mirror of https://github.com/cowrie/cowrie.git synced 2025-07-01 18:07:27 -04:00

Files

Michel Oosterhof 0d2817a38b Fixes2 (#1802 )

* add pylint. fix variable names
* add ruff. remove twistedchecker
* update pre-commit
* update hadolint. ruff mandatory in tox
* add pyright as optional
* add coverage
* typing
* fix telnet
* fix #1757

2023-01-07 22:09:09 +08:00

__init__.py

Mypy6 (#1542 )

2021-04-18 14:03:38 +08:00

client_transport.py

tpying mostly (#1714 )

2022-05-01 00:08:34 +08:00

handler.py

Fixes2 (#1802 )

2023-01-07 22:09:09 +08:00

README.md

Add a Telnet proxy for Cowrie (#1159 )

2019-07-01 21:41:03 +04:00

server_transport.py

more typing (#1795 )

2022-12-15 11:46:15 +08:00

README.md

All username credentials, when sent to backend, have the configured username that is known to succeed (i.e. exist in the backend). When we spoof the password we decide whether the login is valid or not, and in the second case we send an invalid password, thus causing auth to fail.

Caveats in the protocol:

When username is being input (and chars are being sent to the backend), the client expects to receive their echo. In our proxy, we do the echo locally, since we don't want the backend to see our authentication (in the end we send to the backend what we want it to see). When we send the username in the end, the backend then sends the full echo of the username, which look for and ignore in the proxy.
Backspaces in authentication are sent as 0x7F from the frontend, but it expects to receive "0x08 0x08" as echo, so we also have to look for that in the proxy's handler.