aljaz/cowrie
1
0
Fork 0
mirror of https://github.com/aljazceru/cowrie.git synced 2026-01-31 12:04:24 +01:00
Code Issues Packages Projects Releases Wiki Activity

smtp forward

Browse Source
This commit is contained in:
Muzyka
2016-04-25 17:45:44 +03:00
parent f2954eae70
commit 33b3213961
3 changed files with 16 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@@ -18,6 +18,7 @@ Additional functionality over standard kippo:
* SFTP and SCP support for file upload
* Support for SSH exec commands
* Logging of direct-tcp connection attempts (ssh proxying)
* Forward SMTP connections to SMTP Honeypot (e.g. [mailoney](https://github.com/awhitehatter/mailoney))
* Logging in JSON format for easy processing in log management solutions
* Many, many additional commands

4
cowrie.cfg.dist
View File

@@ -95,7 +95,9 @@ interact_enabled = false
# (default: 5123)
interact_port = 5123
smtp_forwarding_enabled = false
smtp_forwarding_port = 12525
smtp_forwarding_host = 127.0.0.1
# ============================================================================
# Network Specific Options

15
cowrie/ssh/forwarding.py
View File

@@ -13,19 +13,28 @@ from twisted.python import log
def CowrieOpenConnectForwardingClient(remoteWindow, remoteMaxPacket, data, avatar):
"""
"""
cfg = avatar.cfg
remoteHP, origHP = twisted.conch.ssh.forwarding.unpackOpen_direct_tcpip(data)
log.msg(eventid='cowrie.direct-tcpip.request',
format='direct-tcp connection request to %(dst_ip)s:%(dst_port)s from %(src_ip)s:%(src_port)s',
dst_ip=remoteHP[0], dst_port=remoteHP[1],
src_ip=origHP[0], src_port=origHP[1])
if remoteHP[1] == 25:
if cfg.has_option('honeypot', 'smtp_forwarding_enabled') and \
cfg.get('honeypot', 'smtp_forwarding_enabled').lower() in \
('yes', 'true', 'on'):
honey_smtp = True
honey_port = int(cfg.get('honeypot', 'smtp_forwarding_port'))
honey_host = cfg.get('honeypot', 'smtp_forwarding_host')
if remoteHP[1] == 25 and honey_smtp:
log.msg(eventid='cowrie.direct-tcpip.request',format='found smtp, forwarding to local honeypot')
remoteHPLocal = ('127.0.0.1', 12525)
remoteHPLocal = (honey_host, honey_port)
return forwarding.SSHConnectForwardingChannel(remoteHPLocal,
remoteWindow=remoteWindow, remoteMaxPacket=remoteMaxPacket,
avatar=avatar)
else:
return CowrieConnectForwardingChannel(remoteHP,
pass
return CowrieConnectForwardingChannel(remoteHP,
remoteWindow=remoteWindow, remoteMaxPacket=remoteMaxPacket,
avatar=avatar)