cowrie/cowrie
1
0
Fork 0
mirror of https://github.com/cowrie/cowrie.git synced 2025-07-01 18:07:27 -04:00
Code Issues Packages Projects Releases Wiki Activity

wip

Browse Source
This commit is contained in:
Michel Oosterhof
2016-09-29 12:24:29 +04:00
parent 3437a9ea8b
commit f522e29889
1 changed files with 19 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
cowrie/output/hpfeeds.py
View File

@ -179,22 +179,26 @@ class hpclient(object):
self.unpacker.feed(d) self.unpacker.feed(d)
try: try:
for opcode, data in self.unpacker: for opcode, data in self.unpacker:
if self.debug: log.msg('hpclient msg opcode {0} data {1}'.format(opcode, data)) if self.debug: log.msg('hpclient msg opcode {0:x} data {1}'.format(opcode,
''.join('{:02x}'.format(x) for x in data)))
if opcode == OP_INFO: if opcode == OP_INFO:
name, rand = strunpack8(data) name, rand = strunpack8(data)
if self.debug: log.msg('hpclient server name {0} rand {1}'.format(name, rand)) if self.debug: log.msg('hpclient server name {0} rand {1}'.format(name,
''.join('{:02x}'.format(x) for x in rand)))
self.send(msgauth(rand, self.ident, self.secret)) self.send(msgauth(rand, self.ident, self.secret))
self.state = 'GOTINFO' self.state = 'GOTINFO'
elif opcode == OP_PUBLISH: elif opcode == OP_PUBLISH:
ident, data = strunpack8(data) ident, data = strunpack8(data)
chan, data = strunpack8(data) chan, data = strunpack8(data)
if self.debug: log.msg('publish to {0} by {1}: {2}'.format(chan, ident, data)) if self.debug:
log.msg('publish to {0} by {1}: {2}'.format(chan, ident,
''.join('{:02x}'.format(x) for x in data)))
elif opcode == OP_ERROR: elif opcode == OP_ERROR:
log.err('errormessage from server: {0}'.format(data)) log.err('errormessage from server: {0}'.format(
''.join('{:02x}'.format(x) for x in data)))
else: else:
log.err('unknown opcode message: {0}'.format(opcode)) log.err('unknown opcode message: {0:x}'.format(opcode))
except BadClient: except BadClient:
log.err('unpacker error, disconnecting.') log.err('unpacker error, disconnecting.')
self.close() self.close()
@ -274,12 +278,13 @@ class Output(cowrie.core.output.Output):
""" """
session = entry["session"] session = entry["session"]
if entry["eventid"] == 'cowrie.session.connect': if entry["eventid"] == 'cowrie.session.connect':
startTime = entry["timestamp"] self.meta[session] = {'session':session,
self.meta[session] = {'session':session, 'startTime':startTime, 'startTime': entry["timestamp"], 'endTime':'',
'endTime':'', 'peerIP': src_ip, 'peerPort': src_port, 'peerIP': entry["src_ip"], 'peerPort': entry["src_port"],
'hostIP': dst_ip, 'hostPort': dst_port, 'loggedin': None, 'hostIP': entry["dst_ip"], 'hostPort': entry["dst_port"],
'credentials':[], 'commands':[], "unknownCommands":[], 'loggedin': None, 'credentials':[], 'commands':[],
'urls':[], 'version': None, 'ttylog': None } 'unknownCommands':[], 'urls':[], 'version': None,
'ttylog': None }
elif entry["eventid"] == 'cowrie.login.success': elif entry["eventid"] == 'cowrie.login.success':
u, p = entry['username'], entry['password'] u, p = entry['username'], entry['password']
@ -307,9 +312,8 @@ class Output(cowrie.core.output.Output):
elif entry["eventid"] == 'cowrie.log.closed': elif entry["eventid"] == 'cowrie.log.closed':
# entry["ttylog"] # entry["ttylog"]
ttylog = self.ttylog(session) with open( entry["ttylog"]) as ttylog:
if ttylog: self.meta['ttylog'] = ttylog.read().encode('hex')
meta['ttylog'] = ttylog.encode('hex')
elif entry["eventid"] == 'cowrie.session.closed': elif entry["eventid"] == 'cowrie.session.closed':
log.msg('publishing metadata to hpfeeds') log.msg('publishing metadata to hpfeeds')