From 39a23b007537efce10ea6334a91bee5eb179159a Mon Sep 17 00:00:00 2001 From: Mario Date: Sun, 3 Jul 2022 12:39:27 +0200 Subject: [PATCH] Improve initial TCP honeypot structure --- configurations/beelzebub.yaml | 4 +- configurations/services/tcp-3306.yaml | 5 +- parser/configurationsParser.go | 1 + .../transmissionControlProtocolStrategy.go | 49 +++++++++++++++++++ 4 files changed, 54 insertions(+), 5 deletions(-) create mode 100644 protocols/transmissionControlProtocolStrategy.go diff --git a/configurations/beelzebub.yaml b/configurations/beelzebub.yaml index 6d8597a..5b2fe43 100644 --- a/configurations/beelzebub.yaml +++ b/configurations/beelzebub.yaml @@ -5,5 +5,5 @@ core: logDisableTimestamp: true logsPath: ./logs tracing: - rabbitMQEnabled: true - rabbitMQURI: "amqp://beelzebub:b33lz3b4b@localhost:8888/" + rabbitMQEnabled: false + rabbitMQURI: "" diff --git a/configurations/services/tcp-3306.yaml b/configurations/services/tcp-3306.yaml index d15ce20..3e66c4b 100644 --- a/configurations/services/tcp-3306.yaml +++ b/configurations/services/tcp-3306.yaml @@ -2,6 +2,5 @@ apiVersion: "v1" protocol: "tcp" address: ":3306" description: "Mysql" -commands: - - regex: "hello" - handler: "WORLD" \ No newline at end of file +banner: "mysql 4.0" +deadlineTimeoutSeconds: 60 \ No newline at end of file diff --git a/parser/configurationsParser.go b/parser/configurationsParser.go index 8b5e837..11d375f 100644 --- a/parser/configurationsParser.go +++ b/parser/configurationsParser.go @@ -38,6 +38,7 @@ type BeelzebubServiceConfiguration struct { DeadlineTimeoutSeconds int `yaml:"deadlineTimeoutSeconds"` PasswordRegex string `yaml:"passwordRegex"` Description string `yaml:"description"` + Banner string `yaml:"banner"` } type Command struct { diff --git a/protocols/transmissionControlProtocolStrategy.go b/protocols/transmissionControlProtocolStrategy.go new file mode 100644 index 0000000..0950f48 --- /dev/null +++ b/protocols/transmissionControlProtocolStrategy.go @@ -0,0 +1,49 @@ +package protocols + +import ( + "beelzebub/parser" + "beelzebub/tracer" + log "github.com/sirupsen/logrus" + "net" + "time" +) + +type TransmissionControlProtocolStrategy struct { +} + +func (TCPStrategy *TransmissionControlProtocolStrategy) Init(beelzebubServiceConfiguration parser.BeelzebubServiceConfiguration, tr tracer.Tracer) error { + listen, err := net.Listen("TCP", beelzebubServiceConfiguration.Address) + if err != nil { + log.Errorf("Error during init TCP Protocol: %s", err.Error()) + return err + } + defer listen.Close() + + go func() { + for { + if conn, err := listen.Accept(); err == nil { + conn.SetDeadline(time.Now().Add(time.Duration(beelzebubServiceConfiguration.DeadlineTimeoutSeconds) * time.Second)) + go handleIncomingRequest(conn) + } + } + }() + + log.WithFields(log.Fields{ + "port": beelzebubServiceConfiguration.Address, + "banner": beelzebubServiceConfiguration.Banner, + }).Infof("Init service %s", beelzebubServiceConfiguration.Protocol) + return nil +} + +func handleIncomingRequest(conn net.Conn) { + buffer := make([]byte, 1024) + _, err := conn.Read(buffer) + if err != nil { + log.Fatal(err) + } + // respond + conn.Write([]byte("Hi back!\n")) + + // close conn + conn.Close() +}