅ System-wide proxy configuration complete"
|
|
|
|
echo "Adding CA to browser trust store..."
|
|
sudo -u pentester mkdir -p /home/pentester/.pki/nssdb
|
|
sudo -u pentester certutil -N -d sql:/home/pentester/.pki/nssdb --empty-password
|
|
sudo -u pentester certutil -A -n "Testing Root CA" -t "C,," -i /app/certs/ca.crt -d sql:/home/pentester/.pki/nssdb
|
|
echo "✅ CA added to browser trust store"
|
|
|
|
mkdir -p /workspace/.agent-browser-screenshots
|
|
|
|
echo "✅ Container ready"
|
|
|
|
cd /workspace
|
|
exec "$@"
|