From 34be745b5f0a1f6ea57e227ebd4cee208a1a841c Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Tue, 11 Apr 2023 06:47:34 +0200 Subject: [PATCH 1/6] Initial testing with new virtual desktop --- helm/wrongsecrets-ctf-party/values.yaml | 2 +- wrongsecrets-balancer/src/proxy/proxy.js | 21 +++++++++++++++++---- 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/helm/wrongsecrets-ctf-party/values.yaml b/helm/wrongsecrets-ctf-party/values.yaml index e207bcf0c..f35bf1eb1 100644 --- a/helm/wrongsecrets-ctf-party/values.yaml +++ b/helm/wrongsecrets-ctf-party/values.yaml @@ -200,7 +200,7 @@ virtualdesktop: maxInstances: 500 # -- Juice Shop Image to use image: jeroenwillemsen/wrongsecrets-desktop-k8s - tag: 1.6.0 + tag: up3 repository: commjoenie/wrongSecrets resources: request: diff --git a/wrongsecrets-balancer/src/proxy/proxy.js b/wrongsecrets-balancer/src/proxy/proxy.js index 55fb9bf46..362466f87 100644 --- a/wrongsecrets-balancer/src/proxy/proxy.js +++ b/wrongsecrets-balancer/src/proxy/proxy.js @@ -128,7 +128,13 @@ function proxyTrafficToJuiceShop(req, res) { req.path === '/files/socket.io/socket.io.js' || req.path === '/js/vendor/jquery.min.js' || req.path === '/files/socket.io/' || - req.path === '/files/socket.io/socket.io.js.map' + req.path === '/files/socket.io/socket.io.js.map' || + req.path === '/public/css/filebrowser.css' || + req.path === '/public/js/filebrowser.js' || + req.path === '/public/js/jquery.min.js' || + req.path === '/vnc/vendor/interact.min.js.map' || + req.path.includes('vnc') || + req.path.includes('audio/socket.io') ) { target = { target: `http://${teamname}-virtualdesktop.${teamname}.svc:8080`, @@ -140,11 +146,18 @@ function proxyTrafficToJuiceShop(req, res) { ws: true, }; } - logger.info(`we got ${teamname} requesting ${target.target}`); + logger.info(`we got ${teamname} requesting ${target.target} for ${req.path}`); - if (req.path === '/guaclite') { + if ( + req.path === '/guaclite' || + req.path === '/websockify' || + req.path === '/audio/socket.io/' || + req.path === '/files/socket.io/' + ) { let server = res.socket.server; - logger.info('putting ws through for /quaclite'); + logger.info( + 'putting ws through for /quaclite or /websockify or /audio/socket.io/ or /files/socket.io/' + ); server.on('upgrade', function (req, socket, head) { cookieParser(get('cookieParser.secret'))(req, null, () => {}); From 7b44ed9f27ab8aec3a57dc55630793a35acc152e Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Wed, 12 Apr 2023 09:53:12 +0200 Subject: [PATCH 2/6] messy still not working proxy --- wrongsecrets-balancer/src/kubernetes.js | 8 ++++++-- wrongsecrets-balancer/src/proxy/proxy.js | 16 +++++++++------- 2 files changed, 15 insertions(+), 9 deletions(-) diff --git a/wrongsecrets-balancer/src/kubernetes.js b/wrongsecrets-balancer/src/kubernetes.js index 2471fc13b..5fd7d5cdb 100644 --- a/wrongsecrets-balancer/src/kubernetes.js +++ b/wrongsecrets-balancer/src/kubernetes.js @@ -1106,6 +1106,10 @@ const createDesktopDeploymentForTeam = async ({ team, passcodeHash }) => { name: 'PUID', value: '1000', }, + { + name: 'TITLE', + value: 'WrongSecrets CTF Desktop', + }, { name: 'PGID', value: '1000', @@ -1191,7 +1195,7 @@ const createServiceForTeam = async (teamname) => }, ports: [ { - port: 8080, + port: 3000 }, ], }, @@ -1221,7 +1225,7 @@ const createDesktopServiceForTeam = async (teamname) => }, ports: [ { - port: 8080, + port: 3000, targetPort: 3000, }, ], diff --git a/wrongsecrets-balancer/src/proxy/proxy.js b/wrongsecrets-balancer/src/proxy/proxy.js index 362466f87..eb4a1c0eb 100644 --- a/wrongsecrets-balancer/src/proxy/proxy.js +++ b/wrongsecrets-balancer/src/proxy/proxy.js @@ -132,12 +132,14 @@ function proxyTrafficToJuiceShop(req, res) { req.path === '/public/css/filebrowser.css' || req.path === '/public/js/filebrowser.js' || req.path === '/public/js/jquery.min.js' || + req.path === '/public/css/kclient.css' || req.path === '/vnc/vendor/interact.min.js.map' || - req.path.includes('vnc') || - req.path.includes('audio/socket.io') + req.path === '/audio/socket.io/socket.io.js' || + req.path === '/files/socket.io/socket.io.js' || + req.path.includes('vnc') ) { target = { - target: `http://${teamname}-virtualdesktop.${teamname}.svc:8080`, + target: `http://${teamname}-virtualdesktop.${teamname}.svc:3000`, ws: true, }; } else { @@ -156,7 +158,7 @@ function proxyTrafficToJuiceShop(req, res) { ) { let server = res.socket.server; logger.info( - 'putting ws through for /quaclite or /websockify or /audio/socket.io/ or /files/socket.io/' + `putting ws through for ${req.path}` ); server.on('upgrade', function (req, socket, head) { cookieParser(get('cookieParser.secret'))(req, null, () => {}); @@ -172,7 +174,7 @@ function proxyTrafficToJuiceShop(req, res) { } logger.info(`proxying upgrade request for: ${req.url} with team ${upgradeTeamname}`); proxy.ws(req, socket, head, { - target: `ws://${upgradeTeamname}-virtualdesktop.${upgradeTeamname}.svc:8080`, + target: `ws://${upgradeTeamname}-virtualdesktop.${upgradeTeamname}.svc:3000`, ws: true, }); }); @@ -183,9 +185,9 @@ function proxyTrafficToJuiceShop(req, res) { logger.info(`Got malformed teamname: ${teamname}s`); return res.redirect('/balancer/'); } - logger.info(`proxying upgrade request for: ${req.url} with team ${connectTeamname}`); + logger.info(`proxying connect request for: ${req.url} with team ${connectTeamname}`); proxy.ws(req, socket, head, { - target: `ws://${connectTeamname}-virtualdesktop.${connectTeamname}.svc:8080`, + target: `ws://${connectTeamname}-virtualdesktop.${connectTeamname}.svc:3000`, ws: true, }); }); From ae74a51daa3422bb6a2ea4c7035a2b99f121a754 Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Wed, 3 May 2023 14:34:45 +0200 Subject: [PATCH 3/6] lint fixes --- wrongsecrets-balancer/src/kubernetes.js | 2 +- wrongsecrets-balancer/src/proxy/proxy.js | 4 +--- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/wrongsecrets-balancer/src/kubernetes.js b/wrongsecrets-balancer/src/kubernetes.js index edae244df..108daa7fc 100644 --- a/wrongsecrets-balancer/src/kubernetes.js +++ b/wrongsecrets-balancer/src/kubernetes.js @@ -1195,7 +1195,7 @@ const createServiceForTeam = async (teamname) => }, ports: [ { - port: 3000 + port: 3000, }, ], }, diff --git a/wrongsecrets-balancer/src/proxy/proxy.js b/wrongsecrets-balancer/src/proxy/proxy.js index eb4a1c0eb..ec3aec41f 100644 --- a/wrongsecrets-balancer/src/proxy/proxy.js +++ b/wrongsecrets-balancer/src/proxy/proxy.js @@ -157,9 +157,7 @@ function proxyTrafficToJuiceShop(req, res) { req.path === '/files/socket.io/' ) { let server = res.socket.server; - logger.info( - `putting ws through for ${req.path}` - ); + logger.info(`putting ws through for ${req.path}`); server.on('upgrade', function (req, socket, head) { cookieParser(get('cookieParser.secret'))(req, null, () => {}); From 7737995f5705dbe46e1ca3e240f9894d22b7a195 Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Wed, 3 May 2023 14:47:06 +0200 Subject: [PATCH 4/6] change of ports --- wrongsecrets-balancer/src/kubernetes.js | 4 ++-- wrongsecrets-balancer/src/proxy/proxy.js | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/wrongsecrets-balancer/src/kubernetes.js b/wrongsecrets-balancer/src/kubernetes.js index 108daa7fc..5a4a3ecc8 100644 --- a/wrongsecrets-balancer/src/kubernetes.js +++ b/wrongsecrets-balancer/src/kubernetes.js @@ -1195,7 +1195,7 @@ const createServiceForTeam = async (teamname) => }, ports: [ { - port: 3000, + port: 8080, }, ], }, @@ -1225,7 +1225,7 @@ const createDesktopServiceForTeam = async (teamname) => }, ports: [ { - port: 3000, + port: 8080, targetPort: 3000, }, ], diff --git a/wrongsecrets-balancer/src/proxy/proxy.js b/wrongsecrets-balancer/src/proxy/proxy.js index ec3aec41f..d3fd7fe85 100644 --- a/wrongsecrets-balancer/src/proxy/proxy.js +++ b/wrongsecrets-balancer/src/proxy/proxy.js @@ -139,7 +139,7 @@ function proxyTrafficToJuiceShop(req, res) { req.path.includes('vnc') ) { target = { - target: `http://${teamname}-virtualdesktop.${teamname}.svc:3000`, + target: `http://${teamname}-virtualdesktop.${teamname}.svc:8080`, ws: true, }; } else { @@ -172,7 +172,7 @@ function proxyTrafficToJuiceShop(req, res) { } logger.info(`proxying upgrade request for: ${req.url} with team ${upgradeTeamname}`); proxy.ws(req, socket, head, { - target: `ws://${upgradeTeamname}-virtualdesktop.${upgradeTeamname}.svc:3000`, + target: `ws://${upgradeTeamname}-virtualdesktop.${upgradeTeamname}.svc:8080`, ws: true, }); }); @@ -185,7 +185,7 @@ function proxyTrafficToJuiceShop(req, res) { } logger.info(`proxying connect request for: ${req.url} with team ${connectTeamname}`); proxy.ws(req, socket, head, { - target: `ws://${connectTeamname}-virtualdesktop.${connectTeamname}.svc:3000`, + target: `ws://${connectTeamname}-virtualdesktop.${connectTeamname}.svc:8080`, ws: true, }); }); From 5f141f7c8832e708a674ae5fa4f76f939e2c524f Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Wed, 3 May 2023 15:56:24 +0200 Subject: [PATCH 5/6] stuck for now --- build-an-deploy.sh | 2 +- wrongsecrets-balancer/src/proxy/proxy.js | 37 ++++++++++++++---------- 2 files changed, 22 insertions(+), 17 deletions(-) diff --git a/build-an-deploy.sh b/build-an-deploy.sh index 1b468e227..4cff36de0 100755 --- a/build-an-deploy.sh +++ b/build-an-deploy.sh @@ -19,7 +19,7 @@ WEBTOP_TAG=$(cat helm/wrongsecrets-ctf-party/values.yaml| yq '.virtualdesktop.ta echo "Pulling in required images to actually run $WRONGSECRETS_IMAGE:$WRONGSECRETS_TAG & $WEBTOP_IMAGE:$WEBTOP_TAG." echo "If you see an authentication failure: pull them manually by the following 2 commands" echo "'docker pull $WRONGSECRETS_IMAGE:$WRONGSECRETS_TAG'" -echo "'docker pull $WEBTOP_IMAGE:$WEBTOP_TAG'" & +echo "'docker pull $WEBTOP_IMAGE:$WEBTOP_TAG'" docker pull $WRONGSECRETS_IMAGE:$WRONGSECRETS_TAG & docker pull $WEBTOP_IMAGE:$WEBTOP_TAG & docker build -t local/wrongsecrets-balancer:$version ./wrongsecrets-balancer & diff --git a/wrongsecrets-balancer/src/proxy/proxy.js b/wrongsecrets-balancer/src/proxy/proxy.js index d3fd7fe85..3496b75f4 100644 --- a/wrongsecrets-balancer/src/proxy/proxy.js +++ b/wrongsecrets-balancer/src/proxy/proxy.js @@ -123,20 +123,25 @@ function proxyTrafficToJuiceShop(req, res) { req.headers['referer'].includes(currentReferrerForDesktop)) || (req.headers['Referer'] !== undefined && req.headers['Referer'].includes(currentReferrerForDesktop)) || - req.path === '/js/filebrowser.js' || - req.path === '/css/filebrowser.css' || - req.path === '/files/socket.io/socket.io.js' || - req.path === '/js/vendor/jquery.min.js' || - req.path === '/files/socket.io/' || - req.path === '/files/socket.io/socket.io.js.map' || - req.path === '/public/css/filebrowser.css' || - req.path === '/public/js/filebrowser.js' || - req.path === '/public/js/jquery.min.js' || - req.path === '/public/css/kclient.css' || - req.path === '/vnc/vendor/interact.min.js.map' || - req.path === '/audio/socket.io/socket.io.js' || - req.path === '/files/socket.io/socket.io.js' || - req.path.includes('vnc') + req.path === '/css/filebrowser.css' || + req.path === '/audio/socket.io/socket.io.js' || + req.path === '/files/socket.io/socket.io.js' || + req.path === '/files/socket.io/socket.io.js.map' || + req.path === '/js/filebrowser.js' || + req.path === '/js/vendor/jquery.min.js' || + req.path === '/public/css/filebrowser.css' || + req.path === '/public/css/files.svg' || + req.path === '/public/css/kclient.css' || + req.path === '/public/css/speaker.svg' || + req.path === '/public/js/filebrowser.js' || + req.path === '/public/js/jquery.min.js' || + req.path === '/public/js/kclient.js' || + req.path === '/public/js/pcm-player.js' || + req.path === '/vnc/vendor/interact.min.js' || + req.path === '/vnc/vendor/interact.min.js.map' || + req.path === '/vnc/dist/runtime.bundle.js' || + req.path === '/vnc/dist/vendors~main.bundle.js' || + req.path.includes('vnc') ) { target = { target: `http://${teamname}-virtualdesktop.${teamname}.svc:8080`, @@ -153,11 +158,11 @@ function proxyTrafficToJuiceShop(req, res) { if ( req.path === '/guaclite' || req.path === '/websockify' || - req.path === '/audio/socket.io/' || - req.path === '/files/socket.io/' + !!req.query.EIO ) { let server = res.socket.server; logger.info(`putting ws through for ${req.path}`); + logger.info(`putting ws through for ${req.query}`); server.on('upgrade', function (req, socket, head) { cookieParser(get('cookieParser.secret'))(req, null, () => {}); From 674e0ccf727b9d9750ecf5f3a7a401cacba37d8c Mon Sep 17 00:00:00 2001 From: "pre-commit-ci-lite[bot]" <117423508+pre-commit-ci-lite[bot]@users.noreply.github.com> Date: Wed, 3 May 2023 13:57:13 +0000 Subject: [PATCH 6/6] [pre-commit.ci lite] apply automatic fixes --- wrongsecrets-balancer/src/proxy/proxy.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wrongsecrets-balancer/src/proxy/proxy.js b/wrongsecrets-balancer/src/proxy/proxy.js index 3496b75f4..bbdbc9016 100644 --- a/wrongsecrets-balancer/src/proxy/proxy.js +++ b/wrongsecrets-balancer/src/proxy/proxy.js @@ -124,7 +124,7 @@ function proxyTrafficToJuiceShop(req, res) { (req.headers['Referer'] !== undefined && req.headers['Referer'].includes(currentReferrerForDesktop)) || req.path === '/css/filebrowser.css' || - req.path === '/audio/socket.io/socket.io.js' || + req.path === '/audio/socket.io/socket.io.js' || req.path === '/files/socket.io/socket.io.js' || req.path === '/files/socket.io/socket.io.js.map' || req.path === '/js/filebrowser.js' ||