800+ IT
News
als RSS Feed abonnieren📚 Multi-Juicer - Run Capture The Flags And Security Trainings With OWASP Juice Shop
💡 Newskategorie: IT Security Nachrichten
🔗 Quelle: feedproxy.google.com
Running CTFs and Security Trainings with OWASP Juice Shop is usually quite tricky, Juice Shop just isn't intended to be used by multiple users at a time. Instructing everybody how to start Juice Shop on their own machine works ok, but takes away too much valuable time.
MultiJuicer gives you the ability to run separate Juice Shop instances for every participant on a central kubernetes cluster, to run events without the need for local Juice Shop instances.
Note: This project was called JuicyCTF until recently. This was changed to avoid confusions with the juice-shop-ctf project.
What it does:
- dynamically create new Juice Shop instances when needed
- runs on a single domain, comes with a LoadBalancer sending the traffic to the participants Juice Shop instance
- backup and auto apply challenge progress in case of Juice Shop container restarts
- cleanup old & unused instances automatically
Installation
MultiJuicer runs on kubernetes, to install it you'll need helm.
helm repo add multi-juicer https://iteratec.github.io/multi-juicer/
# for helm <= 2
helm install multi-juicer/multi-juicer --name multi-juicer
# for helm >= 3
helm install multi-juicer multi-juicer/multi-juicerInstallation Guides for specific Cloud Providers
Generally MultiJuicer runs on pretty much any kubernetes cluster, but to make it easier for anybody who is new to kubernetes we got some guides on how to setup a kubernetes cluster with MultiJuicer installed for some specific Cloud providers.
Customizing the Setup
You got some options on how to setup the stack, with some option to customize the JuiceShop instances to your own liking. You can find the default config values under: helm/multi-juicer/values.yaml
Download & Save the file and tell helm to use your config file over the default by running:
helm install -f values.yaml multi-juicer ./multi-juicer/helm/multi-juicer/Deinstallation
helm delete multi-juicerFAQ
How much compute resources will the cluster require?
To be on the safe side calculate with:
- 1GB memory & 1CPU overhead, for the balancer, redis & co
- 200MB & 0.2CPU * number of participants, for the individual JuiceShop Instances
How many users can MultiJuicer handle?
There is no real fixed limit. (Even thought you can configure one
When scaling up, also keep an eye on the redis instance. Make sure it is still able to handle the load.
Why a custom LoadBalancer?
There are some special requirements which we didn't find to be easily solved with any pre build load balancer:
- Restricting the number of users for a deployment to only the members of a certain team.
- The load balancers cookie must be save and not easy to spoof to access another instance.
- Handling starting of new instances.
Why a separate kubernetes deployment for every team?
There are some pretty good reasons for this:
- The ability delete the instances of a team separately. Scaling down safely, without removing instances of active teams, is really tricky with a scaled deployment. You can only choose the desired scale not which pods to keep and which to throw away.
- To ensure that pods are still properly associated with teams after a pod gets recreated. This is a non problem with separate deployment and really hard with scaled deployments.
- The ability to embed the team name in the deployment name. This seems like a stupid reason but make debugging SOOO much easier, with just using
kubectl.