From 33b32139613f587abfc5d00f83f4fb3c09856a68 Mon Sep 17 00:00:00 2001
From: Muzyka <dmitriy.myz+git@livetex.ru>
Date: Mon, 25 Apr 2016 17:45:44 +0300
Subject: [PATCH] smtp forward

---
 README.md                |  1 +
 cowrie.cfg.dist          |  4 +++-
 cowrie/ssh/forwarding.py | 15 ++++++++++++---
 3 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index cd33883..171b238 100644
--- a/README.md
+++ b/README.md
@@ -18,6 +18,7 @@ Additional functionality over standard kippo:
 * SFTP and SCP support for file upload
 * Support for SSH exec commands
 * Logging of direct-tcp connection attempts (ssh proxying)
+* Forward SMTP connections to SMTP Honeypot (e.g. [mailoney](https://github.com/awhitehatter/mailoney))
 * Logging in JSON format for easy processing in log management solutions
 * Many, many additional commands
 
diff --git a/cowrie.cfg.dist b/cowrie.cfg.dist
index 45a1ede..fe145ef 100644
--- a/cowrie.cfg.dist
+++ b/cowrie.cfg.dist
@@ -95,7 +95,9 @@ interact_enabled = false
 # (default: 5123)
 interact_port = 5123
 
-
+smtp_forwarding_enabled = false
+smtp_forwarding_port = 12525
+smtp_forwarding_host = 127.0.0.1
 
 # ============================================================================
 # Network Specific Options
diff --git a/cowrie/ssh/forwarding.py b/cowrie/ssh/forwarding.py
index 56628bb..01025e2 100644
--- a/cowrie/ssh/forwarding.py
+++ b/cowrie/ssh/forwarding.py
@@ -13,19 +13,28 @@ from twisted.python import log
 def CowrieOpenConnectForwardingClient(remoteWindow, remoteMaxPacket, data, avatar):
     """
     """
+    cfg = avatar.cfg
     remoteHP, origHP = twisted.conch.ssh.forwarding.unpackOpen_direct_tcpip(data)
     log.msg(eventid='cowrie.direct-tcpip.request', 
     format='direct-tcp connection request to %(dst_ip)s:%(dst_port)s from %(src_ip)s:%(src_port)s',
             dst_ip=remoteHP[0], dst_port=remoteHP[1],
             src_ip=origHP[0], src_port=origHP[1])
-    if remoteHP[1] == 25:
+    if cfg.has_option('honeypot', 'smtp_forwarding_enabled') and \
+            cfg.get('honeypot', 'smtp_forwarding_enabled').lower() in \
+            ('yes', 'true', 'on'):
+        honey_smtp = True
+        honey_port = int(cfg.get('honeypot', 'smtp_forwarding_port'))
+        honey_host  = cfg.get('honeypot', 'smtp_forwarding_host')
+
+    if remoteHP[1] == 25 and honey_smtp:
         log.msg(eventid='cowrie.direct-tcpip.request',format='found smtp, forwarding to local honeypot')
-        remoteHPLocal = ('127.0.0.1', 12525)
+        remoteHPLocal = (honey_host, honey_port)
         return forwarding.SSHConnectForwardingChannel(remoteHPLocal,
             remoteWindow=remoteWindow, remoteMaxPacket=remoteMaxPacket,
             avatar=avatar)
     else:
-        return CowrieConnectForwardingChannel(remoteHP,
+        pass
+    return CowrieConnectForwardingChannel(remoteHP,
            remoteWindow=remoteWindow, remoteMaxPacket=remoteMaxPacket,
            avatar=avatar)