Skip to content

Commit

Permalink
Merge pull request #6 from fkie-cad/bugfixes
Browse files Browse the repository at this point in the history 
Bugfixes
  • Loading branch information
@euwint
euwint authored Jan 17, 2024
2 parents 24bbdf3 + fd004e2 commit 9312dd1
Show file tree
Hide file tree
Showing 14 changed files with 175 additions and 139 deletions.
1 change: 0 additions & 1 deletion honeypots/dhcp_server.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -139,7 +139,6 @@ def datagramReceived(self, data, addr):
"data": data,
}
)
self.transport.loseConnection()

reactor.listenUDP(
port=self.port, protocol=CustomDatagramProtocolProtocol(), interface=self.ip
Expand Down
53 changes: 31 additions & 22 deletions honeypots/dns_server.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@
// -------------------------------------------------------------
"""

from __future__ import annotations

from twisted.names import dns, error, client
from twisted.names.server import DNSServerFactory
from twisted.internet import defer, reactor
Expand Down Expand Up @@ -56,7 +58,7 @@ def __init__(self, **kwargs):
def dns_server_main(self):
_q_s = self

class CustomCilentResolver(client.Resolver):
class CustomClientResolver(client.Resolver):
def queryUDP(self, queries, timeout=2):
res = client.Resolver.queryUDP(self, queries, timeout)

Expand All @@ -68,36 +70,43 @@ def queryFailed(reason):

class CustomDNSServerFactory(DNSServerFactory):
def gotResolverResponse(self, response, protocol, message, address):
args = (self, response, protocol, message, address)
if address is None:
src_ip, src_port = "None", "None"
else:
src_ip, src_port = address
for items in response:
for item in items:
_q_s.logs.info(
{
"server": "dns_server",
"action": "query",
"src_ip": src_ip,
"src_port": src_port,
"dest_ip": _q_s.ip,
"dest_port": _q_s.port,
"data": item.payload,
}
)
return super().gotResolverResponse(response, protocol, message, address)

class CustomDnsUdpProtocol(dns.DNSDatagramProtocol):
def datagramReceived(self, data: bytes, addr: tuple[str, int]):
_q_s.logs.info(
{
"server": "dns_server",
"action": "connection",
"src_ip": address[0],
"src_port": address[1],
"src_ip": addr[0],
"src_port": addr[1],
"dest_ip": _q_s.ip,
"dest_port": _q_s.port,
"data": data.decode(errors="replace"),
}
)
with suppress(Exception):
for items in response:
for item in items:
_q_s.logs.info(
{
"server": "dns_server",
"action": "query",
"src_ip": address[0],
"src_port": address[1],
"dest_ip": _q_s.ip,
"dest_port": _q_s.port,
"data": item.payload,
}
)
return DNSServerFactory.gotResolverResponse(*args)

self.resolver = CustomCilentResolver(servers=self.resolver_addresses)
super().datagramReceived(data, addr)

self.resolver = CustomClientResolver(servers=self.resolver_addresses)
self.factory = CustomDNSServerFactory(clients=[self.resolver])
self.protocol = dns.DNSDatagramProtocol(controller=self.factory)
self.protocol = CustomDnsUdpProtocol(controller=self.factory)
reactor.listenUDP(self.port, self.protocol, interface=self.ip)
reactor.listenTCP(self.port, self.factory, interface=self.ip)
reactor.run()
Expand Down
17 changes: 9 additions & 8 deletions honeypots/helper.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,13 +43,14 @@ def is_privileged():


def set_up_error_logging():
_logger = logging.getLogger("simple_example")
_logger.setLevel(logging.INFO)
handler = logging.StreamHandler(sys.stdout)
handler.setLevel(logging.INFO)
formatter = logging.Formatter("[%(levelname)s] %(message)s")
handler.setFormatter(formatter)
_logger.addHandler(handler)
_logger = logging.getLogger("honeypots.error")
if not _logger.handlers:
_logger.setLevel(logging.INFO)
handler = logging.StreamHandler(sys.stdout)
handler.setLevel(logging.INFO)
formatter = logging.Formatter("[%(levelname)s] %(message)s")
handler.setFormatter(formatter)
_logger.addHandler(handler)
return _logger


Expand All @@ -58,7 +59,7 @@ def set_local_vars(self, config):
if config:
with open(config) as f:
config_data = load(f)
honeypots = config_data["honeypots"]
honeypots = config_data.get("honeypots", [])
honeypot = self.__class__.__name__[1:-6].lower()
if honeypot and honeypot in honeypots:
for attr, value in honeypots[honeypot].items():
Expand Down
5 changes: 4 additions & 1 deletion honeypots/http_server.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -245,7 +245,10 @@ def check_bytes(string):
headers=self.headers,
environ={
"REQUEST_METHOD": "POST",
"CONTENT_TYPE": self.headers[b"content-type"],
"CONTENT_TYPE": self.headers.get(
b"content-type",
b"application/x-www-form-urlencoded",
),
},
)
if "username" in form and "password" in form:
Expand Down
5 changes: 4 additions & 1 deletion honeypots/https_server.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -265,7 +265,10 @@ def check_bytes(string):
headers=self.headers,
environ={
"REQUEST_METHOD": "POST",
"CONTENT_TYPE": self.headers[b"content-type"],
"CONTENT_TYPE": self.headers.get(
b"content-type",
b"application/x-www-form-urlencoded",
),
},
)
if "username" in form and "password" in form:
Expand Down
78 changes: 40 additions & 38 deletions honeypots/irc_server.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@
get_free_port,
kill_server_wrapper,
server_arguments,
set_up_error_logging,
setup_logger,
set_local_vars,
check_if_server_is_running,
Expand All @@ -29,10 +30,12 @@


class QIRCServer:
NAME = "irc_server"

def __init__(self, **kwargs):
self.auto_disabled = None
self.process = None
self.uuid = "honeypotslogger" + "_" + __class__.__name__ + "_" + str(uuid4())[:8]
self.uuid = f"honeypotslogger_{__class__.__name__}_{str(uuid4())[:8]}"
self.config = kwargs.get("config", "")
if self.config:
self.logs = setup_logger(__class__.__name__, self.uuid, self.config)
Expand All @@ -57,6 +60,7 @@ def __init__(self, **kwargs):
or getenv("HONEYPOTS_OPTIONS", "")
or ""
)
self.logger = set_up_error_logging()

def irc_server_main(self):
_q_s = self
Expand All @@ -65,7 +69,7 @@ class CustomIRCProtocol(service.IRCUser):
def connectionMade(self):
_q_s.logs.info(
{
"server": "irc_server",
"server": _q_s.NAME,
"action": "connection",
"src_ip": self.transport.getPeer().host,
"src_port": self.transport.getPeer().port,
Expand All @@ -75,45 +79,36 @@ def connectionMade(self):
)

def handleCommand(self, command, prefix, params):
def check_bytes(string):
if isinstance(string, bytes):
return string.decode()
else:
return str(string)

with suppress(Exception):
if "capture_commands" in _q_s.options:
_q_s.logs.info(
{
"server": "irc_server",
"action": "command",
"data": {
"command": check_bytes(command),
"prefix": check_bytes(prefix),
"params": check_bytes(params),
},
"src_ip": self.transport.getPeer().host,
"src_port": self.transport.getPeer().port,
"dest_ip": _q_s.ip,
"dest_port": _q_s.port,
}
)
if "capture_commands" in _q_s.options:
_q_s.logs.info(
{
"server": _q_s.NAME,
"action": "command",
"data": {
"command": check_bytes(command),
"prefix": check_bytes(prefix),
"params": check_bytes(params),
},
"src_ip": self.transport.getPeer().host,
"src_port": self.transport.getPeer().port,
"dest_ip": _q_s.ip,
"dest_port": _q_s.port,
}
)
service.IRCUser.handleCommand(self, command, prefix, params)

def dataReceived(self, data):
# _q_s.logs.info({'server': 'irc_server', 'action': 'command', 'data': check_bytes(data), 'src_ip': self.transport.getPeer().host, 'src_port': self.transport.getPeer().port, 'dest_ip': _q_s.ip, 'dest_port': _q_s.port})
service.IRCUser.dataReceived(self, data)
def dataReceived(self, data: bytes):
try:
service.IRCUser.dataReceived(self, data)
except UnicodeDecodeError:
_q_s.logger.debug(
f"[{_q_s.NAME}]: Could not decode data as utf-8: {data.hex(' ')}"
)

def irc_unknown(self, prefix, command, params):
pass

def irc_NICK(self, prefix, params):
def check_bytes(string):
if isinstance(string, bytes):
return string.decode()
else:
return str(string)

status = False
username = check_bytes("".join(params))
password = check_bytes(self.password)
Expand All @@ -122,7 +117,7 @@ def check_bytes(string):
status = True
_q_s.logs.info(
{
"server": "irc_server",
"server": _q_s.NAME,
"action": "login",
"status": status,
"src_ip": self.transport.getPeer().host,
Expand Down Expand Up @@ -174,7 +169,7 @@ def run_server(self, process=False, auto=False):

self.logs.info(
{
"server": "irc_server",
"server": self.NAME,
"action": "process",
"status": status,
"src_ip": self.ip,
Expand All @@ -193,11 +188,11 @@ def run_server(self, process=False, auto=False):
self.irc_server_main()

def close_port(self):
ret = close_port_wrapper("irc_server", self.ip, self.port, self.logs)
ret = close_port_wrapper(self.NAME, self.ip, self.port, self.logs)
return ret

def kill_server(self):
ret = kill_server_wrapper("irc_server", self.uuid, self.process)
ret = kill_server_wrapper(self.NAME, self.uuid, self.process)
return ret

def test_server(self, ip=None, port=None, username=None, password=None):
Expand All @@ -218,6 +213,13 @@ def test_server(self, ip=None, port=None, username=None, password=None):
c.close()


def check_bytes(string):
if isinstance(string, bytes):
return string.decode(errors="replace")
else:
return str(string)


if __name__ == "__main__":
parsed = server_arguments()
if parsed.docker or parsed.aws or parsed.custom:
Expand Down
4 changes: 2 additions & 2 deletions honeypots/pjl_server.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@ class Custompjlrotocol(Protocol):

def check_bytes(self, string):
if isinstance(string, bytes):
return string.decode()
return string.decode(errors="replace")
else:
return str(string)

Expand Down Expand Up @@ -109,7 +109,7 @@ def dataReceived(self, data):
self.transport.write(prodinfo.encode("utf-8") + b"\x1b")
_q_s.logs.info(
{
"server": "ntp_server",
"server": "pjl_server",
"action": "query",
"status": "success",
"src_ip": self.transport.getPeer().host,
Expand Down
2 changes: 1 addition & 1 deletion honeypots/redis_server.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -138,7 +138,7 @@ def dataReceived(self, data):
self.parse_data(c, data)
self.transport.write(b"-ERR invalid password\r\n")
else:
self.transport.write(b'-ERR unknown command "{}"\r\n'.format(command))
self.transport.write(f'-ERR unknown command "{command}"\r\n'.encode())
self.transport.loseConnection()

factory = Factory()
Expand Down
28 changes: 13 additions & 15 deletions honeypots/smtp_server.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,17 +62,10 @@ def smtp_server_main(self):
_q_s = self

class CustomSMTPChannel(SMTPChannel):
def check_bytes(self, string):
if isinstance(string, bytes):
return string.decode()
else:
return str(string)

def found_terminator(self):
with suppress(Exception):
if "capture_commands" in _q_s.options:
line = self._emptystring.join(self.received_lines).decode()
command = None
arg = None
data = None
if line.find(" ") < 0:
Expand Down Expand Up @@ -122,14 +115,12 @@ def smtp_AUTH(self, arg):
with suppress(Exception):
if arg.startswith("PLAIN "):
_, username, password = (
b64decode(arg.split(" ")[1].strip()).decode("utf-8").split("\0")
b64decode(arg.split(" ")[1].strip())
.decode("utf-8", errors="replace")
.split("\0")
)
username = self.check_bytes(username)
password = self.check_bytes(password)
status = "failed"
if username == _q_s.username and password == _q_s.password:
username = _q_s.username
password = _q_s.password
status = "success"
_q_s.logs.info(
{
Expand All @@ -151,16 +142,23 @@ def __getattr__(self, name):
self.smtp_QUIT(0)

class CustomSMTPServer(SMTPServer):
def __init__(self, localaddr, remoteaddr):
SMTPServer.__init__(self, localaddr, remoteaddr)

def process_message(
self, peer, mailfrom, rcpttos, data, mail_options=None, rcpt_options=None
):
return

def handle_accept(self):
conn, addr = self.accept()
_q_s.logs.info(
{
"server": "smtp_server",
"action": "connection",
"src_ip": addr[0],
"src_port": addr[1],
"dest_ip": _q_s.ip,
"dest_port": _q_s.port,
}
)
CustomSMTPChannel(self, conn, addr)

CustomSMTPServer((self.ip, self.port), None)
Expand Down
Loading

0 comments on commit 9312dd1

Please sign in to comment.