Add SSL Support

cowrie/commands/curl.py

@@ -12,9 +12,11 @@ import getopt
 import hashlib
 
 from twisted.web import client
-from twisted.internet import reactor
+from twisted.internet import reactor, ssl
 from twisted.python import log
 
+from OpenSSL import SSL
+
 from cowrie.core.honeypot import HoneyPotCommand
 from cowrie.core.fs import *
 
@@ -112,11 +114,7 @@ class command_curl(HoneyPotCommand):
             host = parsed.hostname
             port = parsed.port or (443 if scheme == 'https' else 80)
             path = parsed.path or '/'
-            if scheme == 'https':
+            if scheme != 'http' and scheme != 'https':
-                self.writeln('Sorry, SSL not supported in this release')
-                self.exit()
-                return None
-            elif scheme != 'http':
                 raise exceptions.NotImplementedError
         except:
             self.writeln('%s: Unsupported scheme.' % (url,))
@@ -132,8 +130,15 @@ class command_curl(HoneyPotCommand):
         out_addr = None
         if self.honeypot.env.cfg.has_option('honeypot', 'out_addr'):
             out_addr = (self.honeypot.env.cfg.get('honeypot', 'out_addr'), 0)
-        self.connection = reactor.connectTCP(
+
-            host, port, factory, bindAddress=out_addr)
+        if scheme == 'https':
+            contextFactory = ssl.ClientContextFactory()
+            contextFactory.method = SSL.SSLv23_METHOD
+            reactor.connectSSL(host, port, factory, contextFactory)
+        else: #can only be http
+            self.connection = reactor.connectTCP(
+                host, port, factory, bindAddress=out_addr)
+
         return factory.deferred
 
     def handle_CTRL_C(self):

cowrie/commands/wget.py

@@ -10,9 +10,11 @@ import getopt
 import hashlib
 
 from twisted.web import client
-from twisted.internet import reactor
+from twisted.internet import reactor, ssl
 from twisted.python import log
 
+from OpenSSL import SSL
+
 from cowrie.core.honeypot import HoneyPotCommand
 from cowrie.core.fs import *
 
@@ -112,11 +114,7 @@ class command_wget(HoneyPotCommand):
             host = parsed.hostname
             port = parsed.port or (443 if scheme == 'https' else 80)
             path = parsed.path or '/'
-            if scheme == 'https':
+            if scheme != 'http' and scheme != 'https':
-                self.writeln('Sorry, SSL not supported in this release')
-                self.exit()
-                return None
-            elif scheme != 'http':
                 raise exceptions.NotImplementedError
         except:
             self.writeln('%s: Unsupported scheme.' % (url,))
@@ -132,8 +130,15 @@ class command_wget(HoneyPotCommand):
         out_addr = None
         if self.honeypot.env.cfg.has_option('honeypot', 'out_addr'):
             out_addr = (self.honeypot.env.cfg.get('honeypot', 'out_addr'), 0)
-        self.connection = reactor.connectTCP(
+
-            host, port, factory, bindAddress=out_addr)
+	if scheme == 'https':
+            contextFactory = ssl.ClientContextFactory()
+            contextFactory.method = SSL.SSLv23_METHOD
+            reactor.connectSSL(host, port, factory, contextFactory)
+        else: #can only be http, since we raised an error above for unknown schemes
+            self.connection = reactor.connectTCP(
+                host, port, factory, bindAddress=out_addr)
+
         return factory.deferred
 
     def handle_CTRL_C(self):