Add SSL Support

2025-07-01 18:07:27 -04:00 · 2015-08-30 15:49:21 +02:00
parent 60af26cf56
commit d0a2b836e6
2 changed files with 26 additions and 16 deletions
--- a/cowrie/commands/curl.py
+++ b/cowrie/commands/curl.py
@ -12,9 +12,11 @@ import getopt
 import hashlib

 from twisted.web import client
-from twisted.internet import reactor
+from twisted.internet import reactor, ssl
 from twisted.python import log

+from OpenSSL import SSL
+
 from cowrie.core.honeypot import HoneyPotCommand
 from cowrie.core.fs import *

@ -112,11 +114,7 @@ class command_curl(HoneyPotCommand):
            host = parsed.hostname
            port = parsed.port or (443 if scheme == 'https' else 80)
            path = parsed.path or '/'
-            if scheme == 'https':
-                self.writeln('Sorry, SSL not supported in this release')
-                self.exit()
-                return None
-            elif scheme != 'http':
+            if scheme != 'http' and scheme != 'https':
                raise exceptions.NotImplementedError
        except:
            self.writeln('%s: Unsupported scheme.' % (url,))
@ -132,8 +130,15 @@ class command_curl(HoneyPotCommand):
        out_addr = None
        if self.honeypot.env.cfg.has_option('honeypot', 'out_addr'):
            out_addr = (self.honeypot.env.cfg.get('honeypot', 'out_addr'), 0)
-        self.connection = reactor.connectTCP(
-            host, port, factory, bindAddress=out_addr)
+
+        if scheme == 'https':
+            contextFactory = ssl.ClientContextFactory()
+            contextFactory.method = SSL.SSLv23_METHOD
+            reactor.connectSSL(host, port, factory, contextFactory)
+        else: #can only be http
+            self.connection = reactor.connectTCP(
+                host, port, factory, bindAddress=out_addr)
+
        return factory.deferred

    def handle_CTRL_C(self):
--- a/cowrie/commands/wget.py
+++ b/cowrie/commands/wget.py
@ -10,9 +10,11 @@ import getopt
 import hashlib

 from twisted.web import client
-from twisted.internet import reactor
+from twisted.internet import reactor, ssl
 from twisted.python import log

+from OpenSSL import SSL
+
 from cowrie.core.honeypot import HoneyPotCommand
 from cowrie.core.fs import *

@ -112,11 +114,7 @@ class command_wget(HoneyPotCommand):
            host = parsed.hostname
            port = parsed.port or (443 if scheme == 'https' else 80)
            path = parsed.path or '/'
-            if scheme == 'https':
-                self.writeln('Sorry, SSL not supported in this release')
-                self.exit()
-                return None
-            elif scheme != 'http':
+            if scheme != 'http' and scheme != 'https':
                raise exceptions.NotImplementedError
        except:
            self.writeln('%s: Unsupported scheme.' % (url,))
@ -132,8 +130,15 @@ class command_wget(HoneyPotCommand):
        out_addr = None
        if self.honeypot.env.cfg.has_option('honeypot', 'out_addr'):
            out_addr = (self.honeypot.env.cfg.get('honeypot', 'out_addr'), 0)
-        self.connection = reactor.connectTCP(
-            host, port, factory, bindAddress=out_addr)
+
+	if scheme == 'https':
+            contextFactory = ssl.ClientContextFactory()
+            contextFactory.method = SSL.SSLv23_METHOD
+            reactor.connectSSL(host, port, factory, contextFactory)
+        else: #can only be http, since we raised an error above for unknown schemes
+            self.connection = reactor.connectTCP(
+                host, port, factory, bindAddress=out_addr)
+
        return factory.deferred

    def handle_CTRL_C(self):