macosdockerburpproxies

Can't configure Docker to use Burp Suite proxy on Catalina

I'm trying to use Docker with a proxy server that has its own CA cert. I can't figure out how to configure the proxy for all containers running under my user without installing the certificate on each one. Any help with this would be much appreciated!

I'm using Docker Desktop Docker version 19.03.13, build 4484c46d9d, on OS X Catalina 10.15.4. Burp Suite proxies all the HTTP requests on my computer. I have the Burp Suite CA certificate installed in my OS X Login and System keychains. When I configure the proxy in my ~/.docker/config.json file, it points to the correct proxy but I get an error:

Errno::ECONNREFUSED: Failed to open TCP connection to 127.0.0.1:8080

When I install the Burp Suite certificate directly in the Docker container, I'm able to proxy requests with no additional config necessary (including environment variables or config.json changes). However, I run a lot of Docker containers, most of them standardised for multiple dev environments, and don't want to modify every Dockerfile when only my machine needs this.

This is the relevant part of my ~/.docker/config.json file:

{
  "proxies": {
    "default": {
      "httpProxy": "http://127.0.0.1:8080",
      "httpsProxy": "https://127.0.0.1:8080"
    }
  }
}

And this is my Dockerfile:

FROM ruby:2
RUN gem install ronin-support
COPY rails_rce.rb .

Finally, this is the total output when I run docker build .:

Sending build context to Docker daemon  11.26kB
Step 1/3 : FROM ruby:2
 ---> 343d2dc24f38
Step 2/3 : RUN gem install ronin-support
 ---> Running in 150bf40c6ad8
ERROR:  Could not find a valid gem 'ronin-support' (>= 0), here is why:
          Unable to download data from https://rubygems.org/ - Errno::ECONNREFUSED: Failed to open TCP connection to 127.0.0.1:8080 (Connection refused - connect(2) for "127.0.0.1" port 8080) (https://rubygems.org/specs.4.8.gz)
The command '/bin/sh -c gem install ronin-support' returned a non-zero code: 2

I'm new to creating my own Dockerfiles and config.

Solution

  • It's same thing when you need to connect from the container to the host on Mac.

    You should use host.docker.internal instead of localhost

    So the config will be

    {
  "proxies": {
    "default": {
      "httpProxy": "http://host.docker.internal:8080",
      "httpsProxy": "http://host.docker.internal:8080"
    }
  }
}

    Also, you need to add BurpSuite CA to your container.

    Firstly, convert it to PEM.

    openssl x509 -inform der -in cacert.der  -out burp_cert.crt

    Then add one to trusted CAs in the container with Dockerfile

    FROM ruby:2
COPY burp_cert.crt /usr/local/share/ca-certificates/burp.crt 
RUN update-ca-certificates
RUN gem install ronin-support
COPY rails_rce.rb