Wireguard mode with MITM with docker container doesn't work about mitmproxy HOT 8 CLOSED

Yes it's the same error @sujaldev

from mitmproxy.

WireGuard runs over UDP, so I guess that requires some special treatment: https://stackoverflow.com/questions/27596409/how-do-i-publish-a-udp-port-on-docker

In either case, this is very likely Docker idiosyncrasies and not a mitmproxy bug.

from mitmproxy.

Hey @mhils thanks for quick reference,

after change to
docker run --rm -it -v $(pwd):/workspace -p 51820:51820/udp -p 127.0.0.1:8081:8081 mitmproxy/mitmproxy mitmweb --web-host 0.0.0.0 --set block_global=false --set listen_host=0.0.0.0 --mode wireguard -s /workspace/response.py

then got this error in console output:

Failed to process a WireGuard handshake packet: InvalidAeadTag

I still guess it is something related to how wireguard server in mitm handling the udp is somehow not correct when running under docker

from mitmproxy.

Do try running it without your script, perhaps it is responsible for causing this issue.

from mitmproxy.

the script is working fine when running directly

from mitmproxy.

I see, but have you tried running without the script in the container?

from mitmproxy.

I believe it's the error with the private key validations

https://docs.rs/boringtun/latest/src/boringtun/noise/handshake.rs.html

from mitmproxy.

Try adding --set confdir=/root/.mitmproxy to the mitmweb command and add make your config persist by adding this to your docker command -v $(pwd)/.mitmproxy:/root/.mitmproxy/ (or use home if you prefer that), like so:

docker run --rm -it -v $(pwd):/workspace -v $(pwd)/.mitmproxy:/root/.mitmproxy/ -p 51820:51820/udp -p 127.0.0.1:8081:8081 mitmproxy/mitmproxy mitmweb --web-host 0.0.0.0 --set block_global=false --set listen_host=0.0.0.0 --mode wireguard -s /workspace/response.py --set confdir=/root/.mitmproxy

And then update your client with the new config.

from mitmproxy.