reverse activation logging for port mapping

2025-07-01 18:07:27 -04:00 · 2016-06-15 13:58:14 +04:00
parent 9ffeba80ec
commit 663ab926af
2 changed files with 20 additions and 14 deletions
--- a/cowrie/core/avatar.py
+++ b/cowrie/core/avatar.py
@ -32,7 +32,7 @@ class CowrieUser(avatar.ConchUser):

        self.channelLookup.update(
            {"session": session.HoneyPotSSHSession,
-             "direct-tcpip": forwarding.CowrieOpenConnectForwardingClient})
+             "direct-tcpip": forwarding.cowrieOpenConnectForwardingClient})

        try:
            pwentry = pwd.Passwd(self.cfg).getpwnam(self.username)
--- a/cowrie/ssh/forwarding.py
+++ b/cowrie/ssh/forwarding.py
@ -2,30 +2,34 @@
 # See the COPYRIGHT file for more information

 """
-This module contains ...
+This module contains code for handling SSH forwarding requests
 """

-import twisted
-from twisted.conch.ssh import forwarding
 from twisted.python import log
+from twisted.conch.ssh import forwarding


-def CowrieOpenConnectForwardingClient(remoteWindow, remoteMaxPacket, data, avatar):
+def cowrieOpenConnectForwardingClient(remoteWindow, remoteMaxPacket, data, avatar):
    """
+    This function will redirect an SSH forward request to a another address
+    or will log the request and do nothing
    """
    cfg = avatar.cfg
    if cfg.has_option('forward_mapping', 'ports') and \
-            cfg.get('forward_mapping', 'ports').lower() not in \
-            ('false', 'no'):
+            cfg.get('forward_mapping', 'ports').lower() in \
+            ('true', 'yes'):
        mappedPortsComma = cfg.get('forward_mapping', 'ports').split(',')
        mappedPorts = [int(x.strip()) for x in mappedPortsComma]
    else:
        mappedPorts = []
-    remoteHP, origHP = twisted.conch.ssh.forwarding.unpackOpen_direct_tcpip(data)
+
+    remoteHP, origHP = forwarding.unpackOpen_direct_tcpip(data)
+
    log.msg(eventid='cowrie.direct-tcpip.request',
-    format='direct-tcp connection request to %(dst_ip)s:%(dst_port)s from %(src_ip)s:%(src_port)s',
-            dst_ip=remoteHP[0], dst_port=remoteHP[1],
-            src_ip=origHP[0], src_port=origHP[1])
+        format='direct-tcp connection request to %(dst_ip)s:%(dst_port)s from %(src_ip)s:%(src_port)s',
+        dst_ip=remoteHP[0], dst_port=remoteHP[1],
+        src_ip=origHP[0], src_port=origHP[1])
+
    portRule = 'port_{dst_port}'.format(dst_port=remoteHP[1])
    if remoteHP[1] in mappedPorts \
            and cfg.has_option('forward_mapping', portRule):
@ -33,8 +37,8 @@ def CowrieOpenConnectForwardingClient(remoteWindow, remoteMaxPacket, data, avata
        newIp = newAddr.split(':')[0].strip()
        newPort = int(newAddr.split(':')[1].strip())
        remoteHPNew = (newIp, newPort)
-        log.msg(eventid='cowrie.direct-tcpip.request',
-            format='found custom port, forwarding to %(new_ip)s:%(new_port)s',
+        log.msg(eventid='cowrie.direct-tcpip.redirect',
+            format='found custom port, redirecting to %(new_ip)s:%(new_port)s',
                 new_ip=newIp, new_port=newPort)
        return forwarding.SSHConnectForwardingChannel(remoteHPNew,
            remoteWindow=remoteWindow, remoteMaxPacket=remoteMaxPacket,
@ -44,6 +48,8 @@ def CowrieOpenConnectForwardingClient(remoteWindow, remoteMaxPacket, data, avata
           remoteWindow=remoteWindow, remoteMaxPacket=remoteMaxPacket,
           avatar=avatar)

+
+
 class CowrieConnectForwardingChannel(forwarding.SSHConnectForwardingChannel):
    """
    """