Platform Proxy

GZCTF comes with built-in WebSocket-TCP forwarding functionality and corresponding traffic logging capability, which can be enabled through relevant configuration options.

Configuration

In appsettings.json, locate the ContainerProvider section and configure it as follows:

{
  "ContainerProvider": {
    "PortMappingType": "PlatformProxy",
    "EnableTrafficCapture": false
  }
}

Usage

After enabling the platform proxy, you can use the /api/proxy/{guid} endpoint of the platform to forward TCP over WebSocket traffic.

You can connect using any applications that support this function, or use the recommended client: WebSocketReflectorX (opens in a new tab) for local port forwarding and seamless interaction.

Notes

When using Docker as the backend and using the PlatformProxy port mapping configuration, in order to ensure smooth access to the challenge container in GZCTF, you need to manually create an additional network.

docker network create challenges -d bridge --subnet 192.168.133.0/24

Set the configuration item ChallengeNetwork to the corresponding network name, and bridge the external network in the docker-compose.yml file, for example:

version: "3.7"
services:
  gzctf:
    ...
    networks:
    - default
    - challenges
 
networks:
  challenges:
    external: true

Dynamic Flag Port Range Configuration